| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fenster, Express Zip DemoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.07.2015, 14:48
| #1 |
 |  Fenster, Express Zip Demo Hallo ihr Lieben, habe einen Lepi mit Windows 7. seit einiger Zeit kann ich nicht mehr in die Systemsteurung, Computerverwaltung, Programme usw. es geht immer wieder das selbe Fenster auf: Express Zip Demo.  Es enthält 3 möglichkeiten: kaufen, code eingeben, Demoversion weiter verwenden. Das letzter tat ich einige mal. Doch dieses Fenster kommt immer wieder. Auch ist der Lepi sehr langsam geworden. Mein Fast Free Antivirus meldet: ich bin geschützt. Bitte seid so nett, und gebt mir einfache tipps. Lieben danke im vorhinein. Xandi |
|
17.07.2015, 14:53
| #2 |
| /// TB-Ausbilder   |  Fenster, Express Zip Demo Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
22.07.2015, 04:43
| #3 |
| /// TB-Ausbilder | Fenster, Express Zip Demo Fehlende Rückmeldung
__________________Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
22.07.2015, 17:01
| #4 |
| | Fenster, Express Zip Demo FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Alexandra (administrator) on LIABSLADELE on 22-07-2015 17:36:27
Running from C:\Users\Alexandra\Downloads
Loaded Profiles: UpdatusUser & Alexandra (Available Profiles: UpdatusUser & Alexandra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(WebToGo Mobile Internet GmbH) C:\Program Files (x86)\3DataManager\3DataManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell] explorer.exe,explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2422082488-33307941-859794934-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013-09-26]
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2422082488-33307941-859794934-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-01-06] (Microsoft Corporation)
BHO: No Name -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-06] (Microsoft Corporation)
BHO-x32: No Name -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{911A0AC8-7281-402E-B978-1C522B971556}: [NameServer] 213.94.78.16 213.94.78.17
Tcpip\..\Interfaces\{D93110B3-007B-4A4A-8BAC-33DF59D2732D}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\23cb1dac-5674-4d52-91b4-035ade58fc2f.xml [2014-02-12]
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\google-images.xml [2015-02-08]
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\google-maps.xml [2015-02-08]
FF Extension: CHIP Best Deal - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\Extensions\ciuvo-extension@chip.de.xpi [2015-03-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]
FF HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-17]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-09] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-09-26] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-11-14] (ITE )
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-09] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 17:36 - 2015-07-22 17:37 - 00016771 _____ C:\Users\Alexandra\Downloads\FRST.txt
2015-07-22 17:36 - 2015-07-22 17:36 - 00000000 ____D C:\FRST
2015-07-22 17:35 - 2015-07-22 17:35 - 02135552 _____ (Farbar) C:\Users\Alexandra\Downloads\FRST64.exe
2015-07-20 12:28 - 2015-07-20 12:28 - 00000795 _____ C:\WINDOWS\setupact.log
2015-07-20 12:28 - 2015-07-20 12:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-19 15:28 - 2015-07-22 17:33 - 01717647 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 14:44 - 2015-07-18 14:44 - 00000000 ___RD C:\Users\Alexandra\Documents\Notes
2015-07-18 14:32 - 2015-07-18 14:32 - 00001526 _____ C:\Users\Alexandra\Desktop\AdwCleaner[R3].txt
2015-07-18 14:28 - 2015-07-18 14:28 - 00030924 _____ C:\Users\Alexandra\Desktop\Log - Malware Protector 2.xml
2015-07-18 14:10 - 2015-07-22 11:30 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2015-07-18 14:10 - 2015-07-18 14:10 - 04798152 _____ (WinZip International LLC ) C:\Users\Alexandra\Downloads\wzmp_10(1).exe
2015-07-18 14:10 - 2015-07-18 14:10 - 00001201 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Nico Mak Computing
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2015-07-18 14:10 - 2013-03-15 17:10 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2015-07-18 13:25 - 2015-07-18 13:25 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(3).exe
2015-07-18 13:17 - 2015-07-18 13:17 - 00030926 _____ C:\Users\Alexandra\Desktop\log -Malware Protector.xml
2015-07-18 13:00 - 2015-07-18 14:10 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-07-18 13:00 - 2015-07-18 13:00 - 04798152 _____ (WinZip International LLC ) C:\Users\Alexandra\Downloads\wzmp_10.exe
2015-07-17 17:13 - 2015-07-17 17:13 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(2).exe
2015-07-17 17:12 - 2015-07-17 17:12 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(1).exe
2015-07-17 16:02 - 2015-07-18 14:31 - 00000000 ____D C:\AdwCleaner
2015-07-17 16:01 - 2015-07-17 16:01 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208.exe
2015-07-17 15:15 - 2015-07-17 15:15 - 01187744 _____ (Uniblue Systems Limited ) C:\Users\Alexandra\Downloads\pcmechanicpm_7880780_.exe
2015-07-17 15:14 - 2015-07-22 11:34 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74F4F432-1504-488A-8F0C-3AF8193DA34C}
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieUserList
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieSiteList
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieBrowserModeList
2015-07-17 15:10 - 2015-07-17 15:11 - 01198368 _____ C:\Users\Alexandra\Downloads\Trojan Remover - CHIP-Installer.exe
2015-07-14 18:42 - 2015-07-14 18:49 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Alexandra\Downloads\flashplayer18_ga_install.exe
2015-07-10 10:44 - 2015-07-14 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 16:57 - 2015-06-25 16:57 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-23 20:14 - 2015-07-11 11:13 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-23 20:14 - 2015-06-23 20:14 - 00000000 __SHD C:\Recovery
2015-06-23 20:13 - 2015-06-23 20:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files\MSBuild
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-23 20:09 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-06-23 20:09 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-06-23 20:08 - 2015-06-23 20:08 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-23 20:08 - 2015-06-23 20:08 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-23 20:03 - 2015-06-23 20:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-06-23 20:02 - 2015-06-23 20:02 - 00001450 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-23 20:01 - 2015-06-23 20:01 - 00000020 ___SH C:\Users\Alexandra\ntuser.ini
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Vorlagen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Dokumente und Einstellungen
2015-06-23 19:55 - 2015-06-23 19:55 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-06-23 19:44 - 2015-06-23 19:44 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-06-23 19:35 - 2015-06-23 19:35 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-23 19:30 - 2015-06-23 19:30 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-06-23 19:29 - 2015-06-23 19:45 - 00000000 ____D C:\Users\Alexandra\SkyDrive
2015-06-23 19:28 - 2015-06-23 20:01 - 00000000 ____D C:\Users\Alexandra
2015-06-23 19:28 - 2015-06-23 19:56 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2015-06-23 19:28 - 2015-06-23 19:56 - 00036198 _____ C:\WINDOWS\diagerr.xml
2015-06-23 19:28 - 2015-06-23 19:29 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-23 19:28 - 2015-06-23 19:29 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Vorlagen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Startmenü
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Netzwerkumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Lokale Einstellungen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Eigene Dateien
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Druckumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Documents\Eigene Musik
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Documents\Eigene Bilder
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Local\Verlauf
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Local\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Anwendungsdaten
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-23 19:20 - 2015-06-23 19:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-23 19:20 - 2015-06-23 19:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-06-23 19:19 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files\Intel
2015-06-23 19:19 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-06-23 19:19 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-06-23 19:18 - 2015-07-22 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 19:18 - 2015-06-28 19:27 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-06-23 19:18 - 2015-06-28 19:27 - 00000000 ____D C:\WINDOWS\system32\NV
2015-06-23 19:18 - 2015-06-23 19:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 19:18 - 2015-06-23 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-06-23 19:18 - 2015-06-23 19:18 - 00000000 ____D C:\Program Files\Realtek
2015-06-23 19:18 - 2013-10-23 10:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 03426956 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-23 19:18 - 2013-10-23 10:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-23 19:18 - 2013-10-23 10:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-23 19:17 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-23 19:17 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 17:23 - 2014-01-19 17:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-22 17:19 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-22 11:59 - 2013-09-01 23:23 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Packages
2015-07-22 11:28 - 2014-02-06 17:22 - 00001020 _____ C:\WINDOWS\Tasks\Installer for avg_safeguard.job
2015-07-22 11:27 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-21 17:24 - 2013-09-26 09:20 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\3DataManager
2015-07-21 14:18 - 2015-05-09 11:35 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-20 12:30 - 2014-11-21 05:35 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-20 12:30 - 2014-11-21 04:45 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-20 12:30 - 2014-11-21 04:45 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-18 20:04 - 2013-09-01 23:30 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2422082488-33307941-859794934-1002
2015-07-18 19:33 - 2015-03-10 20:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-07-18 14:00 - 2015-01-26 21:37 - 00000000 ____D C:\ProgramData\Samsung
2015-07-18 14:00 - 2014-01-06 15:05 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Samsung
2015-07-18 13:43 - 2015-04-05 21:16 - 00000000 ____D C:\Users\Alexandra\Documents\Benutzerdefinierte Office-Vorlagen
2015-07-18 13:42 - 2014-02-14 19:56 - 00000000 ____D C:\Users\Alexandra\Documents\Einkommenstuererklärung
2015-07-17 17:03 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-17 15:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-14 18:59 - 2014-02-14 17:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 18:56 - 2014-06-25 12:06 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Adobe
2015-07-14 18:53 - 2014-01-19 17:21 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:35 - 2013-09-03 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-27 12:29 - 2015-05-09 11:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-25 16:58 - 2012-07-26 07:26 - 00000127 _____ C:\WINDOWS\win.ini
2015-06-24 16:45 - 2015-05-20 20:14 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-06-23 20:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-23 20:13 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-23 20:01 - 2015-06-11 11:40 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-23 19:58 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-23 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-23 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows NT
2015-06-23 19:56 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-06-23 19:49 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-06-23 19:49 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-23 19:45 - 2012-11-14 10:31 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-06-23 19:38 - 2013-08-22 16:44 - 00382208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-23 19:37 - 2015-05-25 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-23 19:37 - 2015-05-21 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-23 19:37 - 2015-05-11 10:20 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-06-23 19:37 - 2015-05-11 10:20 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-06-23 19:37 - 2015-02-18 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2015-06-23 19:37 - 2015-02-02 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-23 19:37 - 2014-04-20 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-23 19:37 - 2014-02-26 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Switch
2015-06-23 19:37 - 2014-02-17 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-23 19:37 - 2013-09-26 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DataManager
2015-06-23 19:37 - 2013-09-15 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-23 19:37 - 2013-09-15 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-23 19:37 - 2013-09-03 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-23 19:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-06-23 19:37 - 2013-08-22 15:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-23 19:37 - 2012-11-14 10:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\sl
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\nl
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\it
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\da
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\hu
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\fr
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\es
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\de
2015-06-23 19:37 - 2012-07-26 11:43 - 00000000 ____D C:\WINDOWS\en-GB
2015-06-23 19:35 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-06-23 19:34 - 2013-09-03 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-06-23 19:34 - 2012-11-14 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-06-23 19:33 - 2015-01-26 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-06-23 19:33 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-23 19:33 - 2013-08-22 16:45 - 00000000 ____D C:\WINDOWS\Setup
2015-06-23 19:33 - 2012-11-14 07:04 - 00000000 ____D C:\ProgramData\PRICache
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-23 19:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-22 18:49 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
==================== Files in the root of some directories =======
2014-07-27 15:57 - 2014-07-27 15:58 - 1122704 _____ () C:\Users\Alexandra\AppData\Roaming\27072014.scr
2012-11-14 10:19 - 2012-11-14 10:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-03 15:21 - 2014-01-28 13:40 - 0001458 _____ () C:\ProgramData\hpzinstall.log
2013-11-20 12:34 - 2013-11-20 12:34 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-10-03 15:48 - 2013-10-03 15:48 - 0000032 _____ () C:\ProgramData\Temp.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-21 15:14
==================== End of log ============================
Nico Mak Computing WinZip Malware Protector Datum der Überprüfung Samstag, 18. Juli 2015 Datenbankversion 2317 Gefundene Elemente insgesamt 94 Überprüfte Objekte: 365935 Abgelaufene Zeit: 00:07:14 Name Gefundene Elemente Name der Infektion pup.optional Kategorie Potentially Unwanted Application Bedrohungsstufe High Durchgeführte Aktion NoActionTaken Elemente gefunden 1 Gefundener Bereich FileSystem Details Dateiname c:\users\alexandra\downloads\kies3setup.exe MD5 12095843207507927641 Signatur 0 Md5hash: 9dd5bd2ff675d9a92447c28ec3532d55 Name der Infektion malware.trace Kategorie Generic Malware Bedrohungsstufe High Durchgeführte Aktion NoActionTaken Elemente gefunden 93 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 17.06.2014 at 18:48:11 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 17.06.2014 at 18:48:54 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 18.06.2014 at 09:14:16 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 18.06.2014 at 09:37:32 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 18.06.2014 at 09:38:06 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 18.06.2014 at 09:38:51 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 18.06.2014 at 09:38:58 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 19.06.2014 at 09:58:29 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 20.06.2014 at 12:06:43 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 21.06.2014 at 12:39:06 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 24.06.2014 at 12:34:51 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 25.06.2014 at 11:45:42 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 26.06.2014 at 14:24:23 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 27.06.2014 at 09:09:29 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 28.06.2014 at 15:59:04 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 28.06.2014 at 20:00:30 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 29.06.2014 at 11:24:06 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 30.06.2014 at 11:51:56 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 01.07.2014 at 10:01:09 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 02.07.2014 at 09:55:44 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 03.07.2014 at 12:49:31 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 05.07.2014 at 13:07:07 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 06.07.2014 at 19:58:52 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 07.07.2014 at 11:09:45 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 07.07.2014 at 17:46:39 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 08.07.2014 at 17:27:27 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 10.07.2014 at 10:25:33 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 16.07.2014 at 09:42:20 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 23.07.2014 at 09:43:04 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 24.07.2014 at 12:04:29 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 25.07.2014 at 13:36:18 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 27.07.2014 at 13:16:57 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 28.07.2014 at 12:09:35 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 29.07.2014 at 12:21:30 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 02.08.2014 at 12:22:42 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 03.08.2014 at 11:51:53 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 04.08.2014 at 16:48:51 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 06.08.2014 at 09:38:04 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 08.08.2014 at 12:48:43 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 11.08.2014 at 11:32:54 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 12.08.2014 at 11:14:54 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 14.08.2014 at 07:21:18 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 15.08.2014 at 10:46:02 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 15.08.2014 at 19:46:22 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 16.08.2014 at 11:22:26 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 21.08.2014 at 10:41:18 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 22.08.2014 at 11:19:18 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 23.08.2014 at 10:28:14 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 24.08.2014 at 11:00:10 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 27.08.2014 at 18:38:28 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 28.08.2014 at 10:31:32 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 29.08.2014 at 11:53:24 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 30.08.2014 at 11:02:38 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 03.09.2014 at 17:43:05 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 04.09.2014 at 10:54:50 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 06.09.2014 at 20:10:53 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 07.09.2014 at 11:26:03 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 18.09.2014 at 18:05:18 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 19.09.2014 at 08:32:29 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 20.09.2014 at 10:25:35 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 21.09.2014 at 13:27:01 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 22.09.2014 at 09:44:13 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 24.09.2014 at 16:57:12 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 25.09.2014 at 09:43:54 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 28.09.2014 at 11:25:46 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 29.09.2014 at 12:13:52 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 02.10.2014 at 09:25:16 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 03.10.2014 at 12:44:21 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 04.10.2014 at 20:16:15 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 05.10.2014 at 11:39:49 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 07.10.2014 at 17:04:22 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 08.10.2014 at 18:12:46 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 12.10.2014 at 11:26:29 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 13.10.2014 at 09:17:35 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 14.10.2014 at 17:14:37 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 16.10.2014 at 12:25:07 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 17.10.2014 at 12:30:41 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 19.10.2014 at 11:49:32 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 21.10.2014 at 16:51:07 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 24.10.2014 at 11:20:47 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 25.10.2014 at 13:13:26 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 27.10.2014 at 10:52:20 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 28.10.2014 at 17:13:25 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 31.10.2014 at 11:37:25 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 02.11.2014 at 12:29:58 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 03.11.2014 at 10:32:39 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 04.11.2014 at 17:10:14 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 05.11.2014 at 17:52:30 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 06.11.2014 at 10:10:26 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 07.11.2014 at 10:38:31 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 07.11.2014 at 21:55:24 Gefundener Bereich Registry Details Registrierungsschlüssel hkey_current_user software\dc3_fexec 08.11.2014 at 10:02:30 © 2013 WinZip International LLC. All rights reserved. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 18/07/2015 um 14:30:32
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Alexandra - LIABSLADELE
# Gestarted von : C:\Users\Alexandra\Downloads\AdwCleaner_4.208(3).exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Public\Desktop\WinZip Malware Protector.lnk
Datei Gefunden : C:\WINDOWS\System32\wsusnative64.exe
Ordner Gefunden : C:\Program Files (x86)\WinZip Malware Protector
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
***** [ Geplante Tasks ] *****
Task Gefunden : WinZip Malware Protector_startup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v39.0 (x86 de)
*************************
AdwCleaner[R0].txt - [12230 Bytes] - [17/07/2015 16:02:59]
AdwCleaner[R1].txt - [900 Bytes] - [17/07/2015 17:13:44]
AdwCleaner[R2].txt - [1408 Bytes] - [18/07/2015 13:25:25]
AdwCleaner[R3].txt - [1270 Bytes] - [18/07/2015 14:30:32]
AdwCleaner[S0].txt - [9597 Bytes] - [17/07/2015 17:02:02]
AdwCleaner[S1].txt - [1467 Bytes] - [18/07/2015 13:33:16]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1447 Bytes] ##########
[/CODE] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 18/07/2015 um 14:30:32
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Alexandra - LIABSLADELE
# Gestarted von : C:\Users\Alexandra\Downloads\AdwCleaner_4.208(3).exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Public\Desktop\WinZip Malware Protector.lnk
Datei Gefunden : C:\WINDOWS\System32\wsusnative64.exe
Ordner Gefunden : C:\Program Files (x86)\WinZip Malware Protector
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
***** [ Geplante Tasks ] *****
Task Gefunden : WinZip Malware Protector_startup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v39.0 (x86 de)
*************************
AdwCleaner[R0].txt - [12230 Bytes] - [17/07/2015 16:02:59]
AdwCleaner[R1].txt - [900 Bytes] - [17/07/2015 17:13:44]
AdwCleaner[R2].txt - [1408 Bytes] - [18/07/2015 13:25:25]
AdwCleaner[R3].txt - [1270 Bytes] - [18/07/2015 14:30:32]
AdwCleaner[S0].txt - [9597 Bytes] - [17/07/2015 17:02:02]
AdwCleaner[S1].txt - [1467 Bytes] - [18/07/2015 13:33:16]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1447 Bytes] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Alexandra (administrator) on LIABSLADELE on 22-07-2015 17:36:27
Running from C:\Users\Alexandra\Downloads
Loaded Profiles: UpdatusUser & Alexandra (Available Profiles: UpdatusUser & Alexandra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(WebToGo Mobile Internet GmbH) C:\Program Files (x86)\3DataManager\3DataManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell] explorer.exe,explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2422082488-33307941-859794934-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013-09-26]
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2422082488-33307941-859794934-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-01-06] (Microsoft Corporation)
BHO: No Name -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-06] (Microsoft Corporation)
BHO-x32: No Name -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{911A0AC8-7281-402E-B978-1C522B971556}: [NameServer] 213.94.78.16 213.94.78.17
Tcpip\..\Interfaces\{D93110B3-007B-4A4A-8BAC-33DF59D2732D}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\23cb1dac-5674-4d52-91b4-035ade58fc2f.xml [2014-02-12]
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\google-images.xml [2015-02-08]
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\google-maps.xml [2015-02-08]
FF Extension: CHIP Best Deal - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\Extensions\ciuvo-extension@chip.de.xpi [2015-03-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]
FF HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-17]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-09] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-09-26] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-11-14] (ITE )
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-09] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 17:36 - 2015-07-22 17:37 - 00016771 _____ C:\Users\Alexandra\Downloads\FRST.txt
2015-07-22 17:36 - 2015-07-22 17:36 - 00000000 ____D C:\FRST
2015-07-22 17:35 - 2015-07-22 17:35 - 02135552 _____ (Farbar) C:\Users\Alexandra\Downloads\FRST64.exe
2015-07-20 12:28 - 2015-07-20 12:28 - 00000795 _____ C:\WINDOWS\setupact.log
2015-07-20 12:28 - 2015-07-20 12:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-19 15:28 - 2015-07-22 17:33 - 01717647 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 14:44 - 2015-07-18 14:44 - 00000000 ___RD C:\Users\Alexandra\Documents\Notes
2015-07-18 14:32 - 2015-07-18 14:32 - 00001526 _____ C:\Users\Alexandra\Desktop\AdwCleaner[R3].txt
2015-07-18 14:28 - 2015-07-18 14:28 - 00030924 _____ C:\Users\Alexandra\Desktop\Log - Malware Protector 2.xml
2015-07-18 14:10 - 2015-07-22 11:30 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2015-07-18 14:10 - 2015-07-18 14:10 - 04798152 _____ (WinZip International LLC ) C:\Users\Alexandra\Downloads\wzmp_10(1).exe
2015-07-18 14:10 - 2015-07-18 14:10 - 00001201 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Nico Mak Computing
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2015-07-18 14:10 - 2013-03-15 17:10 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2015-07-18 13:25 - 2015-07-18 13:25 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(3).exe
2015-07-18 13:17 - 2015-07-18 13:17 - 00030926 _____ C:\Users\Alexandra\Desktop\log -Malware Protector.xml
2015-07-18 13:00 - 2015-07-18 14:10 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-07-18 13:00 - 2015-07-18 13:00 - 04798152 _____ (WinZip International LLC ) C:\Users\Alexandra\Downloads\wzmp_10.exe
2015-07-17 17:13 - 2015-07-17 17:13 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(2).exe
2015-07-17 17:12 - 2015-07-17 17:12 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(1).exe
2015-07-17 16:02 - 2015-07-18 14:31 - 00000000 ____D C:\AdwCleaner
2015-07-17 16:01 - 2015-07-17 16:01 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208.exe
2015-07-17 15:15 - 2015-07-17 15:15 - 01187744 _____ (Uniblue Systems Limited ) C:\Users\Alexandra\Downloads\pcmechanicpm_7880780_.exe
2015-07-17 15:14 - 2015-07-22 11:34 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74F4F432-1504-488A-8F0C-3AF8193DA34C}
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieUserList
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieSiteList
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieBrowserModeList
2015-07-17 15:10 - 2015-07-17 15:11 - 01198368 _____ C:\Users\Alexandra\Downloads\Trojan Remover - CHIP-Installer.exe
2015-07-14 18:42 - 2015-07-14 18:49 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Alexandra\Downloads\flashplayer18_ga_install.exe
2015-07-10 10:44 - 2015-07-14 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 16:57 - 2015-06-25 16:57 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-23 20:14 - 2015-07-11 11:13 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-23 20:14 - 2015-06-23 20:14 - 00000000 __SHD C:\Recovery
2015-06-23 20:13 - 2015-06-23 20:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files\MSBuild
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-23 20:09 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-06-23 20:09 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-06-23 20:08 - 2015-06-23 20:08 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-23 20:08 - 2015-06-23 20:08 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-23 20:03 - 2015-06-23 20:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-06-23 20:02 - 2015-06-23 20:02 - 00001450 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-23 20:01 - 2015-06-23 20:01 - 00000020 ___SH C:\Users\Alexandra\ntuser.ini
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Vorlagen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Dokumente und Einstellungen
2015-06-23 19:55 - 2015-06-23 19:55 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-06-23 19:44 - 2015-06-23 19:44 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-06-23 19:35 - 2015-06-23 19:35 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-23 19:30 - 2015-06-23 19:30 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-06-23 19:29 - 2015-06-23 19:45 - 00000000 ____D C:\Users\Alexandra\SkyDrive
2015-06-23 19:28 - 2015-06-23 20:01 - 00000000 ____D C:\Users\Alexandra
2015-06-23 19:28 - 2015-06-23 19:56 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2015-06-23 19:28 - 2015-06-23 19:56 - 00036198 _____ C:\WINDOWS\diagerr.xml
2015-06-23 19:28 - 2015-06-23 19:29 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-23 19:28 - 2015-06-23 19:29 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Vorlagen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Startmenü
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Netzwerkumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Lokale Einstellungen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Eigene Dateien
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Druckumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Documents\Eigene Musik
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Documents\Eigene Bilder
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Local\Verlauf
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Local\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Anwendungsdaten
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-23 19:20 - 2015-06-23 19:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-23 19:20 - 2015-06-23 19:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-06-23 19:19 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files\Intel
2015-06-23 19:19 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-06-23 19:19 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-06-23 19:18 - 2015-07-22 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 19:18 - 2015-06-28 19:27 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-06-23 19:18 - 2015-06-28 19:27 - 00000000 ____D C:\WINDOWS\system32\NV
2015-06-23 19:18 - 2015-06-23 19:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 19:18 - 2015-06-23 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-06-23 19:18 - 2015-06-23 19:18 - 00000000 ____D C:\Program Files\Realtek
2015-06-23 19:18 - 2013-10-23 10:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 03426956 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-23 19:18 - 2013-10-23 10:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-23 19:18 - 2013-10-23 10:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-23 19:17 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-23 19:17 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 17:23 - 2014-01-19 17:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-22 17:19 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-22 11:59 - 2013-09-01 23:23 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Packages
2015-07-22 11:28 - 2014-02-06 17:22 - 00001020 _____ C:\WINDOWS\Tasks\Installer for avg_safeguard.job
2015-07-22 11:27 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-21 17:24 - 2013-09-26 09:20 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\3DataManager
2015-07-21 14:18 - 2015-05-09 11:35 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-20 12:30 - 2014-11-21 05:35 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-20 12:30 - 2014-11-21 04:45 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-20 12:30 - 2014-11-21 04:45 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-18 20:04 - 2013-09-01 23:30 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2422082488-33307941-859794934-1002
2015-07-18 19:33 - 2015-03-10 20:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-07-18 14:00 - 2015-01-26 21:37 - 00000000 ____D C:\ProgramData\Samsung
2015-07-18 14:00 - 2014-01-06 15:05 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Samsung
2015-07-18 13:43 - 2015-04-05 21:16 - 00000000 ____D C:\Users\Alexandra\Documents\Benutzerdefinierte Office-Vorlagen
2015-07-18 13:42 - 2014-02-14 19:56 - 00000000 ____D C:\Users\Alexandra\Documents\Einkommenstuererklärung
2015-07-17 17:03 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-17 15:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-14 18:59 - 2014-02-14 17:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 18:56 - 2014-06-25 12:06 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Adobe
2015-07-14 18:53 - 2014-01-19 17:21 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:35 - 2013-09-03 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-27 12:29 - 2015-05-09 11:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-25 16:58 - 2012-07-26 07:26 - 00000127 _____ C:\WINDOWS\win.ini
2015-06-24 16:45 - 2015-05-20 20:14 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-06-23 20:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-23 20:13 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-23 20:01 - 2015-06-11 11:40 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-23 19:58 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-23 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-23 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows NT
2015-06-23 19:56 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-06-23 19:49 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-06-23 19:49 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-23 19:45 - 2012-11-14 10:31 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-06-23 19:38 - 2013-08-22 16:44 - 00382208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-23 19:37 - 2015-05-25 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-23 19:37 - 2015-05-21 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-23 19:37 - 2015-05-11 10:20 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-06-23 19:37 - 2015-05-11 10:20 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-06-23 19:37 - 2015-02-18 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2015-06-23 19:37 - 2015-02-02 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-23 19:37 - 2014-04-20 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-23 19:37 - 2014-02-26 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Switch
2015-06-23 19:37 - 2014-02-17 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-23 19:37 - 2013-09-26 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DataManager
2015-06-23 19:37 - 2013-09-15 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-23 19:37 - 2013-09-15 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-23 19:37 - 2013-09-03 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-23 19:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-06-23 19:37 - 2013-08-22 15:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-23 19:37 - 2012-11-14 10:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\sl
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\nl
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\it
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\da
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\hu
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\fr
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\es
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\de
2015-06-23 19:37 - 2012-07-26 11:43 - 00000000 ____D C:\WINDOWS\en-GB
2015-06-23 19:35 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-06-23 19:34 - 2013-09-03 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-06-23 19:34 - 2012-11-14 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-06-23 19:33 - 2015-01-26 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-06-23 19:33 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-23 19:33 - 2013-08-22 16:45 - 00000000 ____D C:\WINDOWS\Setup
2015-06-23 19:33 - 2012-11-14 07:04 - 00000000 ____D C:\ProgramData\PRICache
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-23 19:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-22 18:49 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
==================== Files in the root of some directories =======
2014-07-27 15:57 - 2014-07-27 15:58 - 1122704 _____ () C:\Users\Alexandra\AppData\Roaming\27072014.scr
2012-11-14 10:19 - 2012-11-14 10:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-03 15:21 - 2014-01-28 13:40 - 0001458 _____ () C:\ProgramData\hpzinstall.log
2013-11-20 12:34 - 2013-11-20 12:34 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-10-03 15:48 - 2013-10-03 15:48 - 0000032 _____ () C:\ProgramData\Temp.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-21 15:14
==================== End of log ============================
|
|
22.07.2015, 17:03
| #5 |
| | Fenster, Express Zip DemoCode:
ATTFilter 17:45:01.0175 0x0608 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:45:01.0175 0x0608 UEFI system
17:45:10.0010 0x0608 ============================================================
17:45:10.0010 0x0608 Current date / time: 2015/07/22 17:45:10.0010
17:45:10.0010 0x0608 SystemInfo:
17:45:10.0010 0x0608
17:45:10.0010 0x0608 OS Version: 6.3.9600 ServicePack: 0.0
17:45:10.0010 0x0608 Product type: Workstation
17:45:10.0010 0x0608 ComputerName: LIABSLADELE
17:45:10.0010 0x0608 UserName: Alexandra
17:45:10.0010 0x0608 Windows directory: C:\WINDOWS
17:45:10.0010 0x0608 System windows directory: C:\WINDOWS
17:45:10.0010 0x0608 Running under WOW64
17:45:10.0010 0x0608 Processor architecture: Intel x64
17:45:10.0010 0x0608 Number of processors: 4
17:45:10.0010 0x0608 Page size: 0x1000
17:45:10.0010 0x0608 Boot type: Normal boot
17:45:10.0011 0x0608 ============================================================
17:45:10.0551 0x0608 KLMD registered as C:\WINDOWS\system32\drivers\54677968.sys
17:45:12.0285 0x0608 System UUID: {5B38D464-B5E2-7B3E-7A6A-44134EE08677}
17:45:12.0772 0x0608 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:45:12.0780 0x0608 ============================================================
17:45:12.0780 0x0608 \Device\Harddisk0\DR0:
17:45:12.0780 0x0608 GPT partitions:
17:45:12.0780 0x0608 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {83AFE40B-EA61-4FF4-9F42-B8B05B6D85E2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800
17:45:12.0780 0x0608 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3798CDB7-2557-433D-8CC7-7F8FB9DAFBC3}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x32000
17:45:12.0780 0x0608 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {89414895-50F3-4BB7-B419-5F4269135FB4}, Name: Microsoft reserved partition, StartLBA 0x12C000, BlocksNum 0x40000
17:45:12.0781 0x0608 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {A8FA594A-3D03-41C3-8AB7-2A366A43391A}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000
17:45:12.0781 0x0608 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E1BD3005-AB8C-4FDA-8755-6A39F660332D}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x6CAB8000
17:45:12.0781 0x0608 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {724199AA-99B8-4FCB-B1A7-A3E1EB08EC18}, Name: , StartLBA 0x6CE24000, BlocksNum 0xE2000
17:45:12.0781 0x0608 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A8E48384-2DAB-46A3-87A3-D5695F9215E4}, Name: Basic data partition, StartLBA 0x6CF06000, BlocksNum 0x77FE000
17:45:12.0781 0x0608 MBR partitions:
17:45:12.0781 0x0608 ============================================================
17:45:12.0802 0x0608 C: <-> \Device\Harddisk0\DR0\Partition5
17:45:12.0858 0x0608 D: <-> \Device\Harddisk0\DR0\Partition7
17:45:12.0858 0x0608 ============================================================
17:45:12.0858 0x0608 Initialize success
17:45:12.0858 0x0608 ============================================================
17:45:49.0018 0x1570 ============================================================
17:45:49.0018 0x1570 Scan started
17:45:49.0018 0x1570 Mode: Manual;
17:45:49.0018 0x1570 ============================================================
17:45:49.0018 0x1570 KSN ping started
17:45:49.0275 0x1570 KSN ping finished: true
17:45:51.0785 0x1570 ================ Scan system memory ========================
17:45:51.0785 0x1570 System memory - ok
17:45:51.0787 0x1570 ================ Scan services =============================
17:45:52.0026 0x1570 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
17:45:52.0031 0x1570 1394ohci - ok
17:45:52.0116 0x1570 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
17:45:52.0119 0x1570 3ware - ok
17:45:52.0212 0x1570 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
17:45:52.0231 0x1570 ACPI - ok
17:45:52.0252 0x1570 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
17:45:52.0254 0x1570 acpiex - ok
17:45:52.0274 0x1570 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
17:45:52.0275 0x1570 acpipagr - ok
17:45:52.0311 0x1570 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
17:45:52.0312 0x1570 AcpiPmi - ok
17:45:52.0389 0x1570 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
17:45:52.0390 0x1570 acpitime - ok
17:45:52.0492 0x1570 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:45:52.0494 0x1570 AdobeARMservice - ok
17:45:52.0644 0x1570 [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:52.0650 0x1570 AdobeFlashPlayerUpdateSvc - ok
17:45:52.0709 0x1570 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
17:45:52.0725 0x1570 ADP80XX - ok
17:45:52.0763 0x1570 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
17:45:52.0768 0x1570 AeLookupSvc - ok
17:45:52.0850 0x1570 [ 0D0E5281784C2C526BA43C2ECD374288, BE4B16E08A96A24BEB904A2216A538340FD91A11E0CAB43BF8788C35DAD2D2B5 ] Afc C:\WINDOWS\syswow64\drivers\Afc.sys
17:45:52.0853 0x1570 Afc - ok
17:45:52.0911 0x1570 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
17:45:52.0926 0x1570 AFD - ok
17:45:52.0949 0x1570 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
17:45:52.0951 0x1570 agp440 - ok
17:45:52.0968 0x1570 [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
17:45:52.0970 0x1570 ahcache - ok
17:45:53.0010 0x1570 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
17:45:53.0012 0x1570 ALG - ok
17:45:53.0040 0x1570 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
17:45:53.0042 0x1570 AmdK8 - ok
17:45:53.0078 0x1570 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
17:45:53.0081 0x1570 AmdPPM - ok
17:45:53.0104 0x1570 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
17:45:53.0106 0x1570 amdsata - ok
17:45:53.0139 0x1570 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
17:45:53.0144 0x1570 amdsbs - ok
17:45:53.0163 0x1570 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
17:45:53.0164 0x1570 amdxata - ok
17:45:53.0257 0x1570 [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5, F0121EACB6060DF1F6C5F79C15D5B483F301EF85B3C79F67806520BE9CEE398E ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys
17:45:53.0261 0x1570 AMPPAL - ok
17:45:53.0291 0x1570 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
17:45:53.0293 0x1570 AppID - ok
17:45:53.0335 0x1570 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
17:45:53.0337 0x1570 AppIDSvc - ok
17:45:53.0367 0x1570 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
17:45:53.0371 0x1570 Appinfo - ok
17:45:53.0399 0x1570 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
17:45:53.0411 0x1570 AppReadiness - ok
17:45:53.0477 0x1570 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
17:45:53.0505 0x1570 AppXSvc - ok
17:45:53.0534 0x1570 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
17:45:53.0536 0x1570 arcsas - ok
17:45:53.0578 0x1570 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
17:45:53.0579 0x1570 aswHwid - ok
17:45:53.0591 0x1570 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
17:45:53.0594 0x1570 aswMonFlt - ok
17:45:53.0628 0x1570 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys
17:45:53.0631 0x1570 aswRdr - ok
17:45:53.0644 0x1570 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
17:45:53.0645 0x1570 aswRvrt - ok
17:45:53.0703 0x1570 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:45:53.0724 0x1570 aswSnx - ok
17:45:53.0763 0x1570 [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:45:53.0773 0x1570 aswSP - ok
17:45:53.0800 0x1570 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys
17:45:53.0803 0x1570 aswStm - ok
17:45:53.0827 0x1570 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
17:45:53.0834 0x1570 aswVmm - ok
17:45:53.0871 0x1570 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
17:45:53.0872 0x1570 atapi - ok
17:45:53.0908 0x1570 [ CAC8CD93EF239AA68D92AEB5C17FDA8A, 48CA6135868A2351BBD48F2AC8622A7654B83AFD0661B266B684B19113B7D5D5 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
17:45:53.0915 0x1570 AudioEndpointBuilder - ok
17:45:53.0955 0x1570 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
17:45:53.0973 0x1570 Audiosrv - ok
17:45:54.0043 0x1570 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:45:54.0050 0x1570 avast! Antivirus - ok
17:45:54.0213 0x1570 [ 46C430FE178028F7AD151B62EBA3EEC5, C883B7A974A629549470B28532640C1FD2166CC4F95C69E4C4A1596AF5A5A331 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
17:45:54.0313 0x1570 AvastVBoxSvc - ok
17:45:54.0349 0x1570 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
17:45:54.0353 0x1570 AxInstSV - ok
17:45:54.0397 0x1570 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
17:45:54.0408 0x1570 b06bdrv - ok
17:45:54.0434 0x1570 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
17:45:54.0435 0x1570 BasicDisplay - ok
17:45:54.0448 0x1570 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
17:45:54.0450 0x1570 BasicRender - ok
17:45:54.0476 0x1570 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
17:45:54.0477 0x1570 bcmfn2 - ok
17:45:54.0500 0x1570 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
17:45:54.0509 0x1570 BDESVC - ok
17:45:54.0545 0x1570 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:45:54.0545 0x1570 Beep - ok
17:45:54.0590 0x1570 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
17:45:54.0608 0x1570 BFE - ok
17:45:54.0660 0x1570 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
17:45:54.0680 0x1570 BITS - ok
17:45:54.0708 0x1570 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
17:45:54.0711 0x1570 bowser - ok
17:45:54.0744 0x1570 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
17:45:54.0751 0x1570 BrokerInfrastructure - ok
17:45:54.0770 0x1570 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
17:45:54.0774 0x1570 Browser - ok
17:45:54.0814 0x1570 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
17:45:54.0815 0x1570 BthAvrcpTg - ok
17:45:54.0852 0x1570 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:45:54.0854 0x1570 BthEnum - ok
17:45:54.0861 0x1570 [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
17:45:54.0862 0x1570 BthHFEnum - ok
17:45:54.0869 0x1570 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
17:45:54.0870 0x1570 bthhfhid - ok
17:45:54.0893 0x1570 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
17:45:54.0901 0x1570 BthHFSrv - ok
17:45:54.0921 0x1570 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
17:45:54.0924 0x1570 BTHMODEM - ok
17:45:54.0945 0x1570 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:45:54.0948 0x1570 BthPan - ok
17:45:55.0009 0x1570 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
17:45:55.0037 0x1570 BTHPORT - ok
17:45:55.0060 0x1570 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
17:45:55.0063 0x1570 bthserv - ok
17:45:55.0096 0x1570 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
17:45:55.0098 0x1570 BTHUSB - ok
17:45:55.0243 0x1570 [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
17:45:55.0271 0x1570 c2cautoupdatesvc - ok
17:45:55.0336 0x1570 [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
17:45:55.0371 0x1570 c2cpnrsvc - ok
17:45:55.0407 0x1570 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
17:45:55.0409 0x1570 cdfs - ok
17:45:55.0427 0x1570 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
17:45:55.0430 0x1570 cdrom - ok
17:45:55.0463 0x1570 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
17:45:55.0468 0x1570 CertPropSvc - ok
17:45:55.0492 0x1570 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
17:45:55.0493 0x1570 circlass - ok
17:45:55.0523 0x1570 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
17:45:55.0534 0x1570 CLFS - ok
17:45:55.0657 0x1570 [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
17:45:55.0705 0x1570 ClickToRunSvc - ok
17:45:55.0754 0x1570 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
17:45:55.0755 0x1570 CmBatt - ok
17:45:55.0786 0x1570 [ 114AAF528D3D87D306F3682E618E8091, A030AC04AF042F8F4BB95A9CE2B442D31432C4EEE60502279F169B0FA2E52AAB ] CNG C:\WINDOWS\system32\Drivers\cng.sys
17:45:55.0799 0x1570 CNG - ok
17:45:55.0815 0x1570 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
17:45:55.0817 0x1570 CompositeBus - ok
17:45:55.0821 0x1570 COMSysApp - ok
17:45:55.0837 0x1570 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
17:45:55.0838 0x1570 condrv - ok
17:45:55.0928 0x1570 [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
17:45:55.0935 0x1570 cphs - ok
17:45:55.0985 0x1570 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
17:45:55.0993 0x1570 CryptSvc - ok
17:45:56.0030 0x1570 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
17:45:56.0034 0x1570 dam - ok
17:45:56.0073 0x1570 [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d C:\WINDOWS\System32\drivers\dc3d.sys
17:45:56.0076 0x1570 dc3d - ok
17:45:56.0147 0x1570 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:45:56.0169 0x1570 DcomLaunch - ok
17:45:56.0207 0x1570 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
17:45:56.0218 0x1570 defragsvc - ok
17:45:56.0263 0x1570 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
17:45:56.0273 0x1570 DeviceAssociationService - ok
17:45:56.0288 0x1570 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
17:45:56.0295 0x1570 DeviceInstall - ok
17:45:56.0329 0x1570 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
17:45:56.0332 0x1570 Dfsc - ok
17:45:56.0359 0x1570 [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
17:45:56.0362 0x1570 dg_ssudbus - ok
17:45:56.0383 0x1570 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
17:45:56.0392 0x1570 Dhcp - ok
17:45:56.0413 0x1570 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
17:45:56.0416 0x1570 disk - ok
17:45:56.0428 0x1570 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
17:45:56.0430 0x1570 dmvsc - ok
17:45:56.0457 0x1570 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:45:56.0464 0x1570 Dnscache - ok
17:45:56.0517 0x1570 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
17:45:56.0524 0x1570 dot3svc - ok
17:45:56.0564 0x1570 [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:45:56.0568 0x1570 dot4 - ok
17:45:56.0580 0x1570 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\WINDOWS\System32\drivers\Dot4Prt.sys
17:45:56.0582 0x1570 Dot4Print - ok
17:45:56.0588 0x1570 [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:45:56.0590 0x1570 dot4usb - ok
17:45:56.0630 0x1570 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
17:45:56.0636 0x1570 DPS - ok
17:45:56.0676 0x1570 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:45:56.0677 0x1570 drmkaud - ok
17:45:56.0726 0x1570 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
17:45:56.0731 0x1570 DsmSvc - ok
17:45:56.0812 0x1570 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
17:45:56.0845 0x1570 DXGKrnl - ok
17:45:56.0880 0x1570 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
17:45:56.0883 0x1570 Eaphost - ok
17:45:56.0998 0x1570 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
17:45:57.0066 0x1570 ebdrv - ok
17:45:57.0097 0x1570 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
17:45:57.0101 0x1570 EFS - ok
17:45:57.0137 0x1570 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
17:45:57.0139 0x1570 EhStorClass - ok
17:45:57.0156 0x1570 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
17:45:57.0159 0x1570 EhStorTcgDrv - ok
17:45:57.0183 0x1570 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
17:45:57.0184 0x1570 ErrDev - ok
17:45:57.0234 0x1570 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
17:45:57.0247 0x1570 EventSystem - ok
17:45:57.0274 0x1570 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
17:45:57.0277 0x1570 ew_hwusbdev - ok
17:45:57.0304 0x1570 [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
17:45:57.0305 0x1570 ew_usbenumfilter - ok
17:45:57.0332 0x1570 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
17:45:57.0337 0x1570 exfat - ok
17:45:57.0346 0x1570 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
17:45:57.0350 0x1570 fastfat - ok
17:45:57.0408 0x1570 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
17:45:57.0422 0x1570 Fax - ok
17:45:57.0443 0x1570 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
17:45:57.0445 0x1570 fdc - ok
17:45:57.0472 0x1570 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
17:45:57.0475 0x1570 fdPHost - ok
17:45:57.0494 0x1570 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
17:45:57.0497 0x1570 FDResPub - ok
17:45:57.0515 0x1570 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
17:45:57.0519 0x1570 fhsvc - ok
17:45:57.0554 0x1570 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
17:45:57.0557 0x1570 FileInfo - ok
17:45:57.0576 0x1570 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
17:45:57.0577 0x1570 Filetrace - ok
17:45:57.0594 0x1570 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
17:45:57.0596 0x1570 flpydisk - ok
17:45:57.0617 0x1570 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:45:57.0626 0x1570 FltMgr - ok
17:45:57.0723 0x1570 [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache C:\WINDOWS\system32\FntCache.dll
17:45:57.0754 0x1570 FontCache - ok
17:45:57.0855 0x1570 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:45:57.0857 0x1570 FontCache3.0.0.0 - ok
17:45:57.0873 0x1570 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
17:45:57.0875 0x1570 FsDepends - ok
17:45:57.0888 0x1570 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:45:57.0890 0x1570 Fs_Rec - ok
17:45:57.0937 0x1570 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
17:45:57.0948 0x1570 fvevol - ok
17:45:57.0974 0x1570 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
17:45:57.0975 0x1570 FxPPM - ok
17:45:57.0996 0x1570 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
17:45:57.0998 0x1570 gagp30kx - ok
17:45:58.0035 0x1570 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
17:45:58.0036 0x1570 gencounter - ok
17:45:58.0150 0x1570 [ 9162ECA694162A77679950CF2E27D3C1, 7EADEDE34A8E7458D2DDEE294D0789E9FD1EE822AB627D7E4ECAEDDD5D3EE81D ] GFNEXSrv C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
17:45:58.0168 0x1570 GFNEXSrv - ok
17:45:58.0210 0x1570 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
17:45:58.0214 0x1570 GPIOClx0101 - ok
17:45:58.0277 0x1570 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
17:45:58.0308 0x1570 gpsvc - ok
17:45:58.0334 0x1570 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
17:45:58.0342 0x1570 HdAudAddService - ok
17:45:58.0357 0x1570 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
17:45:58.0361 0x1570 HDAudBus - ok
17:45:58.0387 0x1570 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
17:45:58.0389 0x1570 HidBatt - ok
17:45:58.0458 0x1570 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
17:45:58.0461 0x1570 HidBth - ok
17:45:58.0494 0x1570 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
17:45:58.0495 0x1570 hidi2c - ok
17:45:58.0500 0x1570 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
17:45:58.0501 0x1570 HidIr - ok
17:45:58.0530 0x1570 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
17:45:58.0533 0x1570 hidserv - ok
17:45:58.0547 0x1570 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
17:45:58.0549 0x1570 HidUsb - ok
17:45:58.0587 0x1570 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
17:45:58.0593 0x1570 hkmsvc - ok
17:45:58.0633 0x1570 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
17:45:58.0640 0x1570 HomeGroupListener - ok
17:45:58.0682 0x1570 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
17:45:58.0694 0x1570 HomeGroupProvider - ok
17:45:58.0793 0x1570 [ 0D0213498683414DDE29B1686A4C08D5, E9B64406C04B6E55CBD17E7C47B023CEA11FEE07B791154129D6F4F29D15AB7F ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:45:58.0800 0x1570 hpqcxs08 - ok
17:45:58.0837 0x1570 [ EE281DD6843F3F697C1AD7933EEB1E9B, 1ECE31C2150B92DDC1DCBBCECFE3E979F2C60B3F106280E3167BEC0269BF7A41 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:45:58.0840 0x1570 hpqddsvc - ok
17:45:58.0863 0x1570 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
17:45:58.0864 0x1570 HpSAMD - ok
17:45:58.0905 0x1570 [ C995EA1C6915D897E06D41AF95B9312C, 65DE6599F1C735BBDCCE4728F7F98167BCA0BF1B8D4218BBF7546B025C9A38BD ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:45:58.0925 0x1570 HPSLPSVC - ok
17:45:58.0982 0x1570 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
17:45:59.0000 0x1570 HTTP - ok
17:45:59.0036 0x1570 [ 8F3C72B2B005BB9AF90D645EDDF818B8, 37D861D8848CA75B14F647A3FFF80E132E0DCD4709FE3A6E16EB99A5DCDBF5B4 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
17:45:59.0038 0x1570 huawei_cdcacm - ok
17:45:59.0054 0x1570 [ DDBB283835010E52E88AAC6995B617D7, 00BDD20B4C8DAEB1FCF545E453A09B473F19A99D1368DF8F63F0FA549766E466 ] huawei_enumerator C:\WINDOWS\System32\drivers\ew_jubusenum.sys
17:45:59.0056 0x1570 huawei_enumerator - ok
17:45:59.0067 0x1570 [ 83D6CD158B6D543BD6C61D5FA6063E93, 01C3402A96EF9EBDE81A26CB2DA4268E594693426A894A4D53F6284220B2C7F5 ] huawei_ext_ctrl C:\WINDOWS\System32\drivers\ew_juextctrl.sys
17:45:59.0068 0x1570 huawei_ext_ctrl - ok
17:45:59.0090 0x1570 [ F0A1A00F44FBAB86A3607A7002620915, 7BC6578A06EE255E4CBC3C937D64EF3F4BEE2DB7700A73F5F59423FA2AE5B56F ] huawei_wwanecm C:\WINDOWS\system32\DRIVERS\ew_juwwanecm.sys
17:45:59.0094 0x1570 huawei_wwanecm - ok
17:45:59.0117 0x1570 [ 24FA6177FE55C4BC045EC87E39F90688, 14B6EF152CE5293BB549A8FA069BEBC34C8C6B9796A6AA94B0AB6ADBEC3819C1 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
17:45:59.0122 0x1570 hwdatacard - ok
17:45:59.0151 0x1570 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
17:45:59.0152 0x1570 hwpolicy - ok
17:45:59.0187 0x1570 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
17:45:59.0187 0x1570 hyperkbd - ok
17:45:59.0192 0x1570 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
17:45:59.0193 0x1570 HyperVideo - ok
17:45:59.0217 0x1570 [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
17:45:59.0220 0x1570 i8042prt - ok
17:45:59.0247 0x1570 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
17:45:59.0248 0x1570 iaLPSSi_GPIO - ok
17:45:59.0258 0x1570 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
17:45:59.0261 0x1570 iaLPSSi_I2C - ok
17:45:59.0325 0x1570 [ 6C91E425ACE29594BD574DE38AC9B76D, 697784E4C7AF08B1F35662D8AD871E6890CECE22B6E64985B7C1A66C10DA390D ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
17:45:59.0349 0x1570 iaStorA - ok
17:45:59.0397 0x1570 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
17:45:59.0411 0x1570 iaStorAV - ok
17:45:59.0497 0x1570 [ 0AB254994A460550258446950BB58311, BD10811912680DD3B814B7D1303785C996D892C79108110A2257E9BD0C28245C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:45:59.0499 0x1570 IAStorDataMgrSvc - ok
17:45:59.0522 0x1570 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
17:45:59.0533 0x1570 iaStorV - ok
17:45:59.0538 0x1570 IEEtwCollectorService - ok
17:45:59.0698 0x1570 [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
17:45:59.0768 0x1570 igfx - ok
17:45:59.0815 0x1570 [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
17:45:59.0827 0x1570 igfxCUIService1.0.0.0 - ok
17:45:59.0892 0x1570 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
17:45:59.0913 0x1570 IKEEXT - ok
17:45:59.0951 0x1570 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
17:45:59.0953 0x1570 intaud_WaveExtensible - ok
17:46:00.0133 0x1570 [ 900A45658DCB6BAE1003764991BB5FAB, 125D048024946C13643E8D6E719687F31CD0EB10591C5AFA1AE0FD9EB7216816 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:46:00.0209 0x1570 IntcAzAudAddService - ok
17:46:00.0324 0x1570 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:46:00.0340 0x1570 Intel(R) Capability Licensing Service Interface - ok
17:46:00.0381 0x1570 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
17:46:00.0383 0x1570 intelide - ok
17:46:00.0418 0x1570 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
17:46:00.0420 0x1570 intelpep - ok
17:46:00.0434 0x1570 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
17:46:00.0437 0x1570 intelppm - ok
17:46:00.0468 0x1570 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:46:00.0470 0x1570 IpFilterDriver - ok
17:46:00.0541 0x1570 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
17:46:00.0566 0x1570 iphlpsvc - ok
17:46:00.0597 0x1570 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
17:46:00.0599 0x1570 IPMIDRV - ok
17:46:00.0607 0x1570 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
17:46:00.0610 0x1570 IPNAT - ok
17:46:00.0637 0x1570 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
17:46:00.0638 0x1570 IRENUM - ok
17:46:00.0672 0x1570 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
17:46:00.0674 0x1570 isapnp - ok
17:46:00.0702 0x1570 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
17:46:00.0708 0x1570 iScsiPrt - ok
17:46:00.0737 0x1570 [ 492F2DF02CD817CE8D544F96097BD77A, 6EF37BD62A49C9F55845A56498A93A26C109BEC2EBCB65A49908BECEC6FC6371 ] IT9135BDA C:\WINDOWS\System32\Drivers\IT9135BDA.sys
17:46:00.0742 0x1570 IT9135BDA - ok
17:46:00.0771 0x1570 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
17:46:00.0772 0x1570 iwdbus - ok
17:46:00.0834 0x1570 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:46:00.0838 0x1570 jhi_service - ok
17:46:00.0852 0x1570 [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
17:46:00.0855 0x1570 kbdclass - ok
17:46:00.0866 0x1570 [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
17:46:00.0868 0x1570 kbdhid - ok
17:46:00.0878 0x1570 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
17:46:00.0880 0x1570 kdnic - ok
17:46:00.0892 0x1570 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
17:46:00.0897 0x1570 KeyIso - ok
17:46:00.0904 0x1570 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
17:46:00.0907 0x1570 KSecDD - ok
17:46:00.0930 0x1570 [ CA3F19E4B0765135B0F3C99384C535B9, 16441986C4E91F272E5876121272366476DB0496117C5AB4FBC82B07A06C0EC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
17:46:00.0934 0x1570 KSecPkg - ok
17:46:00.0952 0x1570 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
17:46:00.0954 0x1570 ksthunk - ok
17:46:01.0005 0x1570 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
17:46:01.0016 0x1570 KtmRm - ok
17:46:01.0058 0x1570 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
17:46:01.0068 0x1570 LanmanServer - ok
17:46:01.0099 0x1570 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
17:46:01.0110 0x1570 LanmanWorkstation - ok
17:46:01.0148 0x1570 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
17:46:01.0162 0x1570 lfsvc - ok
17:46:01.0186 0x1570 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
17:46:01.0189 0x1570 lltdio - ok
17:46:01.0238 0x1570 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
17:46:01.0246 0x1570 lltdsvc - ok
17:46:01.0272 0x1570 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
17:46:01.0276 0x1570 lmhosts - ok
17:46:01.0313 0x1570 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:46:01.0319 0x1570 LMS - ok
17:46:01.0351 0x1570 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
17:46:01.0354 0x1570 LSI_SAS - ok
17:46:01.0362 0x1570 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
17:46:01.0365 0x1570 LSI_SAS2 - ok
17:46:01.0383 0x1570 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
17:46:01.0386 0x1570 LSI_SAS3 - ok
17:46:01.0399 0x1570 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
17:46:01.0402 0x1570 LSI_SSS - ok
17:46:01.0440 0x1570 [ 9B231CD3E52DF29EE50086FF676D3D6F, A47449CA6C88FE089A6953D05FA33A55A55E0306335A7A102A4CD75429FF0515 ] LSM C:\WINDOWS\System32\lsm.dll
17:46:01.0459 0x1570 LSM - ok
17:46:01.0491 0x1570 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
17:46:01.0495 0x1570 luafv - ok
17:46:01.0516 0x1570 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
17:46:01.0518 0x1570 megasas - ok
17:46:01.0568 0x1570 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
17:46:01.0579 0x1570 megasr - ok
17:46:01.0618 0x1570 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
17:46:01.0620 0x1570 MEIx64 - ok
17:46:01.0655 0x1570 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
17:46:01.0660 0x1570 MMCSS - ok
17:46:01.0674 0x1570 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
17:46:01.0676 0x1570 Modem - ok
17:46:01.0693 0x1570 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
17:46:01.0694 0x1570 monitor - ok
17:46:01.0708 0x1570 [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
17:46:01.0710 0x1570 mouclass - ok
17:46:01.0714 0x1570 [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
17:46:01.0716 0x1570 mouhid - ok
17:46:01.0728 0x1570 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
17:46:01.0731 0x1570 mountmgr - ok
17:46:01.0767 0x1570 [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:46:01.0770 0x1570 MozillaMaintenance - ok
17:46:01.0776 0x1570 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
17:46:01.0778 0x1570 mpsdrv - ok
17:46:01.0840 0x1570 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
17:46:01.0861 0x1570 MpsSvc - ok
17:46:01.0892 0x1570 [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
17:46:01.0896 0x1570 MRxDAV - ok
17:46:01.0925 0x1570 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:46:01.0934 0x1570 mrxsmb - ok
17:46:01.0946 0x1570 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
17:46:01.0952 0x1570 mrxsmb10 - ok
17:46:01.0964 0x1570 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
17:46:01.0970 0x1570 mrxsmb20 - ok
17:46:02.0013 0x1570 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
17:46:02.0016 0x1570 MsBridge - ok
17:46:02.0063 0x1570 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:46:02.0069 0x1570 MSDTC - ok
17:46:02.0094 0x1570 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:46:02.0095 0x1570 Msfs - ok
17:46:02.0114 0x1570 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
17:46:02.0116 0x1570 msgpiowin32 - ok
17:46:02.0139 0x1570 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
17:46:02.0141 0x1570 mshidkmdf - ok
17:46:02.0147 0x1570 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
17:46:02.0149 0x1570 mshidumdf - ok
17:46:02.0179 0x1570 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
17:46:02.0181 0x1570 msisadrv - ok
17:46:02.0218 0x1570 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
17:46:02.0224 0x1570 MSiSCSI - ok
17:46:02.0228 0x1570 msiserver - ok
17:46:02.0239 0x1570 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:46:02.0241 0x1570 MSKSSRV - ok
17:46:02.0259 0x1570 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
17:46:02.0261 0x1570 MsLldp - ok
17:46:02.0292 0x1570 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:46:02.0293 0x1570 MSPCLOCK - ok
17:46:02.0316 0x1570 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:46:02.0317 0x1570 MSPQM - ok
17:46:02.0346 0x1570 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
17:46:02.0355 0x1570 MsRPC - ok
17:46:02.0369 0x1570 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
17:46:02.0371 0x1570 mssmbios - ok
17:46:02.0384 0x1570 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:46:02.0385 0x1570 MSTEE - ok
17:46:02.0405 0x1570 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
17:46:02.0406 0x1570 MTConfig - ok
17:46:02.0414 0x1570 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
17:46:02.0416 0x1570 Mup - ok
17:46:02.0433 0x1570 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
17:46:02.0436 0x1570 mvumis - ok
17:46:02.0510 0x1570 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
17:46:02.0523 0x1570 napagent - ok
17:46:02.0570 0x1570 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
17:46:02.0579 0x1570 NativeWifiP - ok
17:46:02.0607 0x1570 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
17:46:02.0613 0x1570 NcaSvc - ok
17:46:02.0627 0x1570 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
17:46:02.0633 0x1570 NcbService - ok
17:46:02.0654 0x1570 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
17:46:02.0659 0x1570 NcdAutoSetup - ok
17:46:02.0713 0x1570 [ 21FE65E2E67C4E31EE95CBD1F91C4B24, 6558F2BC10E6B09F7EE5264722FCF572B861EDB60A1433B58A4F4625EC0ABF63 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
17:46:02.0737 0x1570 NDIS - ok
17:46:02.0780 0x1570 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
17:46:02.0782 0x1570 NdisCap - ok
17:46:02.0790 0x1570 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
17:46:02.0793 0x1570 NdisImPlatform - ok
17:46:02.0829 0x1570 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:46:02.0830 0x1570 NdisTapi - ok
17:46:02.0848 0x1570 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:46:02.0850 0x1570 Ndisuio - ok
17:46:02.0865 0x1570 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
17:46:02.0867 0x1570 NdisVirtualBus - ok
17:46:02.0894 0x1570 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:46:02.0899 0x1570 NdisWan - ok
17:46:02.0908 0x1570 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:46:02.0912 0x1570 NdisWanLegacy - ok
17:46:02.0918 0x1570 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:46:02.0920 0x1570 NDProxy - ok
17:46:02.0942 0x1570 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
17:46:02.0945 0x1570 Ndu - ok
17:46:02.0969 0x1570 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
17:46:02.0973 0x1570 Net Driver HPZ12 - ok
17:46:02.0992 0x1570 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:46:02.0994 0x1570 NetBIOS - ok
17:46:03.0027 0x1570 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:46:03.0034 0x1570 NetBT - ok
17:46:03.0055 0x1570 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
17:46:03.0060 0x1570 Netlogon - ok
17:46:03.0099 0x1570 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
17:46:03.0108 0x1570 Netman - ok
17:46:03.0157 0x1570 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
17:46:03.0172 0x1570 netprofm - ok
17:46:03.0219 0x1570 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:46:03.0223 0x1570 NetTcpPortSharing - ok
17:46:03.0259 0x1570 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
17:46:03.0262 0x1570 netvsc - ok
17:46:03.0393 0x1570 [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
17:46:03.0461 0x1570 NETwNe64 - ok
17:46:03.0508 0x1570 [ 3A4DD90CD5BCB607007BFFE8B9A2C761, 529353DB418B8C5B352A8530C465D5DA196B3DF16F22DA36874990BF11B24C9C ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
17:46:03.0518 0x1570 NlaSvc - ok
17:46:03.0532 0x1570 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:46:03.0534 0x1570 Npfs - ok
17:46:03.0548 0x1570 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
17:46:03.0550 0x1570 npsvctrig - ok
17:46:03.0571 0x1570 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
17:46:03.0574 0x1570 nsi - ok
17:46:03.0585 0x1570 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
17:46:03.0587 0x1570 nsiproxy - ok
17:46:03.0671 0x1570 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:46:03.0717 0x1570 Ntfs - ok
17:46:03.0737 0x1570 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
17:46:03.0738 0x1570 Null - ok
17:46:04.0131 0x1570 [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
17:46:04.0359 0x1570 nvlddmkm - ok
17:46:04.0395 0x1570 [ FCC3A3F875C8CF258F71BE2F2CAA2355, BD174C47329F0A15D821E51997E4CDAA68FB9BFD72A89A2F2A85A8603625EB18 ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
17:46:04.0396 0x1570 nvpciflt - ok
17:46:04.0438 0x1570 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
17:46:04.0441 0x1570 nvraid - ok
17:46:04.0456 0x1570 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
17:46:04.0460 0x1570 nvstor - ok
17:46:04.0518 0x1570 [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
17:46:04.0544 0x1570 nvsvc - ok
17:46:04.0634 0x1570 [ AA130938A27BB80A8B6438EF83232275, 7C5A4863CD22413723C9F7658855E34088A2F89DF740531ED7986F67A30935E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:46:04.0660 0x1570 nvUpdatusService - ok
17:46:04.0695 0x1570 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
17:46:04.0697 0x1570 nv_agp - ok
17:46:04.0758 0x1570 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:46:04.0762 0x1570 ose - ok
17:46:04.0800 0x1570 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
17:46:04.0810 0x1570 p2pimsvc - ok
17:46:04.0844 0x1570 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
17:46:04.0856 0x1570 p2psvc - ok
17:46:04.0881 0x1570 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
17:46:04.0884 0x1570 Parport - ok
17:46:04.0908 0x1570 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
17:46:04.0910 0x1570 partmgr - ok
17:46:04.0954 0x1570 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
17:46:04.0967 0x1570 PcaSvc - ok
17:46:04.0990 0x1570 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
17:46:04.0995 0x1570 pci - ok
17:46:05.0021 0x1570 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
17:46:05.0023 0x1570 pciide - ok
17:46:05.0066 0x1570 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
17:46:05.0069 0x1570 pcmcia - ok
17:46:05.0074 0x1570 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
17:46:05.0075 0x1570 pcw - ok
17:46:05.0081 0x1570 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
17:46:05.0083 0x1570 pdc - ok
17:46:05.0131 0x1570 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
17:46:05.0144 0x1570 PEAUTH - ok
17:46:05.0175 0x1570 [ EE926C59CBD4DC4DC9FBB85014A2F1A5, 777459BD30A480E03EA5D0BBA431C2CD573403687FAA0B29F172086A0304E230 ] PEGAGFN C:\Program Files (x86)\PHotkey\PEGAGFN.sys
17:46:05.0176 0x1570 PEGAGFN - ok
17:46:05.0258 0x1570 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
17:46:05.0261 0x1570 PerfHost - ok
17:46:05.0360 0x1570 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
17:46:05.0396 0x1570 pla - ok
17:46:05.0429 0x1570 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
17:46:05.0436 0x1570 PlugPlay - ok
17:46:05.0474 0x1570 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
17:46:05.0478 0x1570 Pml Driver HPZ12 - ok
17:46:05.0511 0x1570 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
17:46:05.0515 0x1570 PNRPAutoReg - ok
17:46:05.0556 0x1570 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
17:46:05.0567 0x1570 PNRPsvc - ok
17:46:05.0601 0x1570 [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64 C:\WINDOWS\System32\drivers\point64.sys
17:46:05.0603 0x1570 Point64 - ok
17:46:05.0650 0x1570 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
17:46:05.0660 0x1570 PolicyAgent - ok
17:46:05.0683 0x1570 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
17:46:05.0690 0x1570 Power - ok
17:46:05.0855 0x1570 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
17:46:05.0909 0x1570 PrintNotify - ok
17:46:05.0970 0x1570 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
17:46:05.0972 0x1570 Processor - ok
17:46:06.0008 0x1570 [ DEE538B5AF5D1F67C4F9415DE37A8EE2, A3173FD1D0E6D9AADF8269EF275C34F2A2A20A78C337ED8CC2DDC243356C65BD ] ProfSvc C:\WINDOWS\system32\profsvc.dll
17:46:06.0017 0x1570 ProfSvc - ok
17:46:06.0051 0x1570 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
17:46:06.0055 0x1570 Psched - ok
17:46:06.0103 0x1570 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
17:46:06.0111 0x1570 QWAVE - ok
17:46:06.0124 0x1570 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
17:46:06.0125 0x1570 QWAVEdrv - ok
17:46:06.0147 0x1570 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:46:06.0148 0x1570 RasAcd - ok
17:46:06.0162 0x1570 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:46:06.0169 0x1570 RasAuto - ok
17:46:06.0210 0x1570 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:46:06.0227 0x1570 RasMan - ok
17:46:06.0249 0x1570 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:46:06.0252 0x1570 RasPppoe - ok
17:46:06.0283 0x1570 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:46:06.0292 0x1570 rdbss - ok
17:46:06.0306 0x1570 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
17:46:06.0307 0x1570 rdpbus - ok
17:46:06.0315 0x1570 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
17:46:06.0320 0x1570 RDPDR - ok
17:46:06.0340 0x1570 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
17:46:06.0341 0x1570 RdpVideoMiniport - ok
17:46:06.0361 0x1570 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
17:46:06.0367 0x1570 rdyboost - ok
17:46:06.0434 0x1570 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
17:46:06.0455 0x1570 ReFS - ok
17:46:06.0509 0x1570 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:46:06.0516 0x1570 RemoteAccess - ok
17:46:06.0563 0x1570 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:46:06.0570 0x1570 RemoteRegistry - ok
17:46:06.0579 0x1570 [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:46:06.0582 0x1570 RFCOMM - ok
17:46:06.0618 0x1570 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
17:46:06.0624 0x1570 RpcEptMapper - ok
17:46:06.0657 0x1570 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
17:46:06.0660 0x1570 RpcLocator - ok
17:46:06.0705 0x1570 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:46:06.0725 0x1570 RpcSs - ok
17:46:06.0753 0x1570 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:46:06.0756 0x1570 rspndr - ok
17:46:06.0789 0x1570 [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR C:\WINDOWS\System32\Drivers\RtsUStor.sys
17:46:06.0795 0x1570 RSUSBSTOR - ok
17:46:06.0851 0x1570 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
17:46:06.0866 0x1570 RTL8168 - ok
17:46:06.0898 0x1570 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
17:46:06.0900 0x1570 s3cap - ok
17:46:06.0937 0x1570 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
17:46:06.0941 0x1570 SamSs - ok
17:46:06.0990 0x1570 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
17:46:06.0993 0x1570 sbp2port - ok
17:46:07.0045 0x1570 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
17:46:07.0052 0x1570 SCardSvr - ok
17:46:07.0103 0x1570 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
17:46:07.0109 0x1570 ScDeviceEnum - ok
17:46:07.0144 0x1570 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
17:46:07.0146 0x1570 scfilter - ok
17:46:07.0213 0x1570 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:46:07.0241 0x1570 Schedule - ok
17:46:07.0277 0x1570 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
17:46:07.0281 0x1570 SCPolicySvc - ok
17:46:07.0365 0x1570 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
17:46:07.0370 0x1570 sdbus - ok
17:46:07.0390 0x1570 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
17:46:07.0392 0x1570 sdstor - ok
17:46:07.0417 0x1570 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
17:46:07.0418 0x1570 secdrv - ok
17:46:07.0459 0x1570 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
17:46:07.0464 0x1570 seclogon - ok
17:46:07.0487 0x1570 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
17:46:07.0493 0x1570 SENS - ok
17:46:07.0558 0x1570 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
17:46:07.0567 0x1570 SensrSvc - ok
17:46:07.0596 0x1570 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
17:46:07.0598 0x1570 SerCx - ok
17:46:07.0646 0x1570 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
17:46:07.0650 0x1570 SerCx2 - ok
17:46:07.0696 0x1570 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
17:46:07.0698 0x1570 Serenum - ok
17:46:07.0787 0x1570 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
17:46:07.0791 0x1570 Serial - ok
17:46:07.0830 0x1570 [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
17:46:07.0832 0x1570 sermouse - ok
17:46:07.0896 0x1570 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
17:46:07.0907 0x1570 SessionEnv - ok
17:46:07.0912 0x1570 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
17:46:07.0914 0x1570 sfloppy - ok
17:46:07.0971 0x1570 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:46:07.0981 0x1570 SharedAccess - ok
17:46:08.0026 0x1570 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:46:08.0042 0x1570 ShellHWDetection - ok
17:46:08.0078 0x1570 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
17:46:08.0080 0x1570 SiSRaid2 - ok
17:46:08.0104 0x1570 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
17:46:08.0106 0x1570 SiSRaid4 - ok
17:46:08.0198 0x1570 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:46:08.0204 0x1570 SkypeUpdate - ok
17:46:08.0242 0x1570 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
17:46:08.0246 0x1570 smphost - ok
17:46:08.0287 0x1570 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
17:46:08.0292 0x1570 SNMPTRAP - ok
17:46:08.0323 0x1570 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
17:46:08.0332 0x1570 spaceport - ok
17:46:08.0338 0x1570 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
17:46:08.0340 0x1570 SpbCx - ok
17:46:08.0398 0x1570 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
17:46:08.0417 0x1570 Spooler - ok
17:46:08.0632 0x1570 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
17:46:08.0766 0x1570 sppsvc - ok
17:46:08.0831 0x1570 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:46:08.0839 0x1570 srv - ok
17:46:08.0869 0x1570 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
17:46:08.0882 0x1570 srv2 - ok
17:46:08.0897 0x1570 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
17:46:08.0903 0x1570 srvnet - ok
17:46:08.0949 0x1570 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:46:08.0957 0x1570 SSDPSRV - ok
17:46:08.0990 0x1570 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
17:46:08.0997 0x1570 SstpSvc - ok
17:46:09.0029 0x1570 [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
17:46:09.0033 0x1570 ssudmdm - ok
17:46:09.0096 0x1570 [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
17:46:09.0110 0x1570 ss_conn_service - ok
17:46:09.0196 0x1570 [ A9D26626BEADF5A0641BF6B5095EF309, EABC711466FECA20058D7E24CA2593059E1F113B38A2E7574822E48BFBBF4146 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:46:09.0204 0x1570 Stereo Service - ok
17:46:09.0232 0x1570 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
17:46:09.0234 0x1570 stexstor - ok
17:46:09.0313 0x1570 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
17:46:09.0339 0x1570 stisvc - ok
17:46:09.0368 0x1570 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
17:46:09.0371 0x1570 storahci - ok
17:46:09.0406 0x1570 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
17:46:09.0408 0x1570 storflt - ok
17:46:09.0424 0x1570 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
17:46:09.0427 0x1570 stornvme - ok
17:46:09.0462 0x1570 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
17:46:09.0469 0x1570 StorSvc - ok
17:46:09.0499 0x1570 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
17:46:09.0501 0x1570 storvsc - ok
17:46:09.0535 0x1570 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
17:46:09.0539 0x1570 svsvc - ok
17:46:09.0555 0x1570 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
17:46:09.0556 0x1570 swenum - ok
17:46:09.0594 0x1570 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
17:46:09.0619 0x1570 swprv - ok
17:46:09.0707 0x1570 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
17:46:09.0736 0x1570 SysMain - ok
17:46:09.0777 0x1570 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
17:46:09.0786 0x1570 SystemEventsBroker - ok
17:46:09.0818 0x1570 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
17:46:09.0826 0x1570 TabletInputService - ok
17:46:09.0850 0x1570 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:46:09.0860 0x1570 TapiSrv - ok
17:46:09.0952 0x1570 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
17:46:09.0997 0x1570 Tcpip - ok
17:46:10.0057 0x1570 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:46:10.0102 0x1570 TCPIP6 - ok
17:46:10.0136 0x1570 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
17:46:10.0138 0x1570 tcpipreg - ok
17:46:10.0157 0x1570 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
17:46:10.0160 0x1570 tdx - ok
17:46:10.0180 0x1570 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
17:46:10.0182 0x1570 terminpt - ok
17:46:10.0261 0x1570 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
17:46:10.0284 0x1570 TermService - ok
17:46:10.0314 0x1570 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
17:46:10.0319 0x1570 Themes - ok
17:46:10.0353 0x1570 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
17:46:10.0358 0x1570 THREADORDER - ok
17:46:10.0382 0x1570 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
17:46:10.0391 0x1570 TimeBroker - ok
17:46:10.0472 0x1570 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
17:46:10.0483 0x1570 TPM - ok
17:46:10.0518 0x1570 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
17:46:10.0526 0x1570 TrkWks - ok
17:46:10.0586 0x1570 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
17:46:10.0589 0x1570 TrustedInstaller - ok
17:46:10.0613 0x1570 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
17:46:10.0615 0x1570 TsUsbFlt - ok
17:46:10.0620 0x1570 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
17:46:10.0622 0x1570 TsUsbGD - ok
17:46:10.0650 0x1570 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
17:46:10.0654 0x1570 tunnel - ok
17:46:10.0679 0x1570 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
17:46:10.0681 0x1570 uagp35 - ok
17:46:10.0716 0x1570 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
17:46:10.0718 0x1570 UASPStor - ok
17:46:10.0749 0x1570 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
17:46:10.0754 0x1570 UCX01000 - ok
17:46:10.0777 0x1570 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
17:46:10.0783 0x1570 udfs - ok
17:46:10.0799 0x1570 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
17:46:10.0800 0x1570 UEFI - ok
17:46:10.0847 0x1570 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
17:46:10.0852 0x1570 UI0Detect - ok
17:46:10.0868 0x1570 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
17:46:10.0870 0x1570 uliagpkx - ok
17:46:10.0888 0x1570 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
17:46:10.0890 0x1570 umbus - ok
17:46:10.0913 0x1570 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
17:46:10.0914 0x1570 UmPass - ok
17:46:10.0949 0x1570 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
17:46:10.0958 0x1570 UmRdpService - ok
17:46:11.0031 0x1570 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:46:11.0037 0x1570 UNS - ok
17:46:11.0087 0x1570 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:46:11.0106 0x1570 upnphost - ok
17:46:11.0128 0x1570 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
17:46:11.0131 0x1570 usbccgp - ok
17:46:11.0184 0x1570 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
17:46:11.0187 0x1570 usbcir - ok
17:46:11.0218 0x1570 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
17:46:11.0223 0x1570 usbehci - ok
17:46:11.0255 0x1570 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
17:46:11.0264 0x1570 usbhub - ok
17:46:11.0290 0x1570 [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
17:46:11.0300 0x1570 USBHUB3 - ok
17:46:11.0322 0x1570 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
17:46:11.0324 0x1570 usbohci - ok
17:46:11.0330 0x1570 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
17:46:11.0332 0x1570 usbprint - ok
17:46:11.0355 0x1570 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:46:11.0357 0x1570 usbscan - ok
17:46:11.0377 0x1570 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
17:46:11.0380 0x1570 USBSTOR - ok
17:46:11.0396 0x1570 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
17:46:11.0398 0x1570 usbuhci - ok
17:46:11.0425 0x1570 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
17:46:11.0429 0x1570 usbvideo - ok
17:46:11.0455 0x1570 [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
17:46:11.0462 0x1570 USBXHCI - ok
17:46:11.0475 0x1570 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
17:46:11.0479 0x1570 VaultSvc - ok
17:46:11.0566 0x1570 [ EB2461E88E1E9F2243FAA3F167BFB94E, 1A7E51BC964CC42A2839FE6DB20A7E2E695E827B62851B0B25CCDB091A144D24 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
17:46:11.0573 0x1570 VBoxAswDrv - ok
17:46:11.0593 0x1570 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
17:46:11.0595 0x1570 vdrvroot - ok
17:46:11.0668 0x1570 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
17:46:11.0700 0x1570 vds - ok
17:46:11.0742 0x1570 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
17:46:11.0746 0x1570 VerifierExt - ok
17:46:11.0863 0x1570 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
17:46:11.0874 0x1570 vhdmp - ok
17:46:11.0888 0x1570 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
17:46:11.0890 0x1570 viaide - ok
17:46:11.0904 0x1570 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
17:46:11.0908 0x1570 vmbus - ok
17:46:11.0912 0x1570 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
17:46:11.0913 0x1570 VMBusHID - ok
17:46:11.0975 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
17:46:11.0988 0x1570 vmicguestinterface - ok
17:46:12.0005 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
17:46:12.0017 0x1570 vmicheartbeat - ok
17:46:12.0033 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
17:46:12.0046 0x1570 vmickvpexchange - ok
17:46:12.0061 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
17:46:12.0074 0x1570 vmicrdv - ok
17:46:12.0090 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
17:46:12.0103 0x1570 vmicshutdown - ok
17:46:12.0120 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
17:46:12.0134 0x1570 vmictimesync - ok
17:46:12.0149 0x1570 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
17:46:12.0162 0x1570 vmicvss - ok
17:46:12.0187 0x1570 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
17:46:12.0190 0x1570 volmgr - ok
17:46:12.0213 0x1570 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
17:46:12.0221 0x1570 volmgrx - ok
17:46:12.0244 0x1570 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
17:46:12.0250 0x1570 volsnap - ok
17:46:12.0287 0x1570 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
17:46:12.0289 0x1570 vpci - ok
17:46:12.0327 0x1570 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
17:46:12.0331 0x1570 vsmraid - ok
17:46:12.0417 0x1570 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
17:46:12.0449 0x1570 VSS - ok
17:46:12.0477 0x1570 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
17:46:12.0485 0x1570 VSTXRAID - ok
17:46:12.0516 0x1570 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
17:46:12.0518 0x1570 vwifibus - ok
17:46:12.0549 0x1570 [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
17:46:12.0551 0x1570 vwififlt - ok
17:46:12.0585 0x1570 [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
17:46:12.0587 0x1570 vwifimp - ok
17:46:12.0626 0x1570 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
17:46:12.0642 0x1570 W32Time - ok
17:46:12.0678 0x1570 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
17:46:12.0680 0x1570 WacomPen - ok
17:46:12.0757 0x1570 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
17:46:12.0797 0x1570 wbengine - ok
17:46:12.0831 0x1570 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
17:46:12.0844 0x1570 WbioSrvc - ok
17:46:12.0859 0x1570 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
17:46:12.0869 0x1570 Wcmsvc - ok
17:46:12.0884 0x1570 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
17:46:12.0897 0x1570 wcncsvc - ok
17:46:12.0917 0x1570 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
17:46:12.0923 0x1570 WcsPlugInService - ok
17:46:12.0967 0x1570 [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
17:46:12.0969 0x1570 WdBoot - ok
17:46:13.0016 0x1570 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
17:46:13.0033 0x1570 Wdf01000 - ok
17:46:13.0045 0x1570 [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
17:46:13.0051 0x1570 WdFilter - ok
17:46:13.0067 0x1570 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
17:46:13.0074 0x1570 WdiServiceHost - ok
17:46:13.0079 0x1570 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
17:46:13.0085 0x1570 WdiSystemHost - ok
17:46:13.0093 0x1570 [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
17:46:13.0096 0x1570 WdNisDrv - ok
17:46:13.0124 0x1570 WdNisSvc - ok
17:46:13.0158 0x1570 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:46:13.0166 0x1570 WebClient - ok
17:46:13.0213 0x1570 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
17:46:13.0221 0x1570 Wecsvc - ok
17:46:13.0227 0x1570 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
17:46:13.0232 0x1570 WEPHOSTSVC - ok
17:46:13.0253 0x1570 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
17:46:13.0259 0x1570 wercplsupport - ok
17:46:13.0280 0x1570 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
17:46:13.0286 0x1570 WerSvc - ok
17:46:13.0300 0x1570 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
17:46:13.0304 0x1570 WFPLWFS - ok
17:46:13.0327 0x1570 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
17:46:13.0332 0x1570 WiaRpc - ok
17:46:13.0369 0x1570 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
17:46:13.0371 0x1570 WIMMount - ok
17:46:13.0374 0x1570 WinDefend - ok
17:46:13.0442 0x1570 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
17:46:13.0463 0x1570 WinHttpAutoProxySvc - ok
17:46:13.0503 0x1570 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:46:13.0509 0x1570 Winmgmt - ok
17:46:13.0620 0x1570 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:46:13.0675 0x1570 WinRM - ok
17:46:13.0755 0x1570 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
17:46:13.0758 0x1570 WinUsb - ok
17:46:13.0837 0x1570 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
17:46:13.0870 0x1570 WlanSvc - ok
17:46:13.0941 0x1570 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
17:46:13.0973 0x1570 wlidsvc - ok
17:46:13.0996 0x1570 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
17:46:13.0998 0x1570 WmiAcpi - ok
17:46:14.0042 0x1570 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
17:46:14.0046 0x1570 wmiApSrv - ok
17:46:14.0067 0x1570 WMPNetworkSvc - ok
17:46:14.0084 0x1570 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
17:46:14.0088 0x1570 Wof - ok
17:46:14.0175 0x1570 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
17:46:14.0209 0x1570 workfolderssvc - ok
17:46:14.0259 0x1570 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
17:46:14.0261 0x1570 wpcfltr - ok
17:46:14.0278 0x1570 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
17:46:14.0283 0x1570 WPCSvc - ok
17:46:14.0305 0x1570 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
17:46:14.0311 0x1570 WPDBusEnum - ok
17:46:14.0334 0x1570 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
17:46:14.0336 0x1570 WpdUpFltr - ok
17:46:14.0356 0x1570 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
17:46:14.0358 0x1570 ws2ifsl - ok
17:46:14.0401 0x1570 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
17:46:14.0409 0x1570 wscsvc - ok
17:46:14.0415 0x1570 WSearch - ok
17:46:14.0546 0x1570 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
17:46:14.0613 0x1570 WSService - ok
17:46:14.0672 0x1570 [ 0ECE1883160759330E896B82A9EBB70B, 6D35A50C80F1A5329D2C575B3FD2C3EEF43992CFA48F9EA6F559D16B9A9502C5 ] WTGService C:\Program Files (x86)\3DataManager\WTGService.exe
17:46:14.0679 0x1570 WTGService - ok
17:46:14.0827 0x1570 [ 1B24547C96E1C656ED9A8E6B6F6FA03B, A15D1180D8A9011F0D5A2C8D801D34974D5AEA367FFFB96BD335448B17A2C142 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
17:46:14.0903 0x1570 wuauserv - ok
17:46:14.0968 0x1570 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
17:46:14.0971 0x1570 WudfPf - ok
17:46:14.0987 0x1570 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
17:46:14.0992 0x1570 WUDFRd - ok
17:46:15.0007 0x1570 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:46:15.0012 0x1570 WUDFSensorLP - ok
17:46:15.0035 0x1570 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
17:46:15.0042 0x1570 wudfsvc - ok
17:46:15.0052 0x1570 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:46:15.0057 0x1570 WUDFWpdFs - ok
17:46:15.0065 0x1570 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
17:46:15.0071 0x1570 WUDFWpdMtp - ok
17:46:15.0098 0x1570 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
17:46:15.0113 0x1570 WwanSvc - ok
17:46:15.0132 0x1570 ================ Scan global ===============================
17:46:15.0182 0x1570 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
17:46:15.0224 0x1570 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
17:46:15.0253 0x1570 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
17:46:15.0289 0x1570 [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
17:46:15.0300 0x1570 [ Global ] - ok
17:46:15.0301 0x1570 ================ Scan MBR ==================================
17:46:15.0318 0x1570 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:46:15.0323 0x1570 \Device\Harddisk0\DR0 - ok
17:46:15.0323 0x1570 ================ Scan VBR ==================================
17:46:15.0336 0x1570 [ 68A5C9AC4E296B05A911F1152EC2A61A ] \Device\Harddisk0\DR0\Partition1
17:46:15.0405 0x1570 \Device\Harddisk0\DR0\Partition1 - ok
17:46:15.0421 0x1570 [ 89DF320A24731CB6CC26510A634B58A0 ] \Device\Harddisk0\DR0\Partition2
17:46:15.0472 0x1570 \Device\Harddisk0\DR0\Partition2 - ok
17:46:15.0488 0x1570 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
17:46:15.0488 0x1570 \Device\Harddisk0\DR0\Partition3 - ok
17:46:15.0506 0x1570 [ C31B0DD79B7177261E5F46D4EC8DEFA4 ] \Device\Harddisk0\DR0\Partition4
17:46:15.0563 0x1570 \Device\Harddisk0\DR0\Partition4 - ok
17:46:15.0582 0x1570 [ FDA2C7E9229C13180D64FA02AEA9AB78 ] \Device\Harddisk0\DR0\Partition5
17:46:15.0619 0x1570 \Device\Harddisk0\DR0\Partition5 - ok
17:46:15.0646 0x1570 [ 42D55D83B50AADD3DB9B451B808D4B8F ] \Device\Harddisk0\DR0\Partition6
17:46:15.0658 0x1570 \Device\Harddisk0\DR0\Partition6 - ok
17:46:15.0674 0x1570 [ C29EF0D385BEA5B50B0B2F8D00493C30 ] \Device\Harddisk0\DR0\Partition7
17:46:15.0687 0x1570 \Device\Harddisk0\DR0\Partition7 - ok
17:46:15.0688 0x1570 ================ Scan generic autorun ======================
17:46:16.0150 0x1570 [ B3B1175C96F8E01EC5D37F6C0B965F6F, F0330B4B1CBF2D5C4570E53CE6DE2BA6DE14A7156C368458A0B4B59BDBF45DD5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:46:16.0514 0x1570 RtHDVCpl - ok
17:46:16.0612 0x1570 [ D0AA4593126F4FCA79173D00DF054454, C18F6780ADFA44C49E6C6C8CEE4C5E25829ADE125C97A56467456B173BE4A7F2 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:46:16.0638 0x1570 RtHDVBg_Dolby - ok
17:46:16.0808 0x1570 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
17:46:16.0961 0x1570 AvastUI.exe - ok
17:46:17.0084 0x1570 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:46:17.0106 0x1570 Adobe ARM - ok
17:46:17.0170 0x1570 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
17:46:17.0181 0x1570 WAB Migrate - ok
17:46:17.0226 0x1570 Skype - ok
17:46:17.0228 0x1570 Waiting for KSN requests completion. In queue: 154
17:46:18.0289 0x1570 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
17:46:18.0306 0x1570 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
17:46:18.0309 0x1570 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
17:46:18.0314 0x1570 Win FW state via NFP2: enabled
17:46:18.0584 0x1570 ============================================================
17:46:18.0584 0x1570 Scan finished
17:46:18.0584 0x1570 ============================================================
17:46:18.0596 0x1564 Detected object count: 0
17:46:18.0596 0x1564 Actual detected object count: 0
|
|
23.07.2015, 13:02
| #6 |
| /// TB-Ausbilder | Fenster, Express Zip Demo Servus, du weißt, dass "Winzip Malware Protector" selbst Adware ist?   Ahja, wegen deiner PM: Wir löschen grundsätzlich keine Logfiles aus dem Forum, mehr dazu hier. Alle Schritte (1-4) ausführen, immer alle Funde entfernen lassen und die Logdateien posten: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
23.07.2015, 17:20
| #7 |
| | Fenster, Express Zip DemoCode:
ATTFilter
Nico Mak Computing
WinZip Malware Protector
Datum der Überprüfung Donnerstag, 23. Juli 2015
Datenbankversion 2325
Gefundene Elemente insgesamt 94
Überprüfte Objekte: 366772
Abgelaufene Zeit: 00:01:42
Name Gefundene Elemente
Name der Infektion pup.optional
Kategorie Potentially Unwanted Application
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 1
Gefundener Bereich FileSystem
Details
Dateiname c:\users\alexandra\downloads\kies3setup.exe
MD5 12095843207507927641
Signatur 0
Md5hash: 9dd5bd2ff675d9a92447c28ec3532d55
Name der Infektion malware.trace
Kategorie Generic Malware
Bedrohungsstufe High
Durchgeführte Aktion NoActionTaken
Elemente gefunden 93
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
17.06.2014 at 18:48:11
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
17.06.2014 at 18:48:54
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
18.06.2014 at 09:14:16
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
18.06.2014 at 09:37:32
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
18.06.2014 at 09:38:06
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
18.06.2014 at 09:38:51
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
18.06.2014 at 09:38:58
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
19.06.2014 at 09:58:29
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
20.06.2014 at 12:06:43
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
21.06.2014 at 12:39:06
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
24.06.2014 at 12:34:51
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
25.06.2014 at 11:45:42
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
26.06.2014 at 14:24:23
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
27.06.2014 at 09:09:29
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
28.06.2014 at 15:59:04
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
28.06.2014 at 20:00:30
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
29.06.2014 at 11:24:06
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
30.06.2014 at 11:51:56
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
01.07.2014 at 10:01:09
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
02.07.2014 at 09:55:44
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
03.07.2014 at 12:49:31
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
05.07.2014 at 13:07:07
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
06.07.2014 at 19:58:52
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
07.07.2014 at 11:09:45
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
07.07.2014 at 17:46:39
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
08.07.2014 at 17:27:27
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
10.07.2014 at 10:25:33
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
16.07.2014 at 09:42:20
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
23.07.2014 at 09:43:04
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
24.07.2014 at 12:04:29
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
25.07.2014 at 13:36:18
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
27.07.2014 at 13:16:57
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
28.07.2014 at 12:09:35
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
29.07.2014 at 12:21:30
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
02.08.2014 at 12:22:42
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
03.08.2014 at 11:51:53
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
04.08.2014 at 16:48:51
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
06.08.2014 at 09:38:04
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
08.08.2014 at 12:48:43
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
11.08.2014 at 11:32:54
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
12.08.2014 at 11:14:54
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
14.08.2014 at 07:21:18
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
15.08.2014 at 10:46:02
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
15.08.2014 at 19:46:22
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
16.08.2014 at 11:22:26
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
21.08.2014 at 10:41:18
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
22.08.2014 at 11:19:18
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
23.08.2014 at 10:28:14
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
24.08.2014 at 11:00:10
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
27.08.2014 at 18:38:28
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
28.08.2014 at 10:31:32
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
29.08.2014 at 11:53:24
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
30.08.2014 at 11:02:38
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
03.09.2014 at 17:43:05
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
04.09.2014 at 10:54:50
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
06.09.2014 at 20:10:53
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
07.09.2014 at 11:26:03
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
18.09.2014 at 18:05:18
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
19.09.2014 at 08:32:29
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
20.09.2014 at 10:25:35
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
21.09.2014 at 13:27:01
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
22.09.2014 at 09:44:13
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
24.09.2014 at 16:57:12
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
25.09.2014 at 09:43:54
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
28.09.2014 at 11:25:46
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
29.09.2014 at 12:13:52
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
02.10.2014 at 09:25:16
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
03.10.2014 at 12:44:21
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
04.10.2014 at 20:16:15
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
05.10.2014 at 11:39:49
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
07.10.2014 at 17:04:22
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
08.10.2014 at 18:12:46
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
12.10.2014 at 11:26:29
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
13.10.2014 at 09:17:35
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
14.10.2014 at 17:14:37
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
16.10.2014 at 12:25:07
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
17.10.2014 at 12:30:41
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
19.10.2014 at 11:49:32
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
21.10.2014 at 16:51:07
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
24.10.2014 at 11:20:47
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
25.10.2014 at 13:13:26
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
27.10.2014 at 10:52:20
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
28.10.2014 at 17:13:25
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
31.10.2014 at 11:37:25
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
02.11.2014 at 12:29:58
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
03.11.2014 at 10:32:39
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
04.11.2014 at 17:10:14
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
05.11.2014 at 17:52:30
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
06.11.2014 at 10:10:26
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
07.11.2014 at 10:38:31
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
07.11.2014 at 21:55:24
Gefundener Bereich Registry
Details
Registrierungsschlüssel hkey_current_user
software\dc3_fexec
08.11.2014 at 10:02:30
© 2013 WinZip International LLC. All rights reserved.
Das programm löscht nichts. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 23.07.2015 Suchlaufzeit: 17:32 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.23.04 Rootkit-Datenbank: v2015.07.22.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Alexandra Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 393127 Abgelaufene Zeit: 14 Min., 11 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 8 PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\Helper.TemplateObject, In Quarantäne, [5ad64d9851396bcbc14bb2d37989af51], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\Helper.TemplateObject.1, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Helper.TemplateObject, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Helper.TemplateObject.1, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Helper.TemplateObject, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Helper.TemplateObject.1, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, In Quarantäne, [9c943da876145ed818774a385da7b54b], Malware.Trace, HKU\S-1-5-21-2422082488-33307941-859794934-1002\SOFTWARE\DC3_FEXEC, In Quarantäne, [b87809dcdeacff372c4f6192c340df21], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 3 Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], PUP.Optional.OptimizerPro.A, C:\Users\Alexandra\Documents\Optimizer Pro, In Quarantäne, [042ca243e4a652e4b49ee8af39cb768a], PUP.Optional.DataMngr.A, C:\ProgramData\Datamngr, In Quarantäne, [32fe0bdaf5954beb53b49564e919df21], Dateien: 91 Trojan.Dropper.SFXAI, C:\Users\Alexandra\AppData\Roaming\27072014.scr, In Quarantäne, [68c81cc90585c472aed162c6dd24ac54], Misused.Legit.AI, C:\Users\Alexandra\265oyte47\.com, In Quarantäne, [cf6155903b4f57dfaf94939bc53c55ab], Misused.Legit.AI, C:\Users\Alexandra\8fdhc8i6\OWryTUenk.exe, In Quarantäne, [e9472fb66228c274c52f6dc8837e39c7], PUP.Optional.DownloadSponsor, C:\Users\Alexandra\Downloads\find-it.exe, In Quarantäne, [0b25b82d8bff4fe7e9b1b43cd82cc63a], PUP.Optional.Conduit.A, C:\Users\Alexandra\Downloads\Kies3Setup.exe, In Quarantäne, [70c0479e2664fd39c1e756bbe120c739], PUP.Optional.InstallCore.A, C:\Users\Alexandra\Downloads\MediaPlayerSetup.exe, In Quarantäne, [e14fd510cac065d17075e15219e7c23e], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-17-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-18-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-19-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-20-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-21-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-22-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-23-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-24-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-25-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-26-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-27-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-28-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-29-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-30-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-01-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-03-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-04-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-05-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-06-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-07-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-08-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-09-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-10-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-11-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-13-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-14-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-15-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-16-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-21-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-22-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-23-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-24-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-26-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-27-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-28-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-29-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-30-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-31-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-01-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-02-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-03-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-08-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-09-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-10-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-12-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-14-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-15-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-23-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-04-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-07-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-08-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-09-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-10-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-11-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-12-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-13-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-14-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-15-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-16-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-17-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-20-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-24-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-28-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-02-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-25-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-05-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-03-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-07-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-08-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-09-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-10-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-13-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-17-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-18-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-21-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-22-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-23-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-25-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-27-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-28-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-02-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-04-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-05-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-08-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], PUP.Optional.OptimizerPro.A, C:\Users\Alexandra\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [042ca243e4a652e4b49ee8af39cb768a], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 23.07.2015 Suchlaufzeit: 17:32 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.23.04 Rootkit-Datenbank: v2015.07.22.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Alexandra Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 393127 Abgelaufene Zeit: 14 Min., 11 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 8 PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\Helper.TemplateObject, In Quarantäne, [5ad64d9851396bcbc14bb2d37989af51], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\Helper.TemplateObject.1, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Helper.TemplateObject, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Helper.TemplateObject.1, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Helper.TemplateObject, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DNSErrorHelper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Helper.TemplateObject.1, In Quarantäne, [042c02e356348bab69a37c09946e2ad6], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, In Quarantäne, [9c943da876145ed818774a385da7b54b], Malware.Trace, HKU\S-1-5-21-2422082488-33307941-859794934-1002\SOFTWARE\DC3_FEXEC, In Quarantäne, [b87809dcdeacff372c4f6192c340df21], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 3 Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], PUP.Optional.OptimizerPro.A, C:\Users\Alexandra\Documents\Optimizer Pro, In Quarantäne, [042ca243e4a652e4b49ee8af39cb768a], PUP.Optional.DataMngr.A, C:\ProgramData\Datamngr, In Quarantäne, [32fe0bdaf5954beb53b49564e919df21], Dateien: 91 Trojan.Dropper.SFXAI, C:\Users\Alexandra\AppData\Roaming\27072014.scr, In Quarantäne, [68c81cc90585c472aed162c6dd24ac54], Misused.Legit.AI, C:\Users\Alexandra\265oyte47\.com, In Quarantäne, [cf6155903b4f57dfaf94939bc53c55ab], Misused.Legit.AI, C:\Users\Alexandra\8fdhc8i6\OWryTUenk.exe, In Quarantäne, [e9472fb66228c274c52f6dc8837e39c7], PUP.Optional.DownloadSponsor, C:\Users\Alexandra\Downloads\find-it.exe, In Quarantäne, [0b25b82d8bff4fe7e9b1b43cd82cc63a], PUP.Optional.Conduit.A, C:\Users\Alexandra\Downloads\Kies3Setup.exe, In Quarantäne, [70c0479e2664fd39c1e756bbe120c739], PUP.Optional.InstallCore.A, C:\Users\Alexandra\Downloads\MediaPlayerSetup.exe, In Quarantäne, [e14fd510cac065d17075e15219e7c23e], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-17-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-18-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-19-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-20-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-21-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-22-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-23-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-24-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-25-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-26-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-27-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-28-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-29-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-06-30-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-01-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-03-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-04-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-05-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-06-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-07-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-08-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-09-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-10-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-11-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-13-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-14-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-15-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-16-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-21-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-22-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-23-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-24-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-26-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-27-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-28-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-29-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-30-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-31-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-01-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-02-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-03-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-08-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-09-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-10-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-12-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-14-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-15-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-08-23-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-04-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-07-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-08-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-09-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-10-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-11-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-12-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-13-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-14-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-15-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-16-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-17-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-20-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-24-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-28-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-02-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-07-25-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-09-05-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-03-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-07-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-08-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-09-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-10-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-13-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-17-6.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-18-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-21-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-22-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-23-5.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-25-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-27-2.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-10-28-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-02-1.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-04-3.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-05-4.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], Stolen.Data, C:\Users\Alexandra\AppData\Roaming\dclogs\2014-11-08-7.dc, In Quarantäne, [ea46f6ef4b3f75c1914f77aa1be98d73], PUP.Optional.OptimizerPro.A, C:\Users\Alexandra\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [042ca243e4a652e4b49ee8af39cb768a], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Alexandra on 23.07.2015 at 18:09:14,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\WinZip Malware Protector_startup
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}
~~~ Files
Successfully deleted: [File] C:\Users\Public\Desktop\winzip malware protector.lnk
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\nico mak computing
Successfully deleted: [Folder] C:\Users\Alexandra\AppData\Roaming\nico mak computing
~~~ FireFox
Emptied folder: C:\Users\Alexandra\AppData\Roaming\mozilla\firefox\profiles\8yi0niup.default\minidumps [9 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2015 at 18:13:28,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Alexandra at 2015-07-23 16:53:44
Running from C:\Users\Alexandra\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2422082488-33307941-859794934-500 - Administrator - Disabled)
Alexandra (S-1-5-21-2422082488-33307941-859794934-1002 - Administrator - Enabled) => C:\Users\Alexandra
Gast (S-1-5-21-2422082488-33307941-859794934-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2422082488-33307941-859794934-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DataManager (HKLM-x32\...\3DataManager) (Version: 3.5 - 3DataManager)
4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
IT9130 Driver v12.2.3.1 (HKLM-x32\...\IT9130 DriverInstaller_12.2.3.1) (Version: - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\MyFreeCodec) (Version: - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6722 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch v1.4.7 (HKLM-x32\...\Smart Switch) (Version: v1.4.7 - GIGABYTE TECHNOLOGY CO.,LTD.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2422082488-33307941-859794934-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
17-07-2015 15:15:16 Uniblue PC Mechanic installation
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026E154A-52C6-4815-92D4-6072D677E1C0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {0438F22F-32A1-4FF4-AA2C-1FD6D396A466} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-03-13] (Nico Mak Computing)
Task: {08BE7C4C-4FE2-4BBD-8C0A-AF0F145F0F45} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {39D0F636-137E-48E1-A754-84AB3DD7A79B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {5DE4DF0D-A73B-42B4-92FB-230BA846D24E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6C101D18-DAA6-4799-8928-978661752FB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {8703140F-CB23-400D-B984-9D0DB88C0ADB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {951DCF2F-0A04-40A5-8B36-6152848BB900} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"
Task: {A8894C2C-511B-4DF0-A580-3CF0D6057CFD} - System32\Tasks\Installer for avg_safeguard => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\thirdpartyinstaller.exe <==== ATTENTION
Task: {ACA00654-4D80-465B-B5B9-0E62712D5865} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CCCB1A73-B348-48A3-98EA-0DAB644BAA6B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {DA08D4DF-9078-40B6-910F-4DF57D471E2F} - System32\Tasks\{67AA193C-B398-40E7-B3AF-48489F8A5BCE} => pcalua.exe -a "C:\Program Files (x86)\3DataManager\Uninstaller.exe"
Task: {DC136A3D-DDEF-4AD7-B72A-C9B70D663120} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-25] (Avast Software s.r.o.)
Task: {ED3D0FFD-C9B7-4CF2-B8DF-A5C9544514B2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F8EB148D-41AD-4A29-A282-5350C47E51AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Installer for avg_safeguard.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\thirdpartyinstaller.exe C:\Users\ALEXAN~1\AppData\Local\Temp\Uniblue\Offers\AVG_Safeguard.exe --stat-prefix sp --installer-type web --offer-name avg_safeguard --params /PASSWORD=TB38GF9P66 /DISTRIBUTIONSOURCE=ub011 /FINISHURL=http:/toolbar.avg.com <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2013-10-27 09:03 - 2013-10-27 09:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-29 15:32 - 2012-11-29 15:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2014-04-20 19:08 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-26 09:18 - 2012-07-05 06:03 - 00343024 ____N () C:\Program Files (x86)\3DataManager\WTGService.exe
2012-11-29 15:32 - 2012-11-27 17:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-09-26 09:18 - 2012-07-10 15:38 - 00506864 ____N () C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
2012-11-29 15:32 - 2010-01-12 19:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-11-29 15:32 - 2010-01-12 19:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2012-11-29 15:32 - 2010-12-17 16:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2012-11-29 15:32 - 2012-10-23 20:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-11-29 15:32 - 2012-08-08 20:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2015-05-09 11:35 - 2015-05-09 11:35 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-09 11:34 - 2015-05-09 11:34 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-21 14:17 - 2015-07-21 14:17 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072100\algo.dll
2015-07-23 12:56 - 2015-07-23 12:56 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072300\algo.dll
2013-10-27 09:03 - 2013-10-27 09:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-18 14:10 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2015-07-18 14:10 - 2015-03-13 14:34 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2015-07-18 14:10 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2012-11-29 15:32 - 2009-12-18 17:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-11-29 15:32 - 2009-12-18 17:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2015-05-09 11:35 - 2015-05-09 11:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-02 17:11 - 2015-07-02 17:11 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\f95a84be655dce46534e2570f3b8bef6\PSIClient.ni.dll
2012-11-14 10:20 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-26 09:18 - 2012-07-13 14:19 - 00073728 ____N () C:\Program Files (x86)\3DataManager\WtgDriverInstall.dll
2013-09-26 09:18 - 2012-07-13 14:21 - 00745472 ____N () C:\Program Files (x86)\3DataManager\WtgCore.dll
2013-09-26 09:18 - 2012-07-13 14:20 - 00110592 ____N () C:\Program Files (x86)\3DataManager\WtgDatabase.dll
2013-09-26 09:18 - 2012-07-13 14:20 - 00208896 ____N () C:\Program Files (x86)\3DataManager\WtgDetection.dll
2013-09-26 09:18 - 2012-07-13 14:20 - 00086016 ____N () C:\Program Files (x86)\3DataManager\WtgDialup.dll
2013-09-26 09:18 - 2012-07-13 14:20 - 00098304 ____N () C:\Program Files (x86)\3DataManager\WtgPorts.dll
2013-09-26 09:18 - 2012-07-13 14:19 - 00098304 ____N () C:\Program Files (x86)\3DataManager\WtgUtil.dll
2013-09-26 09:18 - 2012-07-13 14:20 - 00139264 ____N () C:\Program Files (x86)\3DataManager\WtgBluetooth.dll
2013-09-26 09:18 - 2012-07-13 14:19 - 00012288 ____N () C:\Program Files (x86)\3DataManager\WTGDebugs.dll
2013-09-26 09:18 - 2011-11-10 09:48 - 01105920 ____N () C:\Program Files (x86)\3DataManager\NDISAPI.dll
2013-09-26 09:19 - 2011-06-09 10:44 - 00602112 ____N () C:\Program Files (x86)\3DataManager\WTGXMLUtil.dll
2013-09-26 09:18 - 2012-07-13 14:20 - 00274432 ____N () C:\Program Files (x86)\3DataManager\WTGSMSPCClient.Dll
2013-09-26 09:18 - 2012-07-13 14:21 - 00012800 ____N () C:\Program Files (x86)\3DataManager\WTGDriverInstallX.Dll
2013-09-26 09:18 - 2012-06-12 10:02 - 00249856 ____N () C:\Program Files (x86)\3DataManager\WtgMobileBroadband7.dll
2015-04-04 14:55 - 2015-06-08 21:23 - 00153712 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-04 14:55 - 2015-06-08 21:23 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2422082488-33307941-859794934-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img8.jpg
DNS Servers: 213.94.78.16 - 213.94.78.17
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SaferSurf Tray"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\StartupApproved\Run: => "iMesh"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{43B91403-4632-40CE-B2E0-4B153C50B59A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EC5FA963-0DDE-4CF8-8848-0334902805B4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [UDP Query User{70784348-A80B-434C-818A-ACB9E460DD93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{83893365-AAFB-4F4E-8893-D33E9367C725}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{937F8D4B-DA1F-4B32-A386-CB433FB07ABB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F873DA5C-D77D-4729-99A3-8A9B353B9CD5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87086A43-1DEE-46F3-8D71-B57884A97A61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D4A39ACA-F147-4674-ADD8-40E3625667C9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{928AE05C-65F3-474B-9850-F92563006BDE}] => (Allow) C:\Users\Alexandra\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{EE45D7EA-FEFC-4F45-AE39-B21EA50040D1}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{525A74F7-2291-458D-84F6-AC7F612072A8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C841C1C6-3D67-4199-94EA-C2AFFA1C59E5}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C337F121-6331-44E4-B154-F923E1C4DFC1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F96C6669-290F-4370-B3E8-26FFBFDAEF7D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{4D5BF7EF-EEF6-4910-8DFD-FB1E1307BBC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A483BAE6-6F91-4FD6-9EF3-14A69F5D08FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{CBE20616-B267-4F02-8B71-827F85C5C957}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0E36A7E9-1D0A-4D55-BFD4-C21EEDE1FD62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{1AFE496F-2A21-46D5-A3C2-01FD001E8665}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{715171B6-D864-4B74-9749-85BF3052A34A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8FA09228-E7B1-42FF-8F29-31D2D8744AEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DF5773C0-A2F2-4C0A-A01E-7F27CA58377E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{1B8A3DD5-FA4B-42EC-A0D8-0BFA9398A0EA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{C8CDF691-BAC5-4A27-B9BB-6BF5DA16FF35}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F15C6FBF-FBD7-49DF-9A26-E9EB431E69E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6FE39E42-A9DE-41A6-9C11-67C8545F7445}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{560CFA07-1F50-4FC3-B7B5-8D342EF9C556}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{0A8DFF77-6F90-428B-94F1-0AD6CB03E64E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{939E0F63-0DCD-417A-B271-8A32740EE73C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{51B1AE16-8E82-48D9-A12B-458A23A66B46}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2FCFAA31-5F2E-4EE9-97F6-10EDF33A2D2E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DD411DF8-5638-4E1B-955B-A143E18D1E75}] => (Allow) LPort=1900
FirewallRules: [{E5927AC1-9F11-402F-8D8D-15DC242D4743}] => (Allow) LPort=2869
FirewallRules: [{C18D1F24-3C12-467C-BC95-1FF7786E3A43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{69CEFCF5-250A-4CD8-89A3-FC635E843F0D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F86EB3E8-CEAA-41E1-9FB1-B1986FD52190}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/23/2015 11:45:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/22/2015 05:44:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/22/2015 12:12:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/21/2015 06:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: thunderbird.exe, Version: 38.0.1.5637, Zeitstempel: 0x5575e6c2
Name des fehlerhaften Moduls: xul.dll, Version: 38.0.1.5637, Zeitstempel: 0x5575e79d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008749b
ID des fehlerhaften Prozesses: 0xe44
Startzeit der fehlerhaften Anwendung: 0xthunderbird.exe0
Pfad der fehlerhaften Anwendung: thunderbird.exe1
Pfad des fehlerhaften Moduls: thunderbird.exe2
Berichtskennung: thunderbird.exe3
Vollständiger Name des fehlerhaften Pakets: thunderbird.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: thunderbird.exe5
Error: (07/21/2015 02:59:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/20/2015 12:36:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/19/2015 03:29:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/18/2015 07:22:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/18/2015 12:58:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/17/2015 05:02:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06)
System errors:
=============
Error: (07/23/2015 04:43:56 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Für den Miniport "HUAWEI Mobile Connect - Network Adapter, {911A0AC8-7281-402E-B978-1C522B971556}" ist das Ereignis "74" aufgetreten.
Error: (07/23/2015 11:20:59 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Für den Miniport "HUAWEI Mobile Connect - Network Adapter, {911A0AC8-7281-402E-B978-1C522B971556}" ist das Ereignis "74" aufgetreten.
Error: (07/22/2015 06:17:00 PM) (Source: DCOM) (EventID: 10010) (User: Liabsladele)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/22/2015 06:16:30 PM) (Source: DCOM) (EventID: 10010) (User: Liabsladele)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/22/2015 05:19:44 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Für den Miniport "HUAWEI Mobile Connect - Network Adapter, {911A0AC8-7281-402E-B978-1C522B971556}" ist das Ereignis "74" aufgetreten.
Error: (07/22/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (07/22/2015 11:32:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde nicht richtig gestartet.
Error: (07/22/2015 11:29:40 AM) (Source: DCOM) (EventID: 10010) (User: Liabsladele)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
Error: (07/22/2015 11:29:10 AM) (Source: DCOM) (EventID: 10010) (User: Liabsladele)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
Error: (07/22/2015 11:27:42 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.
Microsoft Office:
=========================
Error: (07/23/2015 11:45:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/22/2015 05:44:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/22/2015 12:12:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/21/2015 06:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: thunderbird.exe38.0.1.56375575e6c2xul.dll38.0.1.56375575e79dc00000050008749be4401d0c3c966f13de8C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeC:\Program Files (x86)\Mozilla Thunderbird\xul.dllfe33257e-2fc7-11e5-800d-6036dd23ec53
Error: (07/21/2015 02:59:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/20/2015 12:36:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/19/2015 03:29:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/18/2015 07:22:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/18/2015 12:58:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/17/2015 05:02:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8070.57 MB
Available physical RAM: 6132.48 MB
Total Virtual: 9350.57 MB
Available Virtual: 7187.09 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.36 GB) (Free:806.15 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:40.8 GB) NTFS
Drive e: (3DataManager) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 462A80D0)
Partition: GPT Partition Type.
==================== End of log ============================
--- --- --- Code:
ATTFilter Additional FRST Logfile: |
|
23.07.2015, 17:25
| #8 |
| | Fenster, Express Zip Demo FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Alexandra (administrator) on LIABSLADELE on 23-07-2015 16:52:44
Running from C:\Users\Alexandra\Downloads
Loaded Profiles: UpdatusUser & Alexandra (Available Profiles: UpdatusUser & Alexandra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\3DataManager\WTGService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(WebToGo Mobile Internet GmbH) C:\Program Files (x86)\3DataManager\3DataManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell] explorer.exe,explorer.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2422082488-33307941-859794934-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013-09-26]
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\3DataManager\3DataManager_Launcher.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2422082488-33307941-859794934-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2422082488-33307941-859794934-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-01-06] (Microsoft Corporation)
BHO: No Name -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-06] (Microsoft Corporation)
BHO-x32: No Name -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{911A0AC8-7281-402E-B978-1C522B971556}: [NameServer] 213.94.78.16 213.94.78.17
Tcpip\..\Interfaces\{D93110B3-007B-4A4A-8BAC-33DF59D2732D}: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\23cb1dac-5674-4d52-91b4-035ade58fc2f.xml [2014-02-12]
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\google-images.xml [2015-02-08]
FF SearchPlugin: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\searchplugins\google-maps.xml [2015-02-08]
FF Extension: CHIP Best Deal - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\8yi0niup.default\Extensions\ciuvo-extension@chip.de.xpi [2015-03-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]
FF HKU\S-1-5-21-2422082488-33307941-859794934-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-17]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-09] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\3DataManager\WTGService.exe [343024 2012-07-05] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [229376 2013-09-26] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-11-14] (ITE )
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-09] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 16:52 - 2015-07-23 16:53 - 00016697 _____ C:\Users\Alexandra\Downloads\FRST.txt
2015-07-22 17:43 - 2015-07-22 17:43 - 01198368 _____ C:\Users\Alexandra\Downloads\TDSSKiller - CHIP-Installer.exe
2015-07-22 17:37 - 2015-07-22 17:38 - 00033336 _____ C:\Users\Alexandra\Downloads\Addition.txt
2015-07-22 17:36 - 2015-07-23 16:52 - 00000000 ____D C:\FRST
2015-07-22 17:36 - 2015-07-22 17:38 - 00041543 _____ C:\Users\Alexandra\Desktop\FRST.txt
2015-07-22 17:35 - 2015-07-22 17:35 - 02135552 _____ (Farbar) C:\Users\Alexandra\Downloads\FRST64.exe
2015-07-20 12:28 - 2015-07-20 12:28 - 00000795 _____ C:\WINDOWS\setupact.log
2015-07-20 12:28 - 2015-07-20 12:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-19 15:28 - 2015-07-23 16:45 - 01528958 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 14:44 - 2015-07-18 14:44 - 00000000 ___RD C:\Users\Alexandra\Documents\Notes
2015-07-18 14:32 - 2015-07-18 14:32 - 00001526 _____ C:\Users\Alexandra\Desktop\AdwCleaner[R3].txt
2015-07-18 14:28 - 2015-07-18 14:28 - 00030924 _____ C:\Users\Alexandra\Desktop\Log - Malware Protector 2.xml
2015-07-18 14:10 - 2015-07-22 11:30 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2015-07-18 14:10 - 2015-07-18 14:10 - 04798152 _____ (WinZip International LLC ) C:\Users\Alexandra\Downloads\wzmp_10(1).exe
2015-07-18 14:10 - 2015-07-18 14:10 - 00001201 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Nico Mak Computing
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-07-18 14:10 - 2015-07-18 14:10 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2015-07-18 14:10 - 2013-03-15 17:10 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2015-07-18 13:25 - 2015-07-18 13:25 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(3).exe
2015-07-18 13:17 - 2015-07-18 13:17 - 00030926 _____ C:\Users\Alexandra\Desktop\log -Malware Protector.xml
2015-07-18 13:00 - 2015-07-18 14:10 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-07-18 13:00 - 2015-07-18 13:00 - 04798152 _____ (WinZip International LLC ) C:\Users\Alexandra\Downloads\wzmp_10.exe
2015-07-17 17:13 - 2015-07-17 17:13 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(2).exe
2015-07-17 17:12 - 2015-07-17 17:12 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208(1).exe
2015-07-17 16:02 - 2015-07-18 14:31 - 00000000 ____D C:\AdwCleaner
2015-07-17 16:01 - 2015-07-17 16:01 - 02248704 _____ C:\Users\Alexandra\Downloads\AdwCleaner_4.208.exe
2015-07-17 15:15 - 2015-07-17 15:15 - 01187744 _____ (Uniblue Systems Limited ) C:\Users\Alexandra\Downloads\pcmechanicpm_7880780_.exe
2015-07-17 15:14 - 2015-07-23 11:24 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{74F4F432-1504-488A-8F0C-3AF8193DA34C}
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieUserList
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieSiteList
2015-07-17 15:14 - 2015-07-17 15:14 - 00000000 __SHD C:\Users\Alexandra\AppData\Local\EmieBrowserModeList
2015-07-17 15:10 - 2015-07-17 15:11 - 01198368 _____ C:\Users\Alexandra\Downloads\Trojan Remover - CHIP-Installer.exe
2015-07-14 18:42 - 2015-07-14 18:49 - 01187008 _____ (Adobe Systems Incorporated) C:\Users\Alexandra\Downloads\flashplayer18_ga_install.exe
2015-07-10 10:44 - 2015-07-14 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 16:57 - 2015-06-25 16:57 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-23 20:14 - 2015-07-11 11:13 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-23 20:14 - 2015-06-23 20:14 - 00000000 __SHD C:\Recovery
2015-06-23 20:13 - 2015-06-23 20:13 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files\MSBuild
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-23 20:10 - 2015-06-23 20:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-23 20:09 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-06-23 20:09 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 20:09 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-06-23 20:08 - 2015-06-23 20:08 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-23 20:08 - 2015-06-23 20:08 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-23 20:03 - 2015-06-23 20:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-06-23 20:02 - 2015-06-23 20:02 - 00001450 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-23 20:01 - 2015-06-23 20:01 - 00000020 ___SH C:\Users\Alexandra\ntuser.ini
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Vorlagen
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2015-06-23 19:56 - 2015-06-23 19:56 - 00000000 _SHDL C:\Dokumente und Einstellungen
2015-06-23 19:55 - 2015-06-23 19:55 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-06-23 19:44 - 2015-06-23 19:44 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-06-23 19:35 - 2015-06-23 19:35 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-23 19:30 - 2015-06-23 19:30 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-06-23 19:29 - 2015-06-23 19:45 - 00000000 ____D C:\Users\Alexandra\SkyDrive
2015-06-23 19:28 - 2015-06-23 20:01 - 00000000 ____D C:\Users\Alexandra
2015-06-23 19:28 - 2015-06-23 19:56 - 00036198 _____ C:\WINDOWS\diagwrn.xml
2015-06-23 19:28 - 2015-06-23 19:56 - 00036198 _____ C:\WINDOWS\diagerr.xml
2015-06-23 19:28 - 2015-06-23 19:29 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-23 19:28 - 2015-06-23 19:29 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Vorlagen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Startmenü
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Netzwerkumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Lokale Einstellungen
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Eigene Dateien
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Druckumgebung
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Documents\Eigene Musik
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Documents\Eigene Bilder
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Local\Verlauf
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\AppData\Local\Anwendungsdaten
2015-06-23 19:28 - 2015-06-23 19:28 - 00000000 _SHDL C:\Users\Alexandra\Anwendungsdaten
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-23 19:28 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-23 19:28 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-23 19:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-23 19:20 - 2015-06-23 19:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-23 19:20 - 2015-06-23 19:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2015-06-23 19:19 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files\Intel
2015-06-23 19:19 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-06-23 19:19 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-06-23 19:18 - 2015-07-22 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 19:18 - 2015-06-28 19:27 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-06-23 19:18 - 2015-06-28 19:27 - 00000000 ____D C:\WINDOWS\system32\NV
2015-06-23 19:18 - 2015-06-23 19:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 19:18 - 2015-06-23 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-06-23 19:18 - 2015-06-23 19:18 - 00000000 ____D C:\Program Files\Realtek
2015-06-23 19:18 - 2013-10-23 10:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 03426956 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-23 19:18 - 2013-10-23 10:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-23 19:18 - 2013-10-23 10:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-06-23 19:18 - 2013-10-23 10:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-23 19:17 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-23 19:17 - 2015-06-23 19:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 16:45 - 2013-09-26 09:20 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\3DataManager
2015-07-23 16:44 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-23 12:23 - 2014-01-19 17:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-22 11:59 - 2013-09-01 23:23 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Packages
2015-07-22 11:28 - 2014-02-06 17:22 - 00001020 _____ C:\WINDOWS\Tasks\Installer for avg_safeguard.job
2015-07-22 11:27 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-21 14:18 - 2015-05-09 11:35 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-20 12:30 - 2014-11-21 05:35 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-20 12:30 - 2014-11-21 04:45 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-20 12:30 - 2014-11-21 04:45 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-18 20:04 - 2013-09-01 23:30 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2422082488-33307941-859794934-1002
2015-07-18 19:33 - 2015-03-10 20:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-07-18 14:00 - 2015-01-26 21:37 - 00000000 ____D C:\ProgramData\Samsung
2015-07-18 14:00 - 2014-01-06 15:05 - 00000000 ____D C:\Users\Alexandra\AppData\Roaming\Samsung
2015-07-18 13:43 - 2015-04-05 21:16 - 00000000 ____D C:\Users\Alexandra\Documents\Benutzerdefinierte Office-Vorlagen
2015-07-18 13:42 - 2014-02-14 19:56 - 00000000 ____D C:\Users\Alexandra\Documents\Einkommenstuererklärung
2015-07-17 17:03 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-17 15:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-14 18:59 - 2014-02-14 17:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 18:56 - 2014-06-25 12:06 - 00000000 ____D C:\Users\Alexandra\AppData\Local\Adobe
2015-07-14 18:53 - 2014-01-19 17:21 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:35 - 2013-09-03 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-27 12:29 - 2015-05-09 11:35 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-25 16:58 - 2012-07-26 07:26 - 00000127 _____ C:\WINDOWS\win.ini
2015-06-24 16:45 - 2015-05-20 20:14 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-06-23 20:16 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-23 20:13 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-23 20:01 - 2015-06-11 11:40 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-23 19:58 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-23 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-23 19:56 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows NT
2015-06-23 19:56 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-06-23 19:49 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-06-23 19:49 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-23 19:45 - 2012-11-14 10:31 - 01804472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-06-23 19:38 - 2013-08-22 16:44 - 00382208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-23 19:37 - 2015-05-25 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-23 19:37 - 2015-05-21 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-23 19:37 - 2015-05-11 10:20 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-06-23 19:37 - 2015-05-11 10:20 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-06-23 19:37 - 2015-02-18 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2015-06-23 19:37 - 2015-02-02 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-23 19:37 - 2014-04-20 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-23 19:37 - 2014-02-26 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Switch
2015-06-23 19:37 - 2014-02-17 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-23 19:37 - 2013-09-26 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DataManager
2015-06-23 19:37 - 2013-09-15 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-23 19:37 - 2013-09-15 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-23 19:37 - 2013-09-03 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-23 19:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-06-23 19:37 - 2013-08-22 15:25 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-23 19:37 - 2012-11-14 10:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\sl
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\nl
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\it
2015-06-23 19:37 - 2012-11-14 09:27 - 00000000 ____D C:\WINDOWS\da
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\hu
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\fr
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\es
2015-06-23 19:37 - 2012-11-14 09:26 - 00000000 ____D C:\WINDOWS\de
2015-06-23 19:37 - 2012-07-26 11:43 - 00000000 ____D C:\WINDOWS\en-GB
2015-06-23 19:35 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-06-23 19:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-06-23 19:34 - 2013-09-03 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-06-23 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-06-23 19:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-06-23 19:34 - 2012-11-14 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-06-23 19:33 - 2015-01-26 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-06-23 19:33 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-06-23 19:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-23 19:33 - 2013-08-22 16:45 - 00000000 ____D C:\WINDOWS\Setup
2015-06-23 19:33 - 2012-11-14 07:04 - 00000000 ____D C:\ProgramData\PRICache
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-23 19:32 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-23 19:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
==================== Files in the root of some directories =======
2014-07-27 15:57 - 2014-07-27 15:58 - 1122704 _____ () C:\Users\Alexandra\AppData\Roaming\27072014.scr
2012-11-14 10:19 - 2012-11-14 10:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-03 15:21 - 2014-01-28 13:40 - 0001458 _____ () C:\ProgramData\hpzinstall.log
2013-11-20 12:34 - 2013-11-20 12:34 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-10-03 15:48 - 2013-10-03 15:48 - 0000032 _____ () C:\ProgramData\Temp.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-22 18:16
==================== End of log ============================
Code:
ATTFilter Lieber Matthias,
danke für deine Hilfe als auch für deine Geduld.
Xandi
|
|
23.07.2015, 20:07
| #9 |
| /// TB-Ausbilder | Fenster, Express Zip Demo Servus, Was redest du eigentlich die ganze Zeit von "Malware Protector"? Könntest du endlich mal von diesem Mist die Finger lassen und stattdessen AdwCleaner wie beschrieben ausführen? Wann kapierst du endlich, dass "Malware Protector" die Schadsoftware ist? Ich warte immer noch auf die Logdatei von AdwCleaner, bei dem alle Funde entfernt wurden... |
|
24.07.2015, 17:54
| #10 |
| | Fenster, Express Zip Demo AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 24/07/2015 um 18:30:33
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Alexandra - LIABSLADELE
# Gestarted von : C:\Users\Alexandra\Downloads\adwcleaner_4.208(4).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
Ordner Gelöscht : C:\Program Files (x86)\WinZip Malware Protector
Datei Gelöscht : C:\WINDOWS\System32\wsusnative64.exe
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v39.0 (x86 de)
*************************
AdwCleaner[R0].txt - [12230 Bytes] - [17/07/2015 16:02:59]
AdwCleaner[R1].txt - [900 Bytes] - [17/07/2015 17:13:44]
AdwCleaner[R2].txt - [1408 Bytes] - [18/07/2015 13:25:25]
AdwCleaner[R3].txt - [1526 Bytes] - [18/07/2015 14:30:32]
AdwCleaner[R4].txt - [1550 Bytes] - [24/07/2015 18:28:20]
AdwCleaner[S0].txt - [9597 Bytes] - [17/07/2015 17:02:02]
AdwCleaner[S1].txt - [1467 Bytes] - [18/07/2015 13:33:16]
AdwCleaner[S2].txt - [1424 Bytes] - [24/07/2015 18:30:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1483 Bytes] ##########
[/CODE] Hallo Mathias, ups, jetzt habe ich es verstanden. Darf ich dich fragen, obe du eine Seite kennst mit welcher man ein IP Adresse genauer lokalisieren kann? Oder ob es möglich ist einem PC den Zugang zu meinen zu verweigern? Lg Xandi |
|
25.07.2015, 10:36
| #11 |
| /// TB-Ausbilder | Fenster, Express Zip Demo Servus, mit genauer lokalisieren meinst du da sowas wie utrace ??? Dort kannst du IP-Adressen eingeben. Klar kannst du den Zugang zu deinem Rechner verweigern, indem du einfach nicht ins Internet gehst...  Grundsätzlich benötigen viele Programme und das Betriebssystem Zugang zum Internet, dabei werden die verschwiedensten Daten mit den Daten auf den Servern der Hersteller abgeglichen (z. B. für Softwareupdates). Hast du immer noch Probleme mit Express Zip? Kannst du wieder auf die Systemsteuerung zugreifen? Schritt 1
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
25.07.2015, 17:25
| #12 |
| | Fenster, Express Zip Demo Hallo Matthias, danke, für deine Antwort. Ich kann wieder in die Systemsteuerung und der Rechner ist insgesamt wieder schneller. Wie es scheint, war deine Mühe nicht umsonst. Weisst du, es gibt da jemanden, der mich übers Netz stalkt. In dem er auf meine Angebote im Willhaben, Anfragen schickt, und sich so über mich lustig macht. Da die seite (utrace - IP-Adressen und Domainnamen lokalisieren) und andere keine genauere lokalisation zulassen (denn ich weiss wo er wohnt) kann ich nie sagen, wer mir schreibt. Willhaben meint, sie wollten keinen PC blockieren. Somit bin ich dem ausgeliefert, denn ich habe sehr viele Produkte auf Willhaben. Oder hast du einen Lösungsvorschlag? Lg Xandi |
|
26.07.2015, 08:28
| #13 | |
| /// TB-Ausbilder | Fenster, Express Zip Demo Servus, Zitat:
Link1 Link2 Grundsätzlich würde ich in so einem Fall mich langsam aber stetig von Willhaben zurückziehen. Ich würde mich freuen, wenn du die von mir genannten Schritte noch ausführst, damit wir sicher sein können, dass dein Rechner komplett sauber ist. |
|
26.07.2015, 16:34
| #14 |
| | Fenster, Express Zip Demo Hallo Matthias, windows rät mir ab, diese exe zu installieren, versuchte es von verschiedene seiten. Was kann da sein? Lg Xandi |
|
27.07.2015, 12:56
| #15 | |
| /// TB-Ausbilder | Fenster, Express Zip DemoZitat:
Schon wieder ein wenig verpeilt?   |
|
Linear-Darstellung
