Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Internet fasst zum Stillstand verlangsamt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.04.2015, 07:04   #1
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Ein Hallo an alle,
ich bin mir nicht sicher, ob ich mir irgendetwas eingefangen habe.
Ich will aber ein paar Auffälligkeiten der letzten Zeit schildern.
Mit dem Download Accelarator Plus (DAP) habe ich wohl etwas Auffälliges installiert.
Malwarebytes hat mich immer wieder auf Tuvaro aufmerksam gemacht. Die Startseite im Firefox sprang immer wieder zurück auf Speedbit + auch Tuvaro tauchte immer wieder auf - egal wie oft ich ihn mit Malwarebytes + AdwCleaner beseitigt habe. Was ist das Problem mit Tuvaro - spioniert er Daten aus?
Mit FreeFileSync habe ich mir gestern noch was installiert - irgendwas mit Candy. Ich hoffe, es ist weg, nachdem ich FreeFileSync gleich wieder deinstalliert habe.
Aber ansonsten lief das System stabil, so dass ich nicht unbedingt beunruhigt war.
Die Probleme fingen an, als ich von Office 2000 auf Office 2007 Professional Plus umgestiegen bin. Eigentlich klappte alles wunderbar. Es wurden sogar ohne Probleme meine E-Mails + Kontakte übernommen, womit ich gar nicht gerechnet hatte.
Ich wurde aufgefordert, unglaublich viele Updates zu installieren - ich glaube 50 Stück oder so. Dabei wurden mir auch ein paar neue Programme untergemogelt. Ich war aber so naiv + bin davon ausgegangen, dass alles was mit Windows Update zu tun hat, auch in Ordnung sein muss.
So hatte ich dann auf einmal auch Skype auf dem Rechner, Microsoft Office File Validation + noch ein drittes Programm, von dem mir der Name nicht mehr einfällt. Aber selbst danach funktionierte noch alles, bis ich am nächsten Tag meinen Rechner neu gestartet habe.
Dann fingen die Probleme an: E-Mails mit HTML-Inhalt schafften es nicht mehr die Bilder anzuzeigen. Es kam irgendeine Meldung, dass die Daten nicht geladen werden können oder so. Leider weiß ich sie nicht mehr.
Im Internet war es genauso schlimm. Es dauerte länger als mit einem 56k-Modem die Seiten aufzubauen. Es ging eigentlich gar nicht.
Daraufhin habe ich File Validation + das andere Programm deinstalliert. Das brachte aber nicht wirklich was. Dann habe ich den Rechner auf ein paar Tage zurück wiederhergestellt + anschließend nicht alle Windows Updates installiert. Komischerweise wollte er aber auch nur noch 30 installieren + nicht so 50 wie vorher.
Danach läuft Outlook wieder gut, aber das Internet geht immer noch nicht. In meinem Admin-Konto habe ich keine Probleme - Internet läuft einwandfrei.
In mein Benutzerkonto wollte ich nicht mehr, aber wegen meinem Sohn musste ich noch eine E-Mail abrufen. Dabei habe ich gesehen, dass die Verknüpfung vom Avira EU Cleaner auf dem Desktop auf einmal als Zeichen dargestellt wird, das Windows nicht mehr erkennt.
Mit GMER hatte ich Probleme: Es kam immer wieder die Meldung, dass kein Datenträger im Laufwerk liegt + dass ich einen einlegen soll. Ich benutze einen USB-Stick als Arbeitsspeichererweiterung. Den habe ich dann entfernt + auch einfach irgendeine CD eingelegt, aber GMER lief trotzdem nicht weiter. :-(
Ich hoffe sehr, dass ihr mir helfen könnt.
Wenn ich jetzt ein neues Benutzerkonto auf + das alte schließen würde, könnte ich damit Viren + andere Probleme abschütteln?
LG von Daniela

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:22 on 04/04/2015 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Admin (administrator) on DANIELA-PC on 04-04-2015 02:25:21
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Daniela & Admin)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\MountPoints2: {ec6b676d-bd97-11e3-acb5-806e6f6e6963} - E:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: No Name -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\searchplugins\search_engine.xml [2014-07-14]
FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\amazon-icon@giga.de [2014-06-07]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-08]
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Admin\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1308736 2012-03-02] (Ralink Technology Corp.)
R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-14] (NXP Semiconductors GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 02:25 - 2015-04-04 02:25 - 00014045 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-04-04 02:25 - 2015-04-04 02:25 - 00000000 ____D () C:\FRST
2015-04-04 02:24 - 2015-04-04 02:24 - 01135104 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-04-04 02:22 - 2015-04-04 02:23 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2015-04-04 02:22 - 2015-04-04 02:22 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-04-04 02:21 - 2015-04-04 02:21 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2015-04-04 02:07 - 2015-04-04 02:07 - 00109664 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-04 02:05 - 2015-04-04 02:05 - 00411880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 02:05 - 2015-04-04 02:05 - 00000056 _____ () C:\Windows\setupact.log
2015-04-04 02:05 - 2015-04-04 02:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 02:04 - 2015-04-04 02:04 - 00003608 ____N () C:\bootsqm.dat
2015-04-03 14:16 - 2015-03-14 03:58 - 02171392 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.112.exe
2015-04-03 14:16 - 2014-04-07 19:23 - 27560794 _____ () C:\Users\Daniela\Downloads\ar11lite_11.0.0.379_deu Vorsicht.exe
2015-04-03 14:16 - 2013-10-16 18:55 - 29040552 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u45-windows-i586.exe
2015-04-03 14:16 - 2013-09-27 01:26 - 29036456 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u40-windows-i586.exe
2015-04-03 14:16 - 2013-09-15 23:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Daniela\Downloads\mbam-clean-1.60.2.0003.exe
2015-04-03 14:16 - 2013-09-05 01:04 - 31714728 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u25-windows-i586.exe
2015-04-03 14:16 - 2013-07-10 18:13 - 03866624 _____ (Microsoft Corporation) C:\Users\Daniela\Downloads\FreePDF4.08.EXE
2015-04-03 14:16 - 2013-01-18 14:23 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (2).exe
2015-04-03 14:16 - 2012-12-08 03:06 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Daniela\Downloads\jre-6u37-windows-i586.exe
2015-04-03 14:16 - 2012-10-03 03:57 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (1).exe
2015-04-03 13:55 - 2015-04-03 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DirSync
2015-04-01 04:47 - 2015-04-04 02:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 04:47 - 2015-04-01 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-01 04:47 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 04:47 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 04:47 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 04:00 - 2015-04-01 04:00 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2015-04-01 03:29 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Daniela\Downloads\AdwCleaner 4.200.exe
2015-03-31 09:33 - 2015-03-31 09:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-29 11:57 - 2015-03-31 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-03-29 11:57 - 2015-03-29 11:57 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-29 11:09 - 2015-03-29 11:09 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Microsoft Help
2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk
2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk
2015-03-29 10:57 - 2015-03-29 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-29 10:57 - 2009-02-26 19:18 - 00029552 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2015-03-29 10:54 - 2015-03-29 11:51 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-03-29 10:48 - 2015-03-29 11:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\IDE
2015-03-29 10:47 - 2015-03-31 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-03-29 10:46 - 2015-03-29 10:46 - 00000000 __RHD () C:\MSOCache
2015-03-29 10:41 - 2015-03-29 10:35 - 1122369536 _____ () C:\Users\Daniela\outlook.pst
2015-03-29 05:15 - 2015-03-29 10:43 - 00000000 ____D () C:\Users\Daniela\Downloads\Microsoft Office 2007 Professional Plus
2015-03-29 03:26 - 2015-03-29 03:26 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Sun
2015-03-28 07:35 - 2015-03-31 09:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-27 04:05 - 2015-03-27 04:15 - 492980834 _____ () C:\Users\Daniela\Downloads\MSO2007P.exe
2015-03-25 06:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-25 06:02 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\ProductData
2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2015-03-25 05:37 - 2015-03-25 05:37 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IObit
2015-03-25 05:27 - 2015-03-25 05:28 - 40909304 _____ () C:\Users\Daniela\Downloads\Firefox Setup 36.0.4.exe
2015-03-25 05:23 - 2015-03-25 05:24 - 37064104 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-8u40-windows-i586.exe
2015-03-25 04:12 - 2015-04-03 15:25 - 58048512 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 34934784 _____ () C:\Windows\system32\config\components.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-03-25 03:03 - 2015-03-25 03:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-03-25 03:03 - 2015-03-25 03:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ___RD () C:\Program Files\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-03-25 02:15 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData
2015-03-25 02:14 - 2015-04-01 02:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\IObit
2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\IObit
2015-03-25 02:14 - 2015-03-25 02:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2015-03-25 02:14 - 2015-03-25 02:14 - 00000000 ____D () C:\Users\Admin\AppData\IObit
2015-03-25 01:58 - 2015-03-11 05:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 01:58 - 2015-03-11 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 01:58 - 2015-03-11 05:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 05:01 - 2015-03-24 05:01 - 00000000 ____D () C:\Users\Daniela\Downloads\MSO2007P
2015-03-24 04:50 - 2015-03-24 04:54 - 498949156 _____ () C:\Users\Daniela\Downloads\MSO2007P.zip
2015-03-24 03:01 - 2015-03-24 03:01 - 00000000 ____D () C:\ProgramData\ATI
2015-03-24 01:53 - 2015-03-24 01:53 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2015-03-24 01:37 - 2015-03-24 02:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-03-23 22:21 - 2015-03-23 22:21 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA Corporation
2015-03-23 05:24 - 2015-03-23 05:24 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA
2015-03-23 05:22 - 2015-03-24 04:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 05:20 - 2015-03-24 02:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-19 06:58 - 2015-03-19 06:58 - 00002019 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2015-03-19 05:55 - 2015-04-01 04:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-19 05:55 - 2015-03-19 05:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 05:52 - 2015-03-19 05:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\Malwarebytes 2.0.4.exe
2015-03-19 04:21 - 2015-03-19 04:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games
2015-03-19 00:56 - 2015-03-19 00:56 - 00000000 ____D () C:\Users\Daniela\Documents\onetouch Manager
2015-03-18 23:49 - 2015-03-19 04:45 - 00000000 ____D () C:\Users\Daniela\Documents\MyPhoneExplorer
2015-03-18 23:25 - 2015-03-19 08:59 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\MyPhoneExplorer
2015-03-18 23:00 - 2015-03-18 23:00 - 07332272 _____ () C:\Users\Daniela\Downloads\MyPhoneExplorer.exe
2015-03-18 22:28 - 2015-03-18 22:28 - 00000000 ____D () C:\Users\Daniela\AppData\Local\{042FA28C-4DB3-4B64-94C0-A384193D060C}
2015-03-16 02:59 - 2015-03-16 04:08 - 00110080 _____ () C:\Users\Daniela\Documents\Lampenwelt Lieferantenliste Ersatzgläser 1.5.xls
2015-03-10 22:29 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 22:29 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 22:29 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 22:29 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 22:29 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 22:28 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:28 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:28 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:28 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:28 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:28 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:28 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:28 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:28 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:28 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:28 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:28 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:28 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:28 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:28 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:28 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:28 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:28 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:28 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:28 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:28 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:28 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:28 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:28 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:28 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:28 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:28 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:28 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:28 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:28 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 22:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 22:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:28 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 22:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 22:28 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:28 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 22:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:28 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:28 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:28 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:28 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:27 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:27 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:27 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:27 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:27 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:26 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:26 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:26 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-09 00:09 - 2015-03-09 00:09 - 00107301 _____ () C:\Users\Admin\Desktop\DANIELA-PC.html
2015-03-08 03:50 - 2015-03-08 03:50 - 01710888 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Daniela\Downloads\GPU+Z.exe
2015-03-08 03:44 - 2015-03-08 03:44 - 01582736 _____ ( ) C:\Users\Daniela\Downloads\CPU+Z.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 02:22 - 2014-04-07 01:31 - 00000000 ____D () C:\Users\Admin
2015-04-04 02:13 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 02:13 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 02:10 - 2014-04-06 07:33 - 02025148 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 02:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 00:46 - 2014-05-14 19:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 15:19 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Bewerbungen, Schriftverkehr
2015-04-03 15:09 - 2014-04-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-03 14:16 - 2014-05-26 00:59 - 00000000 ____D () C:\Users\Daniela\Downloads\Alcatel
2015-04-03 13:36 - 2014-04-06 07:44 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 12:41 - 2015-01-29 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-03 12:41 - 2014-04-06 13:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-02 21:37 - 2014-04-08 01:39 - 00000000 ____D () C:\Users\Daniela\Scans
2015-04-02 01:27 - 2014-04-08 01:17 - 00062464 _____ () C:\Users\Daniela\Documents\Finanzen.xls
2015-04-01 22:54 - 2014-04-08 01:17 - 00272384 _____ () C:\Users\Daniela\Documents\Lampenwelt_Arbeitszeiten.xls
2015-04-01 05:54 - 2015-02-12 04:38 - 00000000 ____D () C:\AdwCleaner
2015-04-01 04:01 - 2015-01-24 04:01 - 00000000 ____D () C:\Program Files\DAP
2015-04-01 04:01 - 2015-01-24 03:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2015-04-01 03:52 - 2015-01-24 04:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-01 03:02 - 2015-01-29 03:52 - 00000000 ____D () C:\Users\Daniela\Downloads\Filme
2015-03-31 09:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-31 09:26 - 2009-07-14 04:04 - 00000534 _____ () C:\Windows\win.ini
2015-03-31 09:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-31 09:04 - 2014-04-06 07:37 - 00000000 ____D () C:\Users\Daniela
2015-03-31 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-30 00:48 - 2014-04-06 07:55 - 00109664 _____ () C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-29 11:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 11:01 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\ShellNew
2015-03-29 10:54 - 2014-04-26 08:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-29 10:54 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-29 10:52 - 2014-04-06 14:00 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2015-03-29 10:51 - 2014-04-26 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2015-03-29 10:07 - 2014-04-08 01:42 - 00000000 ____D () C:\Users\Daniela\Ulk
2015-03-29 04:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-25 05:30 - 2014-04-07 18:43 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-25 05:25 - 2014-07-27 05:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-25 05:25 - 2014-07-27 05:08 - 00000000 ____D () C:\Program Files\Java
2015-03-25 05:18 - 2014-10-15 04:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-03-25 05:18 - 2014-04-06 14:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-25 05:18 - 2014-04-06 14:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-25 04:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-25 04:19 - 2014-04-06 08:30 - 00000000 ____D () C:\Windows\Panther
2015-03-25 03:55 - 2014-06-09 14:39 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 03:06 - 2014-12-09 23:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:06 - 2014-04-23 00:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 02:51 - 2014-11-19 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-03-25 02:16 - 2014-04-07 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-03-25 02:03 - 2014-05-20 03:54 - 00000000 ____D () C:\ProgramData\Nokia
2015-03-25 02:03 - 2014-04-13 07:08 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-03-25 02:03 - 2014-04-13 06:09 - 00000000 ____D () C:\Program Files\Nokia
2015-03-25 01:48 - 2014-06-20 23:59 - 00000000 ____D () C:\Program Files\Allway Sync
2015-03-25 01:47 - 2014-11-19 23:14 - 00000000 ____D () C:\Program Files\Lavalys
2015-03-25 01:47 - 2014-05-02 20:41 - 00000000 ____D () C:\Windows\pss
2015-03-25 01:47 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IrfanView
2015-03-25 01:47 - 2014-04-08 22:47 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2015-03-25 01:47 - 2014-04-08 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-25 01:47 - 2014-04-08 22:42 - 00000000 ____D () C:\Program Files\HP
2015-03-25 01:47 - 2014-04-08 22:40 - 00000000 ____D () C:\ProgramData\HP
2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-25 01:47 - 2014-04-06 16:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 01:47 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-03-25 01:47 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2015-03-25 01:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security
2015-03-25 01:46 - 2014-04-08 22:45 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD APP
2015-03-25 01:43 - 2014-04-06 16:19 - 00000000 ____D () C:\NVIDIA
2015-03-25 01:43 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD AVT
2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI
2015-03-24 03:54 - 2014-04-08 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HP
2015-03-24 03:53 - 2014-04-08 22:41 - 00012575 _____ () C:\ProgramData\hpzinstall.log
2015-03-24 03:49 - 2014-04-12 01:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP
2015-03-24 03:00 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\AMD
2015-03-24 02:28 - 2014-08-19 03:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\NokiaAccount
2015-03-24 00:35 - 2014-10-02 02:13 - 00000000 ____D () C:\Users\Daniela\AppData\Local\FreePDF_XP
2015-03-23 01:46 - 2014-04-13 03:41 - 1108410368 _____ () C:\Users\Daniela\outlook_alt.pst
2015-03-19 04:46 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2015-03-19 04:45 - 2014-04-06 14:54 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-19 04:44 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mobile Action
2015-03-19 02:38 - 2014-04-13 06:11 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\PC Suite
2015-03-18 23:35 - 2014-06-21 01:19 - 00000000 ____D () C:\Users\Daniela\Documents\Nokia
2015-03-18 23:35 - 2014-05-25 22:51 - 00000000 ____D () C:\Users\Daniela\Documents\Android Manager
2015-03-18 22:12 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Eigene Scans
2015-03-10 22:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-08 23:52 - 2014-09-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-03-08 23:52 - 2014-09-14 20:43 - 00000000 ____D () C:\Program Files\CPUID
2015-03-08 04:01 - 2014-04-06 12:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-08 03:49 - 2014-04-06 12:23 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-05 00:03 - 2014-10-07 05:56 - 0128621 _____ () C:\Users\Admin\AppData\Local\ars.cache
2014-08-05 00:04 - 2014-10-07 05:57 - 0367993 _____ () C:\Users\Admin\AppData\Local\census.cache
2014-08-04 18:38 - 2014-08-04 18:38 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2014-04-08 22:41 - 2015-03-24 03:53 - 0012575 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Daniela\Registry.reg


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 02:56

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-04 02:26:36
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design online.TiVi (HKLM\...\{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1) (Version: 1.6.0.0 - concept/design GmbH)
concept/design onlineTV 11 (HKLM\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.0.0.0 - concept/design GmbH)
CoolSoft VirtualMIDISynth 1.9.2 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.2.0 - CoolSoft)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirSync  2.96 (HKLM\...\DirSync) (Version:  - Stephen Kalisch)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP (HKLM\...\{EDA192EA-4DA3-416D-965D-65BFDA0E3715}) (Version: 1.5.3.0 - Governikus KG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version:  - CPUID)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.17.0 - Ralink)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-03-2015 07:34:27 Windows Update
29-03-2015 06:34:04 Installed Microsoft Fix it 50848
29-03-2015 10:45:52 Installed Microsoft Office Professional Plus 2007
29-03-2015 11:46:06 Windows Update
29-03-2015 12:06:20 Windows Update
30-03-2015 01:04:48 Windows Update
30-03-2015 02:29:09 Windows Update
31-03-2015 07:17:04 Microsoft Office File Validation Add-In wird entfernt
31-03-2015 07:37:13 Microsoft Office Live Add-in 1.5 wird entfernt
31-03-2015 08:29:58 Wiederherstellungsvorgang
31-03-2015 09:23:23 Windows Update
31-03-2015 09:38:06 Windows Update
01-04-2015 03:18:51 Installed Microsoft Fix it 50195
03-04-2015 12:22:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3625605D-9736-4E0D-ADED-80AB17549529} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {3A05D166-9113-4EC4-9566-5F56785457AF} - System32\Tasks\ASC8_SkipUac_Admin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {4A95605E-2F72-413F-9F4A-4F9B662C3B70} - System32\Tasks\{5589489F-BCF7-4E4E-A924-E7FCCE636DA8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {653435B1-E8BB-4611-8BBB-E2FE2CBE8B8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {690E5BA0-2B04-4E7B-906A-6CCA9CB3331D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {7FEA1C05-5956-47C1-9720-5580AA7A98CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8734083E-A084-4978-A36C-CA4115FD8883} - System32\Tasks\{085A87EE-090C-40C6-B1AC-A2A6111D4864} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Task: {BDAC862A-E650-4CF1-B04B-EDEB1AB59011} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2CAD89D-9A42-4025-8876-58161729CDCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F815A518-89BD-445C-8A71-0D92281353F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-25 02:16 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-10-02 02:12 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-04-06 16:24 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-03-25 02:16 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-25 02:16 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-06 20:50 - 2012-02-20 13:59 - 01087336 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-25 02:16 - 2014-12-10 10:14 - 01284896 _____ () C:\Program Files\IObit\Advanced SystemCare 8\Scan.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Admin (S-1-5-21-3046395627-4054670192-1170409365-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3046395627-4054670192-1170409365-500 - Administrator - Disabled)
Daniela (S-1-5-21-3046395627-4054670192-1170409365-1000 - Limited - Enabled) => C:\Users\Daniela
Gast (S-1-5-21-3046395627-4054670192-1170409365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046395627-4054670192-1170409365-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 03:10:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1160) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/03/2015 02:07:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (04/03/2015 02:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DirSync.exe, Version: 2.9.6.0, Zeitstempel: 0x512363e2
Name des fehlerhaften Moduls: DirSync.exe, Version: 2.9.6.0, Zeitstempel: 0x512363e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003a888
ID des fehlerhaften Prozesses: 0x1500
Startzeit der fehlerhaften Anwendung: 0xDirSync.exe0
Pfad der fehlerhaften Anwendung: DirSync.exe1
Pfad des fehlerhaften Moduls: DirSync.exe2
Berichtskennung: DirSync.exe3

Error: (04/03/2015 01:29:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (04/02/2015 09:40:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/02/2015 09:40:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/02/2015 01:47:05 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/02/2015 01:47:05 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/01/2015 11:16:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12f0

Startzeit: 01d06cc0e1b5bce8

Endzeit: 35

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (04/01/2015 04:57:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x11c4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (04/03/2015 02:00:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/03/2015 01:55:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/03/2015 01:55:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/02/2015 09:40:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/01/2015 11:35:01 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 11:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 11:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 11:34:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 11:34:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2015 11:34:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 3071.3 MB
Available physical RAM: 1719.71 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4310.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:218.24 GB) (Free:119.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.52 GB) NTFS
Drive i: (KINGSTON) (Removable) (Total:7.44 GB) (Free:3.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End Of Log ============================
         
Hallo,
hier habe ich noch die Log-Datei von AdwCleaner.
Tuvaro bin ich wohl so gut wie losgeworden, denn beim Internet Explorer + im Firefox hat AdwCleaner die ganze Zeit etwas gefunden. Jetzt aber nicht mehr.
LG von Daniela

Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 07:55:29
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Admin - DANIELA-PC
# Gestarted von : C:\Users\Admin\Downloads\AdwCleaner 4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Conduit

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0 (x86 de)


*************************

AdwCleaner[R0].txt - [4682 Bytes] - [12/02/2015 04:39:20]
AdwCleaner[R10].txt - [2683 Bytes] - [01/04/2015 05:52:12]
AdwCleaner[R11].txt - [2079 Bytes] - [04/04/2015 07:53:23]
AdwCleaner[R1].txt - [912 Bytes] - [12/02/2015 04:56:14]
AdwCleaner[R2].txt - [2596 Bytes] - [14/03/2015 04:01:49]
AdwCleaner[R3].txt - [2696 Bytes] - [19/03/2015 05:04:42]
AdwCleaner[R4].txt - [2473 Bytes] - [19/03/2015 05:16:55]
AdwCleaner[R5].txt - [2728 Bytes] - [19/03/2015 05:40:43]
AdwCleaner[R6].txt - [3187 Bytes] - [19/03/2015 21:25:25]
AdwCleaner[R7].txt - [3062 Bytes] - [19/03/2015 21:44:08]
AdwCleaner[R8].txt - [3751 Bytes] - [21/03/2015 04:56:50]
AdwCleaner[R9].txt - [4246 Bytes] - [01/04/2015 03:41:06]
AdwCleaner[S0].txt - [4766 Bytes] - [12/02/2015 04:46:24]
AdwCleaner[S10].txt - [1469 Bytes] - [04/04/2015 07:55:29]
AdwCleaner[S1].txt - [972 Bytes] - [12/02/2015 05:00:33]
AdwCleaner[S2].txt - [2663 Bytes] - [14/03/2015 04:14:13]
AdwCleaner[S3].txt - [2771 Bytes] - [19/03/2015 05:09:41]
AdwCleaner[S4].txt - [2531 Bytes] - [19/03/2015 05:21:32]
AdwCleaner[S5].txt - [2819 Bytes] - [19/03/2015 05:45:12]
AdwCleaner[S6].txt - [3296 Bytes] - [19/03/2015 21:28:42]
AdwCleaner[S7].txt - [3162 Bytes] - [19/03/2015 21:48:22]
AdwCleaner[S8].txt - [7835 Bytes] - [21/03/2015 04:59:32]
AdwCleaner[S9].txt - [2795 Bytes] - [01/04/2015 05:54:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [2059  Bytes] ##########
         

Alt 04.04.2015, 09:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 04.04.2015, 21:37   #3
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
vielen Dank, dass du mir helfen willst.
Beide Programme haben nichts gefunden.
Hier die Log-Dateien.
LG von Dani

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.04.05
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Admin :: DANIELA-PC [administrator]

04.04.2015 22:04:39
mbar-log-2015-04-04 (22-04-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 364268
Time elapsed: 20 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
22:29:20.0199 0x1024  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:29:30.0557 0x1024  ============================================================
22:29:30.0557 0x1024  Current date / time: 2015/04/04 22:29:30.0557
22:29:30.0557 0x1024  SystemInfo:
22:29:30.0557 0x1024  
22:29:30.0557 0x1024  OS Version: 6.1.7601 ServicePack: 1.0
22:29:30.0557 0x1024  Product type: Workstation
22:29:30.0557 0x1024  ComputerName: DANIELA-PC
22:29:30.0557 0x1024  UserName: Admin
22:29:30.0557 0x1024  Windows directory: C:\Windows
22:29:30.0557 0x1024  System windows directory: C:\Windows
22:29:30.0557 0x1024  Processor architecture: Intel x86
22:29:30.0557 0x1024  Number of processors: 2
22:29:30.0557 0x1024  Page size: 0x1000
22:29:30.0557 0x1024  Boot type: Normal boot
22:29:30.0557 0x1024  ============================================================
22:29:33.0193 0x1024  KLMD registered as C:\Windows\system32\drivers\78145453.sys
22:29:33.0895 0x1024  System UUID: {9030DA18-6654-0333-C58E-2ED9B0BBB57B}
22:29:36.0688 0x1024  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:29:36.0766 0x1024  ============================================================
22:29:36.0766 0x1024  \Device\Harddisk0\DR0:
22:29:36.0766 0x1024  MBR partitions:
22:29:36.0766 0x1024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B479000
22:29:36.0781 0x1024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B47983F, BlocksNum 0x1D4AD42
22:29:36.0781 0x1024  ============================================================
22:29:36.0813 0x1024  C: <-> \Device\Harddisk0\DR0\Partition1
22:29:36.0859 0x1024  D: <-> \Device\Harddisk0\DR0\Partition2
22:29:36.0859 0x1024  ============================================================
22:29:36.0859 0x1024  Initialize success
22:29:36.0859 0x1024  ============================================================
22:31:07.0488 0x0a5c  ============================================================
22:31:07.0488 0x0a5c  Scan started
22:31:07.0488 0x0a5c  Mode: Manual; SigCheck; TDLFS; 
22:31:07.0488 0x0a5c  ============================================================
22:31:07.0488 0x0a5c  KSN ping started
22:31:27.0176 0x0a5c  KSN ping finished: true
22:31:28.0470 0x0a5c  ================ Scan system memory ========================
22:31:28.0470 0x0a5c  System memory - ok
22:31:28.0470 0x0a5c  ================ Scan services =============================
22:31:28.0782 0x0a5c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:31:29.0079 0x0a5c  1394ohci - ok
22:31:29.0157 0x0a5c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:31:29.0188 0x0a5c  ACPI - ok
22:31:29.0219 0x0a5c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:31:29.0313 0x0a5c  AcpiPmi - ok
22:31:29.0500 0x0a5c  [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:31:29.0531 0x0a5c  AdobeFlashPlayerUpdateSvc - ok
22:31:29.0672 0x0a5c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:29.0703 0x0a5c  adp94xx - ok
22:31:29.0765 0x0a5c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:31:29.0796 0x0a5c  adpahci - ok
22:31:29.0843 0x0a5c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:31:29.0906 0x0a5c  adpu320 - ok
22:31:30.0077 0x0a5c  [ 2F442BAA7A739EDFB8CBF6BFBE8F5388, 3D32935DFEB0EA026F9824A78A7232C08C47FE13792AC1A212239B8103F98439 ] AdvancedSystemCareService8 C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
22:31:30.0108 0x0a5c  AdvancedSystemCareService8 - ok
22:31:30.0140 0x0a5c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:31:30.0280 0x0a5c  AeLookupSvc - ok
22:31:30.0342 0x0a5c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
22:31:30.0420 0x0a5c  AFD - ok
22:31:30.0452 0x0a5c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:31:30.0483 0x0a5c  agp440 - ok
22:31:30.0608 0x0a5c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:31:30.0623 0x0a5c  aic78xx - ok
22:31:30.0670 0x0a5c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
22:31:30.0748 0x0a5c  ALG - ok
22:31:30.0810 0x0a5c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:31:30.0826 0x0a5c  aliide - ok
22:31:30.0888 0x0a5c  [ EB7C2F213A219CA9CF807B6888186070, 710F4F6370984B093CFCE8BC517DC6B9ADBB14E7D123DF89F400FE7D0F2BCBF0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:31:30.0982 0x0a5c  AMD External Events Utility - ok
22:31:31.0013 0x0a5c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:31:31.0029 0x0a5c  amdagp - ok
22:31:31.0044 0x0a5c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:31:31.0076 0x0a5c  amdide - ok
22:31:31.0107 0x0a5c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:31:31.0138 0x0a5c  AmdK8 - ok
22:31:32.0074 0x0a5c  [ 92D358D9E637F4BF4C2F87CF0B85B494, 3D6CAC4E0B58B2EAA0A7307C3DA4008D67ABA91AA03672197FCDE33148B83241 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:32.0495 0x0a5c  amdkmdag - ok
22:31:32.0542 0x0a5c  [ 6DC621388E76DC43D8558A20603B5A9E, B9687D90350711127715FA78093BED452D571DFB5C71C28B082AB03AAE75D9E7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:31:32.0589 0x0a5c  amdkmdap - ok
22:31:32.0636 0x0a5c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:31:32.0698 0x0a5c  AmdPPM - ok
22:31:32.0760 0x0a5c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:31:32.0776 0x0a5c  amdsata - ok
22:31:32.0823 0x0a5c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:32.0838 0x0a5c  amdsbs - ok
22:31:32.0870 0x0a5c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:31:32.0885 0x0a5c  amdxata - ok
22:31:32.0932 0x0a5c  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
22:31:32.0994 0x0a5c  AppID - ok
22:31:33.0041 0x0a5c  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:31:33.0088 0x0a5c  AppIDSvc - ok
22:31:33.0135 0x0a5c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
22:31:33.0213 0x0a5c  Appinfo - ok
22:31:33.0338 0x0a5c  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:31:33.0353 0x0a5c  Apple Mobile Device - ok
22:31:33.0416 0x0a5c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:31:33.0431 0x0a5c  arc - ok
22:31:33.0462 0x0a5c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:31:33.0478 0x0a5c  arcsas - ok
22:31:33.0634 0x0a5c  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:31:33.0650 0x0a5c  aspnet_state - ok
22:31:33.0681 0x0a5c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:33.0806 0x0a5c  AsyncMac - ok
22:31:33.0868 0x0a5c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:31:33.0884 0x0a5c  atapi - ok
22:31:33.0962 0x0a5c  [ 44FA26470D4C8123CCF71F4200B782D3, 924E8157E2B09092E95551CA5095F6262E408FAFBA8A01FCB254928B801343BA ] athrusb         C:\Windows\system32\DRIVERS\athrusb.sys
22:31:34.0102 0x0a5c  athrusb - ok
22:31:34.0180 0x0a5c  [ 434192D027A6A11E32E1C74C7C43E1ED, EA4A981B42EC16C2457D80218E94D7B339E05629A028ED5A011D8C7C1039BFD2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
22:31:34.0211 0x0a5c  AtiHDAudioService - ok
22:31:34.0960 0x0a5c  [ 92D358D9E637F4BF4C2F87CF0B85B494, 3D6CAC4E0B58B2EAA0A7307C3DA4008D67ABA91AA03672197FCDE33148B83241 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:35.0366 0x0a5c  atikmdag - ok
22:31:35.0490 0x0a5c  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:31:35.0568 0x0a5c  AudioEndpointBuilder - ok
22:31:35.0584 0x0a5c  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:31:35.0631 0x0a5c  Audiosrv - ok
22:31:35.0693 0x0a5c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:31:35.0849 0x0a5c  AxInstSV - ok
22:31:35.0912 0x0a5c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:31:35.0990 0x0a5c  b06bdrv - ok
22:31:36.0068 0x0a5c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:31:36.0130 0x0a5c  b57nd60x - ok
22:31:36.0287 0x0a5c  [ 0D1EA7509F394D8B705B239EE71F5118, 3F6EA4AC573460D19B40B772CBC85212381191BE2829F19C86AEBA267E614554 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:31:36.0303 0x0a5c  BBSvc - ok
22:31:36.0349 0x0a5c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
22:31:36.0412 0x0a5c  BDESVC - ok
22:31:36.0443 0x0a5c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:31:36.0490 0x0a5c  Beep - ok
22:31:36.0583 0x0a5c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
22:31:36.0693 0x0a5c  BFE - ok
22:31:36.0739 0x0a5c  [ D1668FA23D26CC97AEBF0EBAE1A015B7, 22215FC6F4292C1F5C24248CF8B455A488C2C63B29D35D6159423F1B5297F66F ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
22:31:36.0786 0x0a5c  BingDesktopUpdate - ok
22:31:36.0864 0x0a5c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
22:31:36.0942 0x0a5c  BITS - ok
22:31:36.0958 0x0a5c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:36.0989 0x0a5c  blbdrive - ok
22:31:37.0036 0x0a5c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:31:37.0129 0x0a5c  bowser - ok
22:31:37.0192 0x0a5c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:37.0301 0x0a5c  BrFiltLo - ok
22:31:37.0332 0x0a5c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:37.0395 0x0a5c  BrFiltUp - ok
22:31:37.0457 0x0a5c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
22:31:37.0551 0x0a5c  Browser - ok
22:31:37.0597 0x0a5c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:31:37.0738 0x0a5c  Brserid - ok
22:31:37.0753 0x0a5c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:37.0785 0x0a5c  BrSerWdm - ok
22:31:37.0816 0x0a5c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:37.0878 0x0a5c  BrUsbMdm - ok
22:31:37.0925 0x0a5c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:37.0972 0x0a5c  BrUsbSer - ok
22:31:38.0003 0x0a5c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:38.0081 0x0a5c  BTHMODEM - ok
22:31:38.0143 0x0a5c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
22:31:38.0221 0x0a5c  bthserv - ok
22:31:38.0284 0x0a5c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:31:38.0377 0x0a5c  cdfs - ok
22:31:38.0455 0x0a5c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:31:38.0487 0x0a5c  cdrom - ok
22:31:38.0533 0x0a5c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:31:38.0643 0x0a5c  CertPropSvc - ok
22:31:38.0689 0x0a5c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:31:38.0736 0x0a5c  circlass - ok
22:31:38.0783 0x0a5c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
22:31:38.0814 0x0a5c  CLFS - ok
22:31:38.0908 0x0a5c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:38.0923 0x0a5c  clr_optimization_v2.0.50727_32 - ok
22:31:39.0001 0x0a5c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:39.0017 0x0a5c  clr_optimization_v4.0.30319_32 - ok
22:31:39.0048 0x0a5c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:39.0142 0x0a5c  CmBatt - ok
22:31:39.0173 0x0a5c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:31:39.0189 0x0a5c  cmdide - ok
22:31:39.0251 0x0a5c  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
22:31:39.0298 0x0a5c  CNG - ok
22:31:39.0329 0x0a5c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:31:39.0345 0x0a5c  Compbatt - ok
22:31:39.0391 0x0a5c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:31:39.0438 0x0a5c  CompositeBus - ok
22:31:39.0485 0x0a5c  COMSysApp - ok
22:31:39.0594 0x0a5c  [ E425C66663C96D5A9F030B0AD4D219A8, DEECBCD260849178DE421D8E2F177DCE5C63CF67A48ABB23A0E3CF3AA3E00578 ] cpuz137         C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys
22:31:39.0610 0x0a5c  cpuz137 - ok
22:31:39.0641 0x0a5c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:39.0672 0x0a5c  crcdisk - ok
22:31:39.0719 0x0a5c  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:31:39.0797 0x0a5c  CryptSvc - ok
22:31:39.0875 0x0a5c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:31:39.0953 0x0a5c  DcomLaunch - ok
22:31:40.0000 0x0a5c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
22:31:40.0062 0x0a5c  defragsvc - ok
22:31:40.0125 0x0a5c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:31:40.0187 0x0a5c  DfsC - ok
22:31:40.0265 0x0a5c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:31:40.0343 0x0a5c  Dhcp - ok
22:31:40.0390 0x0a5c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
22:31:40.0546 0x0a5c  discache - ok
22:31:40.0608 0x0a5c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:31:40.0639 0x0a5c  Disk - ok
22:31:40.0671 0x0a5c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:31:40.0749 0x0a5c  Dnscache - ok
22:31:40.0780 0x0a5c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:31:40.0842 0x0a5c  dot3svc - ok
22:31:40.0920 0x0a5c  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:31:40.0967 0x0a5c  Dot4 - ok
22:31:40.0983 0x0a5c  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:31:41.0014 0x0a5c  Dot4Print - ok
22:31:41.0014 0x0a5c  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:31:41.0092 0x0a5c  dot4usb - ok
22:31:41.0154 0x0a5c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
22:31:41.0217 0x0a5c  DPS - ok
22:31:41.0263 0x0a5c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:31:41.0341 0x0a5c  drmkaud - ok
22:31:41.0419 0x0a5c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:31:41.0466 0x0a5c  DXGKrnl - ok
22:31:41.0529 0x0a5c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
22:31:41.0591 0x0a5c  EapHost - ok
22:31:41.0747 0x0a5c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:31:41.0887 0x0a5c  ebdrv - ok
22:31:41.0950 0x0a5c  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] EFS             C:\Windows\System32\lsass.exe
22:31:41.0997 0x0a5c  EFS - ok
22:31:42.0075 0x0a5c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:31:42.0184 0x0a5c  ehRecvr - ok
22:31:42.0215 0x0a5c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
22:31:42.0293 0x0a5c  ehSched - ok
22:31:42.0340 0x0a5c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:31:42.0387 0x0a5c  elxstor - ok
22:31:42.0418 0x0a5c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:31:42.0465 0x0a5c  ErrDev - ok
22:31:42.0537 0x0a5c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
22:31:42.0615 0x0a5c  EventSystem - ok
22:31:42.0662 0x0a5c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:31:42.0724 0x0a5c  exfat - ok
22:31:42.0771 0x0a5c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:31:42.0833 0x0a5c  fastfat - ok
22:31:42.0911 0x0a5c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
22:31:43.0021 0x0a5c  Fax - ok
22:31:43.0052 0x0a5c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:31:43.0067 0x0a5c  fdc - ok
22:31:43.0114 0x0a5c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
22:31:43.0145 0x0a5c  fdPHost - ok
22:31:43.0192 0x0a5c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:31:43.0255 0x0a5c  FDResPub - ok
22:31:43.0286 0x0a5c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:31:43.0301 0x0a5c  FileInfo - ok
22:31:43.0333 0x0a5c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:31:43.0395 0x0a5c  Filetrace - ok
22:31:43.0426 0x0a5c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:43.0473 0x0a5c  flpydisk - ok
22:31:43.0520 0x0a5c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:31:43.0535 0x0a5c  FltMgr - ok
22:31:43.0613 0x0a5c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
22:31:43.0738 0x0a5c  FontCache - ok
22:31:43.0769 0x0a5c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:31:43.0801 0x0a5c  FontCache3.0.0.0 - ok
22:31:43.0925 0x0a5c  [ 7DFF82ACDAB23414ABC2A95FEF8982F8, 9B2ACC7AA63085B4A571D084406FE48FE184243A1AF80C2492038CFF3737FEE5 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:31:44.0003 0x0a5c  ForceWare Intelligent Application Manager (IAM) - ok
22:31:44.0081 0x0a5c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:31:44.0097 0x0a5c  FsDepends - ok
22:31:44.0144 0x0a5c  [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:31:44.0159 0x0a5c  fssfltr - ok
22:31:44.0487 0x0a5c  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:31:44.0565 0x0a5c  fsssvc - ok
22:31:44.0612 0x0a5c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:31:44.0627 0x0a5c  Fs_Rec - ok
22:31:44.0690 0x0a5c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:31:44.0721 0x0a5c  fvevol - ok
22:31:44.0768 0x0a5c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:44.0783 0x0a5c  gagp30kx - ok
22:31:44.0830 0x0a5c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:31:44.0924 0x0a5c  gpsvc - ok
22:31:44.0955 0x0a5c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:31:45.0033 0x0a5c  hcw85cir - ok
22:31:45.0095 0x0a5c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:31:45.0173 0x0a5c  HdAudAddService - ok
22:31:45.0220 0x0a5c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:31:45.0267 0x0a5c  HDAudBus - ok
22:31:45.0298 0x0a5c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:45.0361 0x0a5c  HidBatt - ok
22:31:45.0407 0x0a5c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:31:45.0454 0x0a5c  HidBth - ok
22:31:45.0517 0x0a5c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:31:45.0532 0x0a5c  HidIr - ok
22:31:45.0563 0x0a5c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
22:31:45.0641 0x0a5c  hidserv - ok
22:31:45.0688 0x0a5c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:31:45.0766 0x0a5c  HidUsb - ok
22:31:45.0782 0x0a5c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:31:45.0844 0x0a5c  hkmsvc - ok
22:31:45.0907 0x0a5c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:31:45.0969 0x0a5c  HomeGroupListener - ok
22:31:46.0031 0x0a5c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:31:46.0094 0x0a5c  HomeGroupProvider - ok
22:31:46.0359 0x0a5c  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:31:46.0484 0x0a5c  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
22:31:49.0183 0x0a5c  Detect skipped due to KSN trusted
22:31:49.0183 0x0a5c  hpqcxs08 - ok
22:31:49.0229 0x0a5c  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:31:49.0261 0x0a5c  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
22:31:52.0022 0x0a5c  Detect skipped due to KSN trusted
22:31:52.0022 0x0a5c  hpqddsvc - ok
22:31:52.0069 0x0a5c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:31:52.0084 0x0a5c  HpSAMD - ok
22:31:52.0147 0x0a5c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:31:52.0240 0x0a5c  HTTP - ok
22:31:52.0256 0x0a5c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:31:52.0287 0x0a5c  hwpolicy - ok
22:31:52.0334 0x0a5c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:31:52.0381 0x0a5c  i8042prt - ok
22:31:52.0490 0x0a5c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:31:52.0521 0x0a5c  iaStorV - ok
22:31:52.0568 0x0a5c  [ C590574AE2F167CC188250E81102C882, 5A32CAC4E1DA7ED1FE003E2DE1EB7DF8D30B68FB8407AC76266CE8114F0ED29B ] IDMWFP          C:\Windows\system32\DRIVERS\idmwfp.sys
22:31:52.0599 0x0a5c  IDMWFP - ok
22:31:52.0708 0x0a5c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:31:52.0755 0x0a5c  idsvc - ok
22:31:52.0771 0x0a5c  IEEtwCollectorService - ok
22:31:52.0817 0x0a5c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:31:52.0849 0x0a5c  iirsp - ok
22:31:52.0942 0x0a5c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:31:53.0051 0x0a5c  IKEEXT - ok
22:31:53.0083 0x0a5c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:31:53.0114 0x0a5c  intelide - ok
22:31:53.0161 0x0a5c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:31:53.0207 0x0a5c  intelppm - ok
22:31:53.0270 0x0a5c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:31:53.0348 0x0a5c  IPBusEnum - ok
22:31:53.0395 0x0a5c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:53.0441 0x0a5c  IpFilterDriver - ok
22:31:53.0489 0x0a5c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:31:53.0583 0x0a5c  iphlpsvc - ok
22:31:53.0614 0x0a5c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:31:53.0661 0x0a5c  IPMIDRV - ok
22:31:53.0723 0x0a5c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:31:53.0786 0x0a5c  IPNAT - ok
22:31:53.0832 0x0a5c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:31:53.0911 0x0a5c  IRENUM - ok
22:31:53.0943 0x0a5c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:31:53.0958 0x0a5c  isapnp - ok
22:31:54.0021 0x0a5c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:54.0067 0x0a5c  iScsiPrt - ok
22:31:54.0099 0x0a5c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:54.0130 0x0a5c  kbdclass - ok
22:31:54.0286 0x0a5c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:54.0395 0x0a5c  kbdhid - ok
22:31:54.0442 0x0a5c  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] KeyIso          C:\Windows\system32\lsass.exe
22:31:54.0457 0x0a5c  KeyIso - ok
22:31:54.0535 0x0a5c  [ 4DAC97CF81FAE4B2988AEF0DF40D04AE, 5560304972693DE5D5B21CE010A76067FA5B64AD5968122EE9F8248B3EA4878E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:31:54.0567 0x0a5c  KSecDD - ok
22:31:54.0598 0x0a5c  [ 9EED5E0B7BF784C491C2289A09920BDA, 9E82EB777A01AB32EDA2AE0420546602A82C850D68D2C0AEDB4EA5ADEDF835E6 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:31:54.0629 0x0a5c  KSecPkg - ok
22:31:54.0738 0x0a5c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:31:54.0847 0x0a5c  KtmRm - ok
22:31:54.0894 0x0a5c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:31:54.0972 0x0a5c  LanmanServer - ok
22:31:55.0019 0x0a5c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:31:55.0081 0x0a5c  LanmanWorkstation - ok
22:31:55.0347 0x0a5c  [ D9BC2278A381A8F8465596CB84D33320, 13E5CE3FD84604077B06E0B111F0345FA300FE4CBFCFCDAFFFAC6D838BB43E3A ] LiveUpdateSvc   C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
22:31:55.0471 0x0a5c  LiveUpdateSvc - ok
22:31:55.0534 0x0a5c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:31:55.0565 0x0a5c  lltdio - ok
22:31:55.0596 0x0a5c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:31:55.0690 0x0a5c  lltdsvc - ok
22:31:55.0737 0x0a5c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:31:55.0815 0x0a5c  lmhosts - ok
22:31:55.0893 0x0a5c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:55.0908 0x0a5c  LSI_FC - ok
22:31:55.0971 0x0a5c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:56.0002 0x0a5c  LSI_SAS - ok
22:31:56.0017 0x0a5c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:56.0033 0x0a5c  LSI_SAS2 - ok
22:31:56.0064 0x0a5c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:56.0080 0x0a5c  LSI_SCSI - ok
22:31:56.0127 0x0a5c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:31:56.0205 0x0a5c  luafv - ok
22:31:56.0361 0x0a5c  [ C2730E796F3A84DE3D4FCFF899028838, E93163D5657B67019FD798EDC9A0D9CC561AB76CA20C1F15413D466149FC4ABE ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
22:31:56.0376 0x0a5c  mbamchameleon - ok
22:31:56.0407 0x0a5c  [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:31:56.0423 0x0a5c  MBAMProtector - ok
22:31:56.0563 0x0a5c  [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler   C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
22:31:56.0657 0x0a5c  MBAMScheduler - ok
22:31:56.0829 0x0a5c  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
22:31:56.0922 0x0a5c  MBAMService - ok
22:31:56.0985 0x0a5c  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
22:31:57.0000 0x0a5c  MBAMSwissArmy - ok
22:31:57.0047 0x0a5c  [ 2A1B51A1FE8DC4DC0D52EC700CB02CEF, BF689A361F941F91B63D5F8E54925550333C068F65E59E4DBF0A7B66B8C7EDD6 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:31:57.0063 0x0a5c  MBAMWebAccessControl - ok
22:31:57.0109 0x0a5c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:31:57.0156 0x0a5c  Mcx2Svc - ok
22:31:57.0281 0x0a5c  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:31:57.0312 0x0a5c  MDM - detected UnsignedFile.Multi.Generic ( 1 )
22:32:03.0880 0x0a5c  Detect skipped due to KSN trusted
22:32:03.0880 0x0a5c  MDM - ok
22:32:03.0927 0x0a5c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:32:03.0942 0x0a5c  megasas - ok
22:32:03.0973 0x0a5c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:32:04.0005 0x0a5c  MegaSR - ok
22:32:04.0036 0x0a5c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
22:32:04.0114 0x0a5c  MMCSS - ok
22:32:04.0129 0x0a5c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
22:32:04.0207 0x0a5c  Modem - ok
22:32:04.0301 0x0a5c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:32:04.0363 0x0a5c  monitor - ok
22:32:04.0426 0x0a5c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:32:04.0441 0x0a5c  mouclass - ok
22:32:04.0488 0x0a5c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:32:04.0504 0x0a5c  mouhid - ok
22:32:04.0597 0x0a5c  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:32:04.0613 0x0a5c  mountmgr - ok
22:32:04.0707 0x0a5c  [ A8EC34E8953BD6A751D52C55B47BDE62, FB526ACDF67037498D5D1033A41082B96EBC702293FA1384AE9FCFF091686CDD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:32:04.0722 0x0a5c  MozillaMaintenance - ok
22:32:04.0801 0x0a5c  [ 7D2484C4995A3DB47345EFED2A0B579E, 55B3CDE0BEF743874793679692A6C744B2771C85A0FEE1904F28A51EEE9C0CEB ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:32:04.0832 0x0a5c  MpFilter - ok
22:32:04.0864 0x0a5c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:32:04.0895 0x0a5c  mpio - ok
22:32:05.0004 0x0a5c  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl902320df   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\MpKsl902320df.sys
22:32:05.0020 0x0a5c  MpKsl902320df - ok
22:32:05.0082 0x0a5c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:32:05.0129 0x0a5c  mpsdrv - ok
22:32:05.0176 0x0a5c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:32:05.0269 0x0a5c  MpsSvc - ok
22:32:05.0316 0x0a5c  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:32:05.0410 0x0a5c  MRxDAV - ok
22:32:05.0441 0x0a5c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:32:05.0519 0x0a5c  mrxsmb - ok
22:32:05.0550 0x0a5c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:32:05.0628 0x0a5c  mrxsmb10 - ok
22:32:05.0659 0x0a5c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:32:05.0722 0x0a5c  mrxsmb20 - ok
22:32:05.0768 0x0a5c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:32:05.0800 0x0a5c  msahci - ok
22:32:05.0815 0x0a5c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:32:05.0846 0x0a5c  msdsm - ok
22:32:05.0893 0x0a5c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
22:32:06.0034 0x0a5c  MSDTC - ok
22:32:06.0096 0x0a5c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:32:06.0190 0x0a5c  Msfs - ok
22:32:06.0221 0x0a5c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:32:06.0314 0x0a5c  mshidkmdf - ok
22:32:06.0361 0x0a5c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:32:06.0377 0x0a5c  msisadrv - ok
22:32:06.0424 0x0a5c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:32:06.0470 0x0a5c  MSiSCSI - ok
22:32:06.0486 0x0a5c  msiserver - ok
22:32:06.0533 0x0a5c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:32:06.0564 0x0a5c  MSKSSRV - ok
22:32:06.0658 0x0a5c  [ F26F7A5B18C717E57E3B6B306ABEC00B, 4C49C67A48F6B77E38A7FD28C960C92DFF371ACF0722C6EE4DF5F4B382937870 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:32:06.0689 0x0a5c  MsMpSvc - ok
22:32:06.0720 0x0a5c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:32:06.0782 0x0a5c  MSPCLOCK - ok
22:32:06.0814 0x0a5c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:32:06.0861 0x0a5c  MSPQM - ok
22:32:06.0893 0x0a5c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:32:06.0908 0x0a5c  MsRPC - ok
22:32:06.0955 0x0a5c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:32:06.0971 0x0a5c  mssmbios - ok
22:32:06.0986 0x0a5c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:32:07.0049 0x0a5c  MSTEE - ok
22:32:07.0080 0x0a5c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:32:07.0143 0x0a5c  MTConfig - ok
22:32:07.0174 0x0a5c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:32:07.0190 0x0a5c  Mup - ok
22:32:07.0268 0x0a5c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
22:32:07.0377 0x0a5c  napagent - ok
22:32:07.0424 0x0a5c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:32:07.0471 0x0a5c  NativeWifiP - ok
22:32:07.0533 0x0a5c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:32:07.0580 0x0a5c  NDIS - ok
22:32:07.0611 0x0a5c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:32:07.0674 0x0a5c  NdisCap - ok
22:32:07.0752 0x0a5c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:32:07.0814 0x0a5c  NdisTapi - ok
22:32:07.0861 0x0a5c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:32:07.0970 0x0a5c  Ndisuio - ok
22:32:08.0017 0x0a5c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:32:08.0079 0x0a5c  NdisWan - ok
22:32:08.0142 0x0a5c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:32:08.0235 0x0a5c  NDProxy - ok
22:32:08.0298 0x0a5c  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:32:08.0344 0x0a5c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:32:11.0043 0x0a5c  Detect skipped due to KSN trusted
22:32:11.0043 0x0a5c  Net Driver HPZ12 - ok
22:32:11.0121 0x0a5c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:32:11.0215 0x0a5c  NetBIOS - ok
22:32:11.0262 0x0a5c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:32:11.0371 0x0a5c  NetBT - ok
22:32:11.0418 0x0a5c  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] Netlogon        C:\Windows\system32\lsass.exe
22:32:11.0449 0x0a5c  Netlogon - ok
22:32:11.0511 0x0a5c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
22:32:11.0605 0x0a5c  Netman - ok
22:32:11.0667 0x0a5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:11.0698 0x0a5c  NetMsmqActivator - ok
22:32:11.0745 0x0a5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:11.0761 0x0a5c  NetPipeActivator - ok
22:32:11.0792 0x0a5c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
22:32:11.0839 0x0a5c  netprofm - ok
22:32:11.0948 0x0a5c  [ BB534F960DBF0CD1E3B88FC3B0018860, AB40C1093092AA5FF61D9F82D67923BD5CD872965DC055380162CB2156BAD335 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
22:32:12.0026 0x0a5c  netr28u - ok
22:32:12.0073 0x0a5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:12.0104 0x0a5c  NetTcpActivator - ok
22:32:12.0135 0x0a5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:12.0166 0x0a5c  NetTcpPortSharing - ok
22:32:12.0198 0x0a5c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:32:12.0229 0x0a5c  nfrd960 - ok
22:32:12.0510 0x0a5c  [ 94B8279FC0E27A8253944DFA47FC4A83, D799003BD163200F7DE0EC882756EF08AA70C45BF0518E3BC6DB8B8FB74BF663 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:32:12.0541 0x0a5c  NisDrv - ok
22:32:12.0588 0x0a5c  [ 1452F52471F2DC1515DD6C35B42FF06E, 57A2858B24D0C9C229A4C76F85DB453E867921C2B4E41835211C4EB5EBE99DE8 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:32:12.0619 0x0a5c  NisSrv - ok
22:32:12.0666 0x0a5c  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:32:12.0837 0x0a5c  NlaSvc - ok
22:32:12.0884 0x0a5c  [ A00877C05933FBA8AFB3390DD72D4679, 684D9642173C4BF4B752F259D5E89F16BC8B4B1608F1E6E176AA692A9775CE38 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
22:32:12.0978 0x0a5c  nmwcd - ok
22:32:13.0040 0x0a5c  [ 9FF15F18E4E8758AC57BDB910D0238B3, F27C40BDD3818C54E1099AD525C7C19B424E0C4676DB366DE0E905CA3F82A310 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
22:32:13.0087 0x0a5c  nmwcdc - ok
22:32:13.0149 0x0a5c  [ B0575681498D75E0C0432200702B4A0A, EE6037B038265562A4F59E92A9F665C7A8AA8E8C5DEB3481F1F7B6D39A4E4954 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
22:32:13.0196 0x0a5c  nmwcdnsu - ok
22:32:13.0243 0x0a5c  [ 9699486E10F89163979FCD48A40FE805, 04D05666920C91106FFF60F1DCE7D8B89F6F1419D0035A5BF7AB5F0BA5C39B31 ] nmwcdnsuc       C:\Windows\system32\drivers\nmwcdnsuc.sys
22:32:13.0274 0x0a5c  nmwcdnsuc - ok
22:32:13.0290 0x0a5c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:32:13.0492 0x0a5c  Npfs - ok
22:32:13.0539 0x0a5c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
22:32:13.0711 0x0a5c  nsi - ok
22:32:13.0804 0x0a5c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:32:13.0836 0x0a5c  nsiproxy - ok
22:32:13.0930 0x0a5c  [ 198FF60A42802C319FBA58FDB13EEE49, 80F098727BE1452BD570F5A1A7F4883BB38B3B4F7F4797D6F276A6E9FFE3B7C1 ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:32:13.0946 0x0a5c  nSvcIp - ok
22:32:14.0086 0x0a5c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:32:14.0133 0x0a5c  Ntfs - ok
22:32:14.0164 0x0a5c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
22:32:14.0242 0x0a5c  Null - ok
22:32:14.0321 0x0a5c  [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
22:32:14.0352 0x0a5c  NVENETFD - ok
22:32:14.0384 0x0a5c  [ 0219B05730635FCAB3A9925D3374C464, FD5ED0FAFA1DB8229B3963C29D7AC98684C5F75772AAE05A79D4452237CF7C1D ] NVNET           C:\Windows\system32\DRIVERS\nvmf6232.sys
22:32:14.0399 0x0a5c  NVNET - ok
22:32:14.0446 0x0a5c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:32:14.0477 0x0a5c  nvraid - ok
22:32:14.0508 0x0a5c  [ 02A9F366BCB94B286E34825B2094CB38, 1F525EA1C9530FC5361745D0761C8E3AF9BF7CD80087A4791BB8DB8D5DF00115 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
22:32:14.0540 0x0a5c  nvsmu - ok
22:32:14.0618 0x0a5c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:32:14.0633 0x0a5c  nvstor - ok
22:32:14.0680 0x0a5c  [ 97778C3CB3AF6B2243648D0DCD4D8916, 344B77D9F0B8E09DA4898D1AD2F3223C11AD7691D6E4D101478D38B25EB0F7EF ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
22:32:14.0742 0x0a5c  nvstor32 - ok
22:32:14.0774 0x0a5c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:32:14.0805 0x0a5c  nv_agp - ok
22:32:14.0898 0x0a5c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:32:14.0945 0x0a5c  odserv - ok
22:32:15.0117 0x0a5c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:32:15.0179 0x0a5c  ohci1394 - ok
22:32:15.0288 0x0a5c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:32:15.0304 0x0a5c  ose - ok
22:32:15.0351 0x0a5c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:32:15.0460 0x0a5c  p2pimsvc - ok
22:32:15.0507 0x0a5c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:32:15.0569 0x0a5c  p2psvc - ok
22:32:15.0616 0x0a5c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:32:15.0647 0x0a5c  Parport - ok
22:32:15.0710 0x0a5c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:32:15.0725 0x0a5c  partmgr - ok
22:32:15.0756 0x0a5c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:32:15.0819 0x0a5c  Parvdm - ok
22:32:15.0866 0x0a5c  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:32:15.0928 0x0a5c  PcaSvc - ok
22:32:15.0975 0x0a5c  [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:32:16.0037 0x0a5c  pccsmcfd - ok
22:32:16.0068 0x0a5c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
22:32:16.0100 0x0a5c  pci - ok
22:32:16.0115 0x0a5c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:32:16.0131 0x0a5c  pciide - ok
22:32:16.0209 0x0a5c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:32:16.0224 0x0a5c  pcmcia - ok
22:32:16.0256 0x0a5c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:32:16.0271 0x0a5c  pcw - ok
22:32:16.0318 0x0a5c  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:32:16.0380 0x0a5c  PEAUTH - ok
22:32:16.0505 0x0a5c  [ 8087AA9F425BEFD3D75C7FAC7C37363E, E78A5DA101B95B7AF37A696DF5C8E10AC0F8A22A8B1B75BBC7DA227047798415 ] Ph6xIB32        C:\Windows\system32\DRIVERS\Ph6xIB32.sys
22:32:16.0630 0x0a5c  Ph6xIB32 - ok
22:32:16.0880 0x0a5c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
22:32:16.0973 0x0a5c  pla - ok
22:32:17.0036 0x0a5c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:32:17.0114 0x0a5c  PlugPlay - ok
22:32:17.0192 0x0a5c  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:32:17.0192 0x0a5c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:32:20.0592 0x0a5c  Detect skipped due to KSN trusted
22:32:20.0592 0x0a5c  Pml Driver HPZ12 - ok
22:32:20.0639 0x0a5c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:32:20.0670 0x0a5c  PNRPAutoReg - ok
22:32:20.0717 0x0a5c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:32:20.0748 0x0a5c  PNRPsvc - ok
22:32:20.0889 0x0a5c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:32:20.0920 0x0a5c  PolicyAgent - ok
22:32:20.0967 0x0a5c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
22:32:21.0045 0x0a5c  Power - ok
22:32:21.0092 0x0a5c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:32:21.0170 0x0a5c  PptpMiniport - ok
22:32:21.0232 0x0a5c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:32:21.0263 0x0a5c  Processor - ok
22:32:21.0310 0x0a5c  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:32:21.0388 0x0a5c  ProfSvc - ok
22:32:21.0435 0x0a5c  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:32:21.0450 0x0a5c  ProtectedStorage - ok
22:32:21.0497 0x0a5c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:32:21.0560 0x0a5c  Psched - ok
22:32:21.0622 0x0a5c  [ 846FE8CBB31ECB1E8333FF395BAF5D5F, 02B9E3FC90403220B28E0E67397AC4F99FCE4CA5A573492F79CB4CE82633A0AC ] pwdrvio         C:\Windows\system32\pwdrvio.sys
22:32:21.0638 0x0a5c  pwdrvio - ok
22:32:21.0794 0x0a5c  [ 3EB52E853F2F74178AC0034CA0719FB1, 2101A99D77AD18039D095A7086F79647A988223223E58AB3EB9A0F8ED14DA2B2 ] pwdspio         C:\Windows\system32\pwdspio.sys
22:32:21.0809 0x0a5c  pwdspio - ok
22:32:21.0887 0x0a5c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:32:21.0950 0x0a5c  ql2300 - ok
22:32:21.0981 0x0a5c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:32:21.0996 0x0a5c  ql40xx - ok
22:32:22.0028 0x0a5c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
22:32:22.0090 0x0a5c  QWAVE - ok
22:32:22.0121 0x0a5c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:32:22.0152 0x0a5c  QWAVEdrv - ok
22:32:22.0246 0x0a5c  [ F4C083E290BCBC8DA05C6E2C7F8053B9, 968103B2F49A05B1DE99FA38CEB7B2F5E90B60901B9AF802A908F819DA64822E ] RalinkRegistryWriter C:\Program Files\Ralink\Common\RaRegistry.exe
22:32:22.0293 0x0a5c  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )
22:32:25.0038 0x0a5c  Detect skipped due to KSN trusted
22:32:25.0038 0x0a5c  RalinkRegistryWriter - ok
22:32:25.0116 0x0a5c  [ ACCFA0846D9C7BD6A9F506982B812A5C, FE48D5016C2EBDB95A594D359E9F7873A1EF5C927E109F59755C892B6C3C5506 ] RaMediaServer   C:\Program Files\Ralink\Common\RaMediaServer.exe
22:32:25.0148 0x0a5c  RaMediaServer - ok
22:32:25.0163 0x0a5c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:32:25.0226 0x0a5c  RasAcd - ok
22:32:25.0304 0x0a5c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:32:25.0382 0x0a5c  RasAgileVpn - ok
22:32:25.0444 0x0a5c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
22:32:25.0475 0x0a5c  RasAuto - ok
22:32:25.0506 0x0a5c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:32:25.0631 0x0a5c  Rasl2tp - ok
22:32:25.0709 0x0a5c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
22:32:25.0756 0x0a5c  RasMan - ok
22:32:25.0787 0x0a5c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:32:25.0850 0x0a5c  RasPppoe - ok
22:32:25.0928 0x0a5c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:32:26.0021 0x0a5c  RasSstp - ok
22:32:26.0146 0x0a5c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:32:26.0224 0x0a5c  rdbss - ok
22:32:26.0255 0x0a5c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:32:26.0302 0x0a5c  rdpbus - ok
22:32:26.0333 0x0a5c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:26.0427 0x0a5c  RDPCDD - ok
22:32:26.0474 0x0a5c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:32:26.0552 0x0a5c  RDPENCDD - ok
22:32:26.0598 0x0a5c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:32:26.0676 0x0a5c  RDPREFMP - ok
22:32:26.0786 0x0a5c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:32:26.0832 0x0a5c  RdpVideoMiniport - ok
22:32:26.0864 0x0a5c  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:32:26.0942 0x0a5c  RDPWD - ok
22:32:26.0988 0x0a5c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:32:27.0020 0x0a5c  rdyboost - ok
22:32:27.0066 0x0a5c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:32:27.0144 0x0a5c  RemoteAccess - ok
22:32:27.0191 0x0a5c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:32:27.0285 0x0a5c  RemoteRegistry - ok
22:32:27.0316 0x0a5c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:32:27.0394 0x0a5c  RpcEptMapper - ok
22:32:27.0472 0x0a5c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
22:32:27.0488 0x0a5c  RpcLocator - ok
22:32:27.0550 0x0a5c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
22:32:27.0597 0x0a5c  RpcSs - ok
22:32:27.0644 0x0a5c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:32:27.0675 0x0a5c  rspndr - ok
22:32:27.0706 0x0a5c  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] SamSs           C:\Windows\system32\lsass.exe
22:32:27.0737 0x0a5c  SamSs - ok
22:32:27.0784 0x0a5c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:32:27.0800 0x0a5c  sbp2port - ok
22:32:27.0846 0x0a5c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:32:27.0956 0x0a5c  SCardSvr - ok
22:32:28.0018 0x0a5c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:32:28.0080 0x0a5c  scfilter - ok
22:32:28.0158 0x0a5c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
22:32:28.0268 0x0a5c  Schedule - ok
22:32:28.0314 0x0a5c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:32:28.0346 0x0a5c  SCPolicySvc - ok
22:32:28.0408 0x0a5c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:32:28.0486 0x0a5c  SDRSVC - ok
22:32:28.0564 0x0a5c  [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:32:28.0595 0x0a5c  SeaPort - ok
22:32:28.0642 0x0a5c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:32:28.0704 0x0a5c  secdrv - ok
22:32:28.0751 0x0a5c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
22:32:28.0814 0x0a5c  seclogon - ok
22:32:28.0860 0x0a5c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
22:32:28.0923 0x0a5c  SENS - ok
22:32:28.0970 0x0a5c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:32:29.0001 0x0a5c  SensrSvc - ok
22:32:29.0048 0x0a5c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:32:29.0094 0x0a5c  Serenum - ok
22:32:29.0157 0x0a5c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:32:29.0172 0x0a5c  Serial - ok
22:32:29.0204 0x0a5c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:32:29.0250 0x0a5c  sermouse - ok
22:32:29.0391 0x0a5c  [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:32:29.0422 0x0a5c  ServiceLayer - ok
22:32:29.0516 0x0a5c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:32:29.0609 0x0a5c  SessionEnv - ok
22:32:29.0687 0x0a5c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:32:29.0734 0x0a5c  sffdisk - ok
22:32:29.0796 0x0a5c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:32:29.0843 0x0a5c  sffp_mmc - ok
22:32:29.0890 0x0a5c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:32:29.0906 0x0a5c  sffp_sd - ok
22:32:29.0937 0x0a5c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:32:29.0968 0x0a5c  sfloppy - ok
22:32:30.0030 0x0a5c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:32:30.0093 0x0a5c  SharedAccess - ok
22:32:30.0140 0x0a5c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:32:30.0186 0x0a5c  ShellHWDetection - ok
22:32:30.0218 0x0a5c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:32:30.0233 0x0a5c  sisagp - ok
22:32:30.0296 0x0a5c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:32:30.0311 0x0a5c  SiSRaid2 - ok
22:32:30.0342 0x0a5c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:32:30.0358 0x0a5c  SiSRaid4 - ok
22:32:30.0436 0x0a5c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:32:30.0467 0x0a5c  SkypeUpdate - ok
22:32:30.0530 0x0a5c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:32:30.0576 0x0a5c  Smb - ok
22:32:30.0639 0x0a5c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:32:30.0701 0x0a5c  SNMPTRAP - ok
22:32:30.0732 0x0a5c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:32:30.0748 0x0a5c  spldr - ok
22:32:30.0873 0x0a5c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
22:32:30.0966 0x0a5c  Spooler - ok
22:32:31.0169 0x0a5c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
22:32:31.0294 0x0a5c  sppsvc - ok
22:32:31.0372 0x0a5c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:32:31.0434 0x0a5c  sppuinotify - ok
22:32:31.0481 0x0a5c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:32:31.0590 0x0a5c  srv - ok
22:32:31.0622 0x0a5c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:32:31.0668 0x0a5c  srv2 - ok
22:32:31.0731 0x0a5c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:32:31.0793 0x0a5c  srvnet - ok
22:32:31.0824 0x0a5c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:32:31.0902 0x0a5c  SSDPSRV - ok
22:32:31.0949 0x0a5c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:32:31.0980 0x0a5c  SstpSvc - ok
22:32:32.0012 0x0a5c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:32:32.0027 0x0a5c  stexstor - ok
22:32:32.0105 0x0a5c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:32:32.0168 0x0a5c  StiSvc - ok
22:32:32.0230 0x0a5c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:32:32.0246 0x0a5c  swenum - ok
22:32:32.0324 0x0a5c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
22:32:32.0386 0x0a5c  swprv - ok
22:32:32.0558 0x0a5c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
22:32:32.0651 0x0a5c  SysMain - ok
22:32:32.0682 0x0a5c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
22:32:32.0745 0x0a5c  TabletInputService - ok
22:32:32.0838 0x0a5c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:32:32.0901 0x0a5c  TapiSrv - ok
22:32:32.0948 0x0a5c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
22:32:32.0994 0x0a5c  TBS - ok
22:32:33.0088 0x0a5c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:32:33.0150 0x0a5c  Tcpip - ok
22:32:33.0228 0x0a5c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:32:33.0275 0x0a5c  TCPIP6 - ok
22:32:33.0353 0x0a5c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:32:33.0400 0x0a5c  tcpipreg - ok
22:32:33.0447 0x0a5c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:32:33.0494 0x0a5c  TDPIPE - ok
22:32:33.0525 0x0a5c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:32:33.0540 0x0a5c  TDTCP - ok
22:32:33.0587 0x0a5c  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:32:33.0618 0x0a5c  tdx - ok
22:32:33.0650 0x0a5c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:32:33.0665 0x0a5c  TermDD - ok
22:32:33.0728 0x0a5c  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
22:32:33.0868 0x0a5c  TermService - ok
22:32:33.0899 0x0a5c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
22:32:33.0930 0x0a5c  Themes - ok
22:32:33.0962 0x0a5c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:32:34.0008 0x0a5c  THREADORDER - ok
22:32:34.0024 0x0a5c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
22:32:34.0118 0x0a5c  TrkWks - ok
22:32:34.0164 0x0a5c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:32:34.0227 0x0a5c  TrustedInstaller - ok
22:32:34.0305 0x0a5c  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:34.0320 0x0a5c  tssecsrv - ok
22:32:34.0367 0x0a5c  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:32:34.0414 0x0a5c  TsUsbFlt - ok
22:32:34.0476 0x0a5c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:32:34.0554 0x0a5c  tunnel - ok
22:32:34.0601 0x0a5c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:32:34.0617 0x0a5c  uagp35 - ok
22:32:34.0695 0x0a5c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:32:34.0804 0x0a5c  udfs - ok
22:32:34.0882 0x0a5c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:32:34.0898 0x0a5c  UI0Detect - ok
22:32:34.0944 0x0a5c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:32:34.0960 0x0a5c  uliagpkx - ok
22:32:35.0007 0x0a5c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:32:35.0038 0x0a5c  umbus - ok
22:32:35.0054 0x0a5c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:32:35.0116 0x0a5c  UmPass - ok
22:32:35.0163 0x0a5c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
22:32:35.0288 0x0a5c  upnphost - ok
22:32:35.0350 0x0a5c  [ 8721F55D8BC9F89E3A63CEBDF5EF4FA3, C0C82480014B646709869A6A6FA2B71B993F9FCD8E2DB9E8F7D341C21EE169CF ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
22:32:35.0381 0x0a5c  upperdev - ok
22:32:35.0444 0x0a5c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:35.0537 0x0a5c  usbccgp - ok
22:32:35.0568 0x0a5c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:32:35.0662 0x0a5c  usbcir - ok
22:32:35.0740 0x0a5c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:32:35.0802 0x0a5c  usbehci - ok
22:32:35.0927 0x0a5c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:32:35.0990 0x0a5c  usbhub - ok
22:32:36.0099 0x0a5c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:32:36.0146 0x0a5c  usbohci - ok
22:32:36.0224 0x0a5c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:32:36.0286 0x0a5c  usbprint - ok
22:32:36.0411 0x0a5c  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:32:36.0676 0x0a5c  usbscan - ok
22:32:36.0723 0x0a5c  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\drivers\usbser.sys
22:32:36.0754 0x0a5c  usbser - ok
22:32:36.0801 0x0a5c  [ 4E66C71D8D010BFB0DF1042D25E9CB0F, E581ED3557A06FEE7F35DF1C18C7D74FEFD1FC5E6CDAD6692F66F4A033830F1C ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
22:32:36.0863 0x0a5c  UsbserFilt - ok
22:32:36.0926 0x0a5c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:36.0972 0x0a5c  USBSTOR - ok
22:32:37.0035 0x0a5c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:32:37.0113 0x0a5c  usbuhci - ok
22:32:37.0160 0x0a5c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
22:32:37.0238 0x0a5c  UxSms - ok
22:32:37.0284 0x0a5c  [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] VaultSvc        C:\Windows\system32\lsass.exe
22:32:37.0300 0x0a5c  VaultSvc - ok
22:32:37.0347 0x0a5c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:32:37.0362 0x0a5c  vdrvroot - ok
22:32:37.0503 0x0a5c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
22:32:37.0581 0x0a5c  vds - ok
22:32:37.0659 0x0a5c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:37.0768 0x0a5c  vga - ok
22:32:37.0799 0x0a5c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:32:37.0893 0x0a5c  VgaSave - ok
22:32:37.0971 0x0a5c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:32:37.0986 0x0a5c  vhdmp - ok
22:32:38.0033 0x0a5c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:32:38.0049 0x0a5c  viaagp - ok
22:32:38.0111 0x0a5c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:32:38.0142 0x0a5c  ViaC7 - ok
22:32:38.0205 0x0a5c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:32:38.0220 0x0a5c  viaide - ok
22:32:38.0236 0x0a5c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:32:38.0267 0x0a5c  volmgr - ok
22:32:38.0298 0x0a5c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:32:38.0330 0x0a5c  volmgrx - ok
22:32:38.0361 0x0a5c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:32:38.0392 0x0a5c  volsnap - ok
22:32:38.0439 0x0a5c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:32:38.0454 0x0a5c  vsmraid - ok
22:32:38.0626 0x0a5c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
22:32:38.0720 0x0a5c  VSS - ok
22:32:38.0766 0x0a5c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:32:38.0798 0x0a5c  vwifibus - ok
22:32:38.0844 0x0a5c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:32:38.0907 0x0a5c  vwififlt - ok
22:32:38.0938 0x0a5c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:32:38.0985 0x0a5c  vwifimp - ok
22:32:39.0141 0x0a5c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
22:32:39.0250 0x0a5c  W32Time - ok
22:32:39.0297 0x0a5c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:32:39.0344 0x0a5c  WacomPen - ok
22:32:39.0390 0x0a5c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:32:39.0437 0x0a5c  WANARP - ok
22:32:39.0453 0x0a5c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:32:39.0484 0x0a5c  Wanarpv6 - ok
22:32:39.0546 0x0a5c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
22:32:39.0609 0x0a5c  wbengine - ok
22:32:39.0640 0x0a5c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:32:39.0671 0x0a5c  WbioSrvc - ok
22:32:39.0718 0x0a5c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:32:39.0780 0x0a5c  wcncsvc - ok
22:32:39.0827 0x0a5c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:32:39.0843 0x0a5c  WcsPlugInService - ok
22:32:39.0874 0x0a5c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:32:39.0905 0x0a5c  Wd - ok
22:32:39.0952 0x0a5c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:32:39.0999 0x0a5c  Wdf01000 - ok
22:32:40.0030 0x0a5c  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:32:40.0077 0x0a5c  WdiServiceHost - ok
22:32:40.0092 0x0a5c  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:32:40.0108 0x0a5c  WdiSystemHost - ok
22:32:40.0155 0x0a5c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
22:32:40.0248 0x0a5c  WebClient - ok
22:32:40.0264 0x0a5c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:32:40.0311 0x0a5c  Wecsvc - ok
22:32:40.0342 0x0a5c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:32:40.0404 0x0a5c  wercplsupport - ok
22:32:40.0467 0x0a5c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
22:32:40.0514 0x0a5c  WerSvc - ok
22:32:40.0560 0x0a5c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:32:40.0592 0x0a5c  WfpLwf - ok
22:32:40.0607 0x0a5c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:32:40.0623 0x0a5c  WIMMount - ok
22:32:40.0701 0x0a5c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:32:40.0779 0x0a5c  WinDefend - ok
22:32:40.0826 0x0a5c  WinHttpAutoProxySvc - ok
22:32:40.0872 0x0a5c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:32:40.0950 0x0a5c  Winmgmt - ok
22:32:41.0044 0x0a5c  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:32:41.0138 0x0a5c  WinRM - ok
22:32:41.0200 0x0a5c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:32:41.0247 0x0a5c  WinUsb - ok
22:32:41.0325 0x0a5c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:32:41.0403 0x0a5c  Wlansvc - ok
22:32:41.0465 0x0a5c  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:32:41.0481 0x0a5c  wlcrasvc - ok
22:32:41.0590 0x0a5c  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:32:41.0668 0x0a5c  wlidsvc - ok
22:32:41.0715 0x0a5c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:32:41.0730 0x0a5c  WmiAcpi - ok
22:32:41.0793 0x0a5c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:32:41.0824 0x0a5c  wmiApSrv - ok
22:32:41.0964 0x0a5c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:32:42.0027 0x0a5c  WMPNetworkSvc - ok
22:32:42.0058 0x0a5c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:32:42.0089 0x0a5c  WPCSvc - ok
22:32:42.0120 0x0a5c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:32:42.0167 0x0a5c  WPDBusEnum - ok
22:32:42.0198 0x0a5c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:32:42.0230 0x0a5c  ws2ifsl - ok
22:32:42.0261 0x0a5c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:32:42.0276 0x0a5c  wscsvc - ok
22:32:42.0292 0x0a5c  WSearch - ok
22:32:42.0417 0x0a5c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
22:32:42.0495 0x0a5c  wuauserv - ok
22:32:42.0526 0x0a5c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:32:42.0557 0x0a5c  WudfPf - ok
22:32:42.0604 0x0a5c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:32:42.0666 0x0a5c  WUDFRd - ok
22:32:42.0729 0x0a5c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:32:42.0744 0x0a5c  wudfsvc - ok
22:32:42.0791 0x0a5c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:32:42.0822 0x0a5c  WwanSvc - ok
22:32:42.0947 0x0a5c  ================ Scan global ===============================
22:32:42.0978 0x0a5c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
22:32:43.0010 0x0a5c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:32:43.0025 0x0a5c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:32:43.0056 0x0a5c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
22:32:43.0103 0x0a5c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
22:32:43.0119 0x0a5c  [ Global ] - ok
22:32:43.0119 0x0a5c  ================ Scan MBR ==================================
22:32:43.0134 0x0a5c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:32:43.0462 0x0a5c  \Device\Harddisk0\DR0 - ok
22:32:43.0478 0x0a5c  ================ Scan VBR ==================================
22:32:43.0478 0x0a5c  [ 90DF092D2C93C953035026E059477D77 ] \Device\Harddisk0\DR0\Partition1
22:32:43.0478 0x0a5c  \Device\Harddisk0\DR0\Partition1 - ok
22:32:43.0493 0x0a5c  [ CF9174C0BA354E166F410D8C023956EA ] \Device\Harddisk0\DR0\Partition2
22:32:43.0493 0x0a5c  \Device\Harddisk0\DR0\Partition2 - ok
22:32:43.0493 0x0a5c  ================ Scan generic autorun ======================
22:32:43.0556 0x0a5c  [ BBD1BA710A00842064BA038570C13CB2, 155FABD8323C95932C9F552E8827A87356E9FCED471B8F5E06466F920EEB56A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
22:32:43.0634 0x0a5c  MSC - ok
22:32:43.0774 0x0a5c  [ AFF32534C8DEBC60607CDBCA3F18619C, 0701F91FFD15458383DD2AC40E538440F470A6BF5A5E53C55282083C8DF99912 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:32:43.0805 0x0a5c  StartCCC - ok
22:32:43.0821 0x0a5c  AMD AVT - ok
22:32:43.0946 0x0a5c  [ 6F85F3875C387BEEA08A3A7D60B06036, 38C89B281B2453D2D8D7D9E908C2601A9B063BF106450BB53AB5711AEFB14B0A ] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
22:32:44.0055 0x0a5c  BingDesktop - ok
22:32:44.0117 0x0a5c  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
22:32:44.0133 0x0a5c  HP Software Update - ok
22:32:44.0211 0x0a5c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:32:44.0273 0x0a5c  Sidebar - ok
22:32:44.0320 0x0a5c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:32:44.0351 0x0a5c  mctadmin - ok
22:32:44.0414 0x0a5c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:32:44.0460 0x0a5c  Sidebar - ok
22:32:44.0476 0x0a5c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:32:44.0507 0x0a5c  mctadmin - ok
22:32:44.0570 0x0a5c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:32:44.0616 0x0a5c  Sidebar - ok
22:32:44.0632 0x0a5c  DownloadAccelerator - ok
22:32:44.0679 0x0a5c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:32:44.0741 0x0a5c  Sidebar - ok
22:32:44.0882 0x0a5c  [ ACD929D8754B63BBBB68B48B96F8A99E, E4DD488BA151AAB58FC00458F69D5A7AC191BA488F2BDAF88BE432C24250AF94 ] C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
22:32:44.0960 0x0a5c  Advanced SystemCare 8 - ok
22:32:45.0209 0x0a5c  [ 67076E1C86044F2612E83A7894AF7A9D, D56261A1DA0687477C8DE66BA165585ADE81B7A720E9B47D2792355AA2F45A76 ] C:\Program Files\Internet Download Manager\IDMan.exe
22:32:45.0381 0x0a5c  IDMan - ok
22:32:45.0396 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:46.0410 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:47.0424 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:48.0438 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:49.0452 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:50.0466 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:51.0480 0x0a5c  Waiting for KSN requests completion. In queue: 177
22:32:52.0713 0x0a5c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
22:32:52.0775 0x0a5c  Win FW state via NFP2: enabled
22:32:55.0552 0x0a5c  ============================================================
22:32:55.0552 0x0a5c  Scan finished
22:32:55.0552 0x0a5c  ============================================================
22:32:55.0568 0x13e0  Detected object count: 0
22:32:55.0568 0x13e0  Actual detected object count: 0
         
__________________

Alt 05.04.2015, 11:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.04.2015, 13:00   #5
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
hier die Log-Datei von Combofix.
LG von Daniela

Code:
ATTFilter
ComboFix 15-04-01.01 - Admin 05.04.2015  13:33:07.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1836 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-05 bis 2015-04-05  ))))))))))))))))))))))))))))))
.
.
2015-04-05 10:50 . 2015-04-05 10:50	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\MpKsl2506728e.sys
2015-04-05 09:37 . 2015-04-05 09:38	--------	dc----w-	c:\users\Admin\AppData\Local\MigWiz
2015-04-05 08:52 . 2015-04-05 08:53	--------	d-----w-	c:\users\Dani
2015-04-04 20:04 . 2015-04-04 20:27	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-04 19:10 . 2015-03-14 10:06	9119072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\mpengine.dll
2015-04-04 04:58 . 2015-04-04 05:03	--------	d-----w-	c:\users\Admin\AppData\Roaming\IDM
2015-04-04 04:58 . 2015-04-04 04:58	--------	d-----w-	c:\programdata\IDM
2015-04-04 04:58 . 2015-04-05 11:49	--------	d-----w-	c:\users\Admin\AppData\Roaming\DMCache
2015-04-04 04:58 . 2015-04-04 05:56	--------	d-----w-	c:\program files\Internet Download Manager
2015-04-04 04:47 . 2015-04-04 04:47	--------	d-----w-	c:\programdata\Free Download Manager
2015-04-04 04:47 . 2015-04-04 04:55	--------	d-----w-	c:\program files\Free Download Manager
2015-04-04 01:47 . 2015-03-14 10:06	9119072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-04 00:25 . 2015-04-04 00:27	--------	d-----w-	C:\FRST
2015-04-03 11:55 . 2015-04-03 12:01	--------	d-----w-	c:\users\Admin\AppData\Roaming\DirSync
2015-04-03 10:41 . 2015-03-27 07:52	924040	----a-w-	c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-04-03 10:41 . 2015-03-27 05:01	187504	----a-w-	c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-04-03 10:41 . 2015-03-27 05:01	50800	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-04-02 13:54 . 2015-03-27 00:10	122432	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2015-04-01 02:47 . 2015-04-05 11:48	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 02:47 . 2015-03-17 04:15	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-01 02:47 . 2015-03-17 04:15	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 02:47 . 2015-03-17 04:15	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-01 02:00 . 2015-04-01 02:00	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2015-04-01 01:39 . 2015-03-25 22:00	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C28C4660-A74B-444B-96C7-58E331EF7C51}\gapaengine.dll
2015-03-29 09:57 . 2015-03-29 09:57	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2015-03-29 09:52 . 2015-03-29 09:52	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2015-03-29 08:57 . 2009-02-26 17:18	29552	----a-w-	c:\windows\system32\mdimon.dll
2015-03-29 08:57 . 2006-10-26 17:58	30512	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2015-03-29 08:54 . 2015-03-29 09:51	--------	d-----w-	c:\program files\Microsoft Works
2015-03-29 08:48 . 2015-03-29 08:48	--------	d-----w-	C:\IDE
2015-03-29 08:48 . 2015-03-29 09:00	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2015-03-29 08:47 . 2015-03-29 08:47	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Help
2015-03-29 08:47 . 2015-03-31 07:41	--------	d-----w-	c:\programdata\Microsoft Help
2015-03-29 08:46 . 2015-03-29 08:46	--------	d-----r-	C:\MSOCache
2015-03-28 05:35 . 2015-03-31 07:04	--------	d-s---w-	c:\windows\system32\GWX
2015-03-25 04:12 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2015-03-25 04:02 . 2015-03-25 04:02	--------	d-----w-	c:\users\Default\AppData\Roaming\IObit
2015-03-25 03:34 . 2013-10-05 09:38	970912	----a-w-	c:\program files\Mozilla Firefox\msvcr120.dll
2015-03-25 03:34 . 2013-10-05 09:38	455328	----a-w-	c:\program files\Mozilla Firefox\msvcp120.dll
2015-03-25 03:34 . 2013-08-22 05:03	3466856	----a-w-	c:\program files\Mozilla Firefox\d3dcompiler_47.dll
2015-03-25 01:03 . 2015-03-25 01:03	--------	d-----w-	c:\users\Admin\AppData\Local\Skype
2015-03-25 01:03 . 2015-03-25 01:05	--------	d-----w-	c:\users\Admin\AppData\Roaming\Skype
2015-03-25 01:02 . 2015-03-25 01:02	--------	d-----w-	c:\program files\Common Files\Skype
2015-03-25 01:02 . 2015-03-25 01:02	--------	d-----r-	c:\program files\Skype
2015-03-25 01:02 . 2015-03-25 01:02	--------	d-----w-	c:\programdata\Skype
2015-03-25 00:16 . 2015-03-25 00:16	--------	d-----w-	c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 00:16 . 2015-03-25 00:16	--------	d-----w-	c:\program files\Common Files\IObit
2015-03-25 00:15 . 2015-03-31 07:04	--------	d-----w-	c:\users\Admin\AppData\Roaming\ProductData
2015-03-25 00:14 . 2015-03-25 00:16	--------	d-----w-	c:\programdata\IObit
2015-03-25 00:14 . 2015-04-01 00:49	--------	d-----w-	c:\programdata\ProductData
2015-03-25 00:14 . 2015-03-25 00:16	--------	d-----w-	c:\program files\IObit
2015-03-25 00:14 . 2015-03-25 00:15	--------	d-----w-	c:\users\Admin\AppData\Roaming\IObit
2015-03-24 23:58 . 2015-03-11 03:30	623616	----a-w-	c:\windows\system32\invagent.dll
2015-03-24 23:58 . 2015-03-11 03:29	327168	----a-w-	c:\windows\system32\devinv.dll
2015-03-24 23:58 . 2015-03-11 03:29	818176	----a-w-	c:\windows\system32\appraiser.dll
2015-03-24 23:58 . 2015-03-11 03:29	26112	----a-w-	c:\windows\system32\acmigration.dll
2015-03-24 23:58 . 2015-03-11 03:29	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-03-24 23:58 . 2015-03-11 03:29	159744	----a-w-	c:\windows\system32\aepic.dll
2015-03-24 23:58 . 2015-03-11 03:26	892928	----a-w-	c:\windows\system32\aeinv.dll
2015-03-24 23:58 . 2015-03-11 03:30	534528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-24 01:01 . 2015-03-24 01:01	--------	d-----w-	c:\programdata\ATI
2015-03-23 23:53 . 2015-03-23 23:53	--------	d-----w-	c:\program files\Microsoft ASP.NET
2015-03-23 23:37 . 2015-03-24 00:38	--------	d-----w-	c:\users\Admin\AppData\Local\NVIDIA Corporation
2015-03-23 22:45 . 2015-03-23 22:45	--------	d-----w-	c:\program files\Hewlett-Packard
2015-03-23 03:22 . 2015-03-24 02:19	--------	d-----w-	c:\programdata\NVIDIA
2015-03-23 03:20 . 2015-03-24 00:40	--------	d-----w-	c:\programdata\NVIDIA Corporation
2015-03-19 04:58 . 2015-03-19 04:58	--------	d-----w-	c:\program files\MyPhoneExplorer
2015-03-19 03:55 . 2015-04-01 02:49	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-03-19 03:55 . 2015-03-19 03:55	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-19 02:21 . 2015-03-19 02:21	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Games
2015-03-10 20:29 . 2015-01-31 03:33	2744320	----a-w-	c:\windows\system32\rdpcorets.dll
2015-03-10 20:29 . 2015-01-31 03:33	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 20:29 . 2015-01-31 00:48	221184	----a-w-	c:\windows\system32\rdpudd.dll
2015-03-10 20:29 . 2015-02-03 03:12	3209728	----a-w-	c:\windows\system32\mf.dll
2015-03-10 20:27 . 2015-02-03 03:12	1230848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-03-10 20:26 . 2015-02-03 03:12	171520	----a-w-	c:\windows\system32\ubpm.dll
2015-03-10 20:26 . 2015-02-26 03:11	2381312	----a-w-	c:\windows\system32\win32k.sys
2015-03-10 20:26 . 2015-01-17 02:30	828928	----a-w-	c:\windows\system32\msctf.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 21:48 . 2015-03-14 01:30	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-03-25 22:00 . 2014-04-20 00:34	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:25 . 2014-07-27 03:09	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-03-25 03:18 . 2014-04-06 12:54	778928	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-03-25 03:18 . 2014-04-06 12:54	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-03 13:16 . 2014-04-06 06:07	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-17 14:04 . 2015-02-17 14:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
2015-01-27 23:36 . 2015-02-10 22:37	1167520	----a-w-	c:\windows\system32\aitstatic.exe
2015-01-09 02:48 . 2015-02-10 22:38	76800	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 02:48 . 2015-02-10 22:38	27136	----a-w-	c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-10 22:38	635904	----a-w-	c:\windows\system32\perftrack.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02	23008	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 8"="c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-02 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2015-1-6 12658536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57	43848	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2014-03-18 18:50	373760	----a-w-	c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10	1516632	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-07-04 10:40	191528	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz137;cpuz137;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [2014-02-17 26856]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2012-03-02 1308736]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-07-01 15576]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-07-01 10200]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2011-08-18 625728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-03-17 92888]
S1 MpKsl2506728e;MpKsl2506728e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\MpKsl2506728e.sys [2015-04-05 39464]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-04 815392]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-27 122432]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-03-17 1871160]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-03-17 1080120]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-05 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB32.sys [2009-07-13 1277952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 03:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Download aller Links mit IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.url - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
BHO-{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3240)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Ralink\Common\RaUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft\BingDesktop\BDExtHost.exe
c:\program files\Microsoft\BingDesktop\BDAppHost.exe
c:\program files\Microsoft\BingDesktop\BDRuntimeHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-05  13:55:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-05 11:54
.
Vor Suchlauf: 12 Verzeichnis(se), 125.310.586.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 125.350.281.216 Bytes frei
.
- - End Of File - - 17554396C96CF0F7CE1E3579D93EC02F
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 05.04.2015, 16:56   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 7: Internet fasst zum Stillstand verlangsamt

Alt 06.04.2015, 00:03   #7
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
du bekommst jetzt die Log-Dateien von Malwarebytes Anti-Malware, AdwCleaner, JRT + FRST.
Von JRT erhältst du 2 Dateien, weil ich vergessen hatte, das Tool beim 1. Mal als Admin zu starten, aber ich befand mich ja im Admin-Konto...
Übrigens habe ich beim Neustart eine Fehlermeldung von meinem Internet Download Manager bekommen (IDM):
Eine Anwendung hat die Integration von IDM in die Browser beschädigt. Sie müssen IDM neu installieren. Oder versuchen Sie IDM über "Hilfe -> IDM aktualisieren..." zu aktualisieren. Überprüfen Sie auch, ob die Browser-Integration eingeschaltet ist.
Ist IDM nicht sicher? Kannst du mir einen sicheren Download-Manager empfehlen? Nach der Installation von Download Accelerator Plus (DAP) hatte ich ja auf einmal die Malware Tuvaro auf dem Rechner.
Warum gibt es immer Probleme mit den Download-Managern?
LG von Dani

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.04.2015
Suchlauf-Zeit: 19:09:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.05.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 423175
Verstrichene Zeit: 29 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 00:06:20
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Admin - DANIELA-PC
# Gestarted von : C:\Users\Admin\Desktop\AdwCleaner 4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0 (x86 de)


*************************

AdwCleaner[R0].txt - [4682 Bytes] - [12/02/2015 04:39:20]
AdwCleaner[R10].txt - [2683 Bytes] - [01/04/2015 05:52:12]
AdwCleaner[R11].txt - [2079 Bytes] - [04/04/2015 07:53:23]
AdwCleaner[R12].txt - [2153 Bytes] - [06/04/2015 00:04:01]
AdwCleaner[R1].txt - [912 Bytes] - [12/02/2015 04:56:14]
AdwCleaner[R2].txt - [2596 Bytes] - [14/03/2015 04:01:49]
AdwCleaner[R3].txt - [2696 Bytes] - [19/03/2015 05:04:42]
AdwCleaner[R4].txt - [2473 Bytes] - [19/03/2015 05:16:55]
AdwCleaner[R5].txt - [2728 Bytes] - [19/03/2015 05:40:43]
AdwCleaner[R6].txt - [3187 Bytes] - [19/03/2015 21:25:25]
AdwCleaner[R7].txt - [3062 Bytes] - [19/03/2015 21:44:08]
AdwCleaner[R8].txt - [3751 Bytes] - [21/03/2015 04:56:50]
AdwCleaner[R9].txt - [4246 Bytes] - [01/04/2015 03:41:06]
AdwCleaner[S0].txt - [4766 Bytes] - [12/02/2015 04:46:24]
AdwCleaner[S10].txt - [2140 Bytes] - [04/04/2015 07:55:29]
AdwCleaner[S11].txt - [1543 Bytes] - [06/04/2015 00:06:20]
AdwCleaner[S1].txt - [972 Bytes] - [12/02/2015 05:00:33]
AdwCleaner[S2].txt - [2663 Bytes] - [14/03/2015 04:14:13]
AdwCleaner[S3].txt - [2771 Bytes] - [19/03/2015 05:09:41]
AdwCleaner[S4].txt - [2531 Bytes] - [19/03/2015 05:21:32]
AdwCleaner[S5].txt - [2819 Bytes] - [19/03/2015 05:45:12]
AdwCleaner[S6].txt - [3296 Bytes] - [19/03/2015 21:28:42]
AdwCleaner[S7].txt - [3162 Bytes] - [19/03/2015 21:48:22]
AdwCleaner[S8].txt - [7835 Bytes] - [21/03/2015 04:59:32]
AdwCleaner[S9].txt - [2795 Bytes] - [01/04/2015 05:54:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2133  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 06.04.2015 at  0:21:49,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ubhm5qpi.default\extensions\staged
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ubhm5qpi.default\prefs.js

user_pref("extensions.xpiState", "{\"app-profile\":{\"amazon-icon@giga.de\":{\"d\":\"C:\\\\Users\\\\Admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ubhm5qpi.d



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at  0:25:41,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 06.04.2015 at  0:29:38,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ubhm5qpi.default\prefs.js

user_pref("extensions.xpiState", "{\"app-profile\":{\"amazon-icon@giga.de\":{\"d\":\"C:\\\\Users\\\\Admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ubhm5qpi.d



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at  0:33:19,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Admin (administrator) on DANIELA-PC on 06-04-2015 00:34:24
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Daniela & Admin & Dani)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-02] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\searchplugins\search_engine.xml [2014-07-14]
FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\amazon-icon@giga.de [2014-06-07]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-08]
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2015-04-04]
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Admin\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1308736 2012-03-02] (Ralink Technology Corp.)
R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-14] (NXP Semiconductors GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 00:34 - 2015-04-06 00:34 - 00014830 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-04-06 00:33 - 2015-04-06 00:33 - 00000948 _____ () C:\Users\Admin\Desktop\JRT2.txt
2015-04-06 00:33 - 2015-04-06 00:25 - 00001344 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-04-06 00:21 - 2015-04-06 00:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DANIELA-PC-Windows-7-Home-Premium-(32-bit).dat
2015-04-06 00:21 - 2015-04-06 00:21 - 00000000 ____D () C:\RegBackup
2015-04-06 00:20 - 2015-04-06 00:20 - 02690981 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-04-06 00:10 - 2015-04-06 00:10 - 00002214 _____ () C:\Users\Admin\Desktop\AdwCleaner[S11].txt
2015-04-06 00:03 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Admin\Desktop\AdwCleaner 4.200.exe
2015-04-06 00:01 - 2015-04-06 00:01 - 00001201 _____ () C:\Users\Admin\Desktop\mbam.txt
2015-04-05 14:12 - 2015-04-05 14:12 - 01302528 _____ () C:\Users\Dani\Downloads\OLFix Outlook-Reperatur.exe
2015-04-05 14:03 - 2015-04-05 14:03 - 00002795 _____ () C:\Users\Dani\Desktop\Microsoft Office Outlook 2007.lnk
2015-04-05 14:03 - 2015-04-05 14:03 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\HP
2015-04-05 13:55 - 2015-04-05 13:55 - 00019524 _____ () C:\Users\Admin\Desktop\ComboFix.txt
2015-04-05 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 13:29 - 2015-04-05 13:55 - 00000000 ____D () C:\Qoobox
2015-04-05 13:29 - 2015-04-05 13:53 - 00000000 ____D () C:\Windows\erdnt
2015-04-05 13:28 - 2015-04-05 13:28 - 05617096 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-04-05 12:28 - 2015-04-05 12:28 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Apple Computer
2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Mozilla
2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieUserList
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieSiteList
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieBrowserModeList
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Macromedia
2015-04-05 10:53 - 2015-04-05 10:53 - 00109664 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\ATI
2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Local\ATI
2015-04-05 10:52 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani
2015-04-05 10:52 - 2015-04-05 10:52 - 00001425 _____ () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-05 10:52 - 2015-04-05 10:52 - 00000020 ___SH () C:\Users\Dani\ntuser.ini
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Startmenü
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Netzwerkumgebung
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Druckumgebung
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Musik
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Bilder
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Local\Verlauf
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Adobe
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\VirtualStore
2015-04-05 10:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\Microsoft Help
2015-04-05 10:52 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IObit
2015-04-05 10:52 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-05 10:52 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-05 10:43 - 2015-04-06 00:27 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner-Board
2015-04-04 22:04 - 2015-04-04 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-04 07:56 - 2015-04-05 13:46 - 00001136 _____ () C:\Windows\PFRO.log
2015-04-04 07:53 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Admin\Downloads\AdwCleaner 4.200.exe
2015-04-04 07:41 - 2015-04-04 07:41 - 00000000 ____D () C:\Users\Admin\Downloads\OTRDecoder_2.0.0.22
2015-04-04 06:58 - 2015-04-05 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DMCache
2015-04-04 06:58 - 2015-04-04 07:56 - 00000000 ____D () C:\Program Files\Internet Download Manager
2015-04-04 06:58 - 2015-04-04 07:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IDM
2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\IDM
2015-04-04 06:54 - 2015-04-04 06:54 - 06215640 _____ (Tonec Inc.) C:\Users\Admin\Downloads\idman623.exe
2015-04-04 06:47 - 2015-04-04 06:55 - 00000000 ____D () C:\Program Files\Free Download Manager
2015-04-04 06:47 - 2015-04-04 06:47 - 00000000 ____D () C:\ProgramData\Free Download Manager
2015-04-04 06:41 - 2015-04-04 09:29 - 00000000 ____D () C:\Users\Admin\Downloads\Filme
2015-04-04 02:25 - 2015-04-06 00:34 - 00000000 ____D () C:\FRST
2015-04-04 02:24 - 2015-04-04 02:24 - 01135104 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-04-04 02:22 - 2015-04-04 02:22 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-04-04 02:07 - 2015-04-04 02:07 - 00109664 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-04 02:05 - 2015-04-06 00:07 - 00000448 _____ () C:\Windows\setupact.log
2015-04-04 02:05 - 2015-04-04 02:05 - 00411880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 02:05 - 2015-04-04 02:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 02:04 - 2015-04-04 02:04 - 00003608 ____N () C:\bootsqm.dat
2015-04-03 14:16 - 2015-03-14 03:58 - 02171392 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.112.exe
2015-04-03 14:16 - 2014-04-07 19:23 - 27560794 _____ () C:\Users\Daniela\Downloads\ar11lite_11.0.0.379_deu Vorsicht.exe
2015-04-03 14:16 - 2013-10-16 18:55 - 29040552 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u45-windows-i586.exe
2015-04-03 14:16 - 2013-09-27 01:26 - 29036456 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u40-windows-i586.exe
2015-04-03 14:16 - 2013-09-15 23:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Daniela\Downloads\mbam-clean-1.60.2.0003.exe
2015-04-03 14:16 - 2013-09-05 01:04 - 31714728 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u25-windows-i586.exe
2015-04-03 14:16 - 2013-07-10 18:13 - 03866624 _____ (Microsoft Corporation) C:\Users\Daniela\Downloads\FreePDF4.08.EXE
2015-04-03 14:16 - 2013-01-18 14:23 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (2).exe
2015-04-03 14:16 - 2012-12-08 03:06 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Daniela\Downloads\jre-6u37-windows-i586.exe
2015-04-03 14:16 - 2012-10-03 03:57 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (1).exe
2015-04-03 13:55 - 2015-04-03 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DirSync
2015-04-02 15:54 - 2015-03-27 02:10 - 00122432 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-04-01 04:47 - 2015-04-06 00:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 04:47 - 2015-04-01 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-01 04:47 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 04:47 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 04:47 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 04:00 - 2015-04-01 04:00 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2015-04-01 03:29 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Daniela\Downloads\AdwCleaner 4.200.exe
2015-03-31 09:33 - 2015-03-31 09:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-29 11:57 - 2015-03-31 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-03-29 11:57 - 2015-03-29 11:57 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-29 11:09 - 2015-03-29 11:09 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Microsoft Help
2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk
2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk
2015-03-29 10:57 - 2015-03-29 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-29 10:57 - 2009-02-26 19:18 - 00029552 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2015-03-29 10:54 - 2015-03-29 11:51 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-03-29 10:48 - 2015-03-29 11:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\IDE
2015-03-29 10:47 - 2015-03-31 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-03-29 10:46 - 2015-03-29 10:46 - 00000000 ___RD () C:\MSOCache
2015-03-29 10:41 - 2015-03-29 10:35 - 1122369536 _____ () C:\Users\Daniela\outlook.pst
2015-03-29 05:15 - 2015-03-29 10:43 - 00000000 ____D () C:\Users\Daniela\Downloads\Microsoft Office 2007 Professional Plus
2015-03-29 03:26 - 2015-03-29 03:26 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Sun
2015-03-28 07:35 - 2015-03-31 09:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-27 04:05 - 2015-03-27 04:15 - 492980834 _____ () C:\Users\Daniela\Downloads\MSO2007P.exe
2015-03-25 06:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-25 06:02 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\ProductData
2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2015-03-25 05:37 - 2015-03-25 05:37 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IObit
2015-03-25 05:27 - 2015-03-25 05:28 - 40909304 _____ () C:\Users\Daniela\Downloads\Firefox Setup 36.0.4.exe
2015-03-25 05:23 - 2015-03-25 05:24 - 37064104 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-8u40-windows-i586.exe
2015-03-25 04:12 - 2015-04-03 15:25 - 58048512 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 34934784 _____ () C:\Windows\system32\config\components.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-03-25 03:03 - 2015-03-25 03:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-03-25 03:03 - 2015-03-25 03:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ___RD () C:\Program Files\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-03-25 02:15 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData
2015-03-25 02:14 - 2015-04-01 02:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\IObit
2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\IObit
2015-03-25 02:14 - 2015-03-25 02:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2015-03-25 02:14 - 2015-03-25 02:14 - 00000000 ____D () C:\Users\Admin\AppData\IObit
2015-03-25 01:58 - 2015-03-11 05:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 01:58 - 2015-03-11 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 01:58 - 2015-03-11 05:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 01:58 - 2015-03-11 05:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 05:01 - 2015-03-24 05:01 - 00000000 ____D () C:\Users\Daniela\Downloads\MSO2007P
2015-03-24 04:50 - 2015-03-24 04:54 - 498949156 _____ () C:\Users\Daniela\Downloads\MSO2007P.zip
2015-03-24 03:01 - 2015-03-24 03:01 - 00000000 ____D () C:\ProgramData\ATI
2015-03-24 01:53 - 2015-03-24 01:53 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2015-03-24 01:37 - 2015-03-24 02:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-03-23 22:21 - 2015-03-23 22:21 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA Corporation
2015-03-23 05:24 - 2015-03-23 05:24 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA
2015-03-23 05:22 - 2015-03-24 04:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 05:20 - 2015-03-24 02:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-19 06:58 - 2015-03-19 06:58 - 00002019 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2015-03-19 05:55 - 2015-04-01 04:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-19 05:55 - 2015-03-19 05:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 05:52 - 2015-03-19 05:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\Malwarebytes 2.0.4.exe
2015-03-19 04:21 - 2015-03-19 04:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games
2015-03-19 00:56 - 2015-03-19 00:56 - 00000000 ____D () C:\Users\Daniela\Documents\onetouch Manager
2015-03-18 23:49 - 2015-03-19 04:45 - 00000000 ____D () C:\Users\Daniela\Documents\MyPhoneExplorer
2015-03-18 23:25 - 2015-03-19 08:59 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\MyPhoneExplorer
2015-03-18 23:00 - 2015-03-18 23:00 - 07332272 _____ () C:\Users\Daniela\Downloads\MyPhoneExplorer.exe
2015-03-18 22:28 - 2015-03-18 22:28 - 00000000 ____D () C:\Users\Daniela\AppData\Local\{042FA28C-4DB3-4B64-94C0-A384193D060C}
2015-03-16 02:59 - 2015-03-16 04:08 - 00110080 _____ () C:\Users\Daniela\Documents\Lampenwelt Lieferantenliste Ersatzgläser 1.5.xls
2015-03-10 22:29 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 22:29 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 22:29 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 22:29 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 22:29 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 22:28 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:28 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:28 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:28 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:28 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:28 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:28 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:28 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:28 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:28 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:28 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:28 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:28 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:28 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:28 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:28 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:28 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:28 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:28 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:28 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:28 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:28 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:28 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:28 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:28 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:28 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:28 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:28 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:28 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:28 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 22:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 22:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:28 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 22:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 22:28 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:28 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 22:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:28 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:28 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:28 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:28 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:27 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:27 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:27 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:27 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:27 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:26 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:26 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:26 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-09 00:09 - 2015-03-09 00:09 - 00107301 _____ () C:\Users\Admin\Desktop\DANIELA-PC.html
2015-03-08 03:50 - 2015-03-08 03:50 - 01710888 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Daniela\Downloads\GPU+Z.exe
2015-03-08 03:44 - 2015-03-08 03:44 - 01582736 _____ ( ) C:\Users\Daniela\Downloads\CPU+Z.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 00:19 - 2014-04-06 07:33 - 01135789 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 00:15 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 00:15 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 00:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 00:06 - 2015-02-12 04:38 - 00000000 ____D () C:\AdwCleaner
2015-04-05 23:46 - 2014-05-14 19:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-04-05 13:49 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-04 08:03 - 2014-08-20 17:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2015-04-04 02:22 - 2014-04-07 01:31 - 00000000 ____D () C:\Users\Admin
2015-04-03 15:19 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Bewerbungen, Schriftverkehr
2015-04-03 15:09 - 2014-04-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-03 14:16 - 2014-05-26 00:59 - 00000000 ____D () C:\Users\Daniela\Downloads\Alcatel
2015-04-03 13:36 - 2014-04-06 07:44 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 12:41 - 2015-01-29 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-03 12:41 - 2014-04-06 13:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-02 21:37 - 2014-04-08 01:39 - 00000000 ____D () C:\Users\Daniela\Scans
2015-04-02 01:27 - 2014-04-08 01:17 - 00062464 _____ () C:\Users\Daniela\Documents\Finanzen.xls
2015-04-01 22:54 - 2014-04-08 01:17 - 00272384 _____ () C:\Users\Daniela\Documents\Lampenwelt_Arbeitszeiten.xls
2015-04-01 04:01 - 2015-01-24 04:01 - 00000000 ____D () C:\Program Files\DAP
2015-04-01 04:01 - 2015-01-24 03:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2015-04-01 03:52 - 2015-01-24 04:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-01 03:02 - 2015-01-29 03:52 - 00000000 ____D () C:\Users\Daniela\Downloads\Filme
2015-03-31 09:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-31 09:26 - 2009-07-14 04:04 - 00000534 _____ () C:\Windows\win.ini
2015-03-31 09:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-31 09:04 - 2014-04-06 07:37 - 00000000 ____D () C:\Users\Daniela
2015-03-31 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-30 00:48 - 2014-04-06 07:55 - 00109664 _____ () C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-29 11:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 11:01 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\ShellNew
2015-03-29 10:54 - 2014-04-26 08:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-29 10:54 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-29 10:52 - 2014-04-06 14:00 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2015-03-29 10:51 - 2014-04-26 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2015-03-29 10:07 - 2014-04-08 01:42 - 00000000 ____D () C:\Users\Daniela\Ulk
2015-03-29 04:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-25 05:30 - 2014-04-07 18:43 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-25 05:25 - 2014-07-27 05:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-25 05:25 - 2014-07-27 05:08 - 00000000 ____D () C:\Program Files\Java
2015-03-25 05:18 - 2014-10-15 04:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-03-25 05:18 - 2014-04-06 14:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-25 05:18 - 2014-04-06 14:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-25 04:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-25 04:19 - 2014-04-06 08:30 - 00000000 ____D () C:\Windows\Panther
2015-03-25 03:55 - 2014-06-09 14:39 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 03:06 - 2014-12-09 23:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:06 - 2014-04-23 00:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 02:51 - 2014-11-19 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-03-25 02:16 - 2014-04-07 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-03-25 02:03 - 2014-05-20 03:54 - 00000000 ____D () C:\ProgramData\Nokia
2015-03-25 02:03 - 2014-04-13 07:08 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-03-25 02:03 - 2014-04-13 06:09 - 00000000 ____D () C:\Program Files\Nokia
2015-03-25 01:48 - 2014-06-20 23:59 - 00000000 ____D () C:\Program Files\Allway Sync
2015-03-25 01:47 - 2014-11-19 23:14 - 00000000 ____D () C:\Program Files\Lavalys
2015-03-25 01:47 - 2014-05-02 20:41 - 00000000 ____D () C:\Windows\pss
2015-03-25 01:47 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IrfanView
2015-03-25 01:47 - 2014-04-08 22:47 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2015-03-25 01:47 - 2014-04-08 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-25 01:47 - 2014-04-08 22:42 - 00000000 ____D () C:\Program Files\HP
2015-03-25 01:47 - 2014-04-08 22:40 - 00000000 ____D () C:\ProgramData\HP
2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-25 01:47 - 2014-04-06 16:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 01:47 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-03-25 01:47 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2015-03-25 01:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security
2015-03-25 01:46 - 2014-04-08 22:45 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD APP
2015-03-25 01:43 - 2014-04-06 16:19 - 00000000 ____D () C:\NVIDIA
2015-03-25 01:43 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD AVT
2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI
2015-03-24 03:54 - 2014-04-08 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HP
2015-03-24 03:53 - 2014-04-08 22:41 - 00012575 _____ () C:\ProgramData\hpzinstall.log
2015-03-24 03:49 - 2014-04-12 01:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP
2015-03-24 03:00 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\AMD
2015-03-24 02:28 - 2014-08-19 03:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\NokiaAccount
2015-03-24 00:35 - 2014-10-02 02:13 - 00000000 ____D () C:\Users\Daniela\AppData\Local\FreePDF_XP
2015-03-23 01:46 - 2014-04-13 03:41 - 1108410368 _____ () C:\Users\Daniela\outlook_alt.pst
2015-03-19 04:46 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2015-03-19 04:45 - 2014-04-06 14:54 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-19 04:44 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mobile Action
2015-03-19 02:38 - 2014-04-13 06:11 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\PC Suite
2015-03-18 23:35 - 2014-06-21 01:19 - 00000000 ____D () C:\Users\Daniela\Documents\Nokia
2015-03-18 23:35 - 2014-05-25 22:51 - 00000000 ____D () C:\Users\Daniela\Documents\Android Manager
2015-03-18 22:12 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Eigene Scans
2015-03-10 22:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-08 23:52 - 2014-09-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-03-08 23:52 - 2014-09-14 20:43 - 00000000 ____D () C:\Program Files\CPUID
2015-03-08 04:01 - 2014-04-06 12:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-08 03:49 - 2014-04-06 12:23 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-05 00:03 - 2014-10-07 05:56 - 0128621 _____ () C:\Users\Admin\AppData\Local\ars.cache
2014-08-05 00:04 - 2014-10-07 05:57 - 0367993 _____ () C:\Users\Admin\AppData\Local\census.cache
2014-08-04 18:38 - 2014-08-04 18:38 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2014-04-08 22:41 - 2015-03-24 03:53 - 0012575 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Daniela\Registry.reg


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 02:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-06 00:35:29
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design online.TiVi (HKLM\...\{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1) (Version: 1.6.0.0 - concept/design GmbH)
concept/design onlineTV 11 (HKLM\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.0.0.0 - concept/design GmbH)
CoolSoft VirtualMIDISynth 1.9.2 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.2.0 - CoolSoft)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirSync  2.96 (HKLM\...\DirSync) (Version:  - Stephen Kalisch)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP (HKLM\...\{EDA192EA-4DA3-416D-965D-65BFDA0E3715}) (Version: 1.5.3.0 - Governikus KG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version:  - CPUID)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.17.0 - Ralink)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-03-2015 06:34:04 Installed Microsoft Fix it 50848
29-03-2015 10:45:52 Installed Microsoft Office Professional Plus 2007
29-03-2015 11:46:06 Windows Update
29-03-2015 12:06:20 Windows Update
30-03-2015 01:04:48 Windows Update
30-03-2015 02:29:09 Windows Update
31-03-2015 07:17:04 Microsoft Office File Validation Add-In wird entfernt
31-03-2015 07:37:13 Microsoft Office Live Add-in 1.5 wird entfernt
31-03-2015 08:29:58 Wiederherstellungsvorgang
31-03-2015 09:23:23 Windows Update
31-03-2015 09:38:06 Windows Update
01-04-2015 03:18:51 Installed Microsoft Fix it 50195
03-04-2015 12:22:14 Windows Update
05-04-2015 10:39:08 Installed Microsoft Fix it 50848

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-04-05 13:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3625605D-9736-4E0D-ADED-80AB17549529} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {3A05D166-9113-4EC4-9566-5F56785457AF} - System32\Tasks\ASC8_SkipUac_Admin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {4A95605E-2F72-413F-9F4A-4F9B662C3B70} - System32\Tasks\{5589489F-BCF7-4E4E-A924-E7FCCE636DA8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {653435B1-E8BB-4611-8BBB-E2FE2CBE8B8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {690E5BA0-2B04-4E7B-906A-6CCA9CB3331D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {7FEA1C05-5956-47C1-9720-5580AA7A98CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8734083E-A084-4978-A36C-CA4115FD8883} - System32\Tasks\{085A87EE-090C-40C6-B1AC-A2A6111D4864} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Task: {BDAC862A-E650-4CF1-B04B-EDEB1AB59011} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2CAD89D-9A42-4025-8876-58161729CDCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F815A518-89BD-445C-8A71-0D92281353F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-25 02:16 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-10-02 02:12 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-04-06 16:24 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-03-25 02:16 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-25 02:16 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-06 20:50 - 2012-02-20 13:59 - 01087336 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Admin (S-1-5-21-3046395627-4054670192-1170409365-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3046395627-4054670192-1170409365-500 - Administrator - Disabled)
Dani (S-1-5-21-3046395627-4054670192-1170409365-1005 - Limited - Enabled) => C:\Users\Dani
Daniela (S-1-5-21-3046395627-4054670192-1170409365-1000 - Limited - Enabled) => C:\Users\Daniela
Gast (S-1-5-21-3046395627-4054670192-1170409365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046395627-4054670192-1170409365-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 3071.3 MB
Available physical RAM: 1930.3 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4640.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:218.24 GB) (Free:116.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Ach so, bei AdwCleaner habe ich löschen gewählt, obwohl er gar nichts gefunden hatte, aber löschen war nicht gegraut + da habe ich mir gedacht, dann mache ich das auch.
LG von Daniela

Alt 06.04.2015, 13:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.04.2015, 21:50   #9
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
es könnte sein, dass ich Bockmist gebaut habe.
Auf dem Bild mit den Auswahlmöglichkeiten vom Eset Online Scanner deutet der Pfeil auf "Auf potentiell unsichere Anwendungen" prüfen.
Also habe ich dort einen Haken gemacht + jetzt hat Eset 27 infizierte Dateien gefunden.
Übrigens gibt es mittlerweile auch die zusätzliche Auswahlmöglichkeit "Archivdateien scannen".
Von den 27 infizierten Dateien weiß ich, dass ich das Jokeprogramm Mona wiederherstellen kann, aber was mache ich mit den anderen 25?
Er hat in fast jedem Programm etwas gefunden. Kann ich die alle wiederherstellen?
Bitte gibt mir Bescheid.
LG von Daniela

Hier ist die Log-Datei der gefundenen Bedrohungen. Ich habe sie aus der Quarantäne exportiert.
Ich habe Eset immer noch offen, damit ich gefundene Sachen aus der Quarantäne wiederherstellen kann, wenn du mir grünes Licht gibst.
LG von Daniela

Code:
ATTFilter
C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe	MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe	Variante von Win32/Systweak.H evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\avira_antivir_personal_de.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\avira_free_antivirus_de.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\ccsetup318.exe	Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\disk-defrag-setup321.exe	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\FoxitReader513.1201_enu_Setup.exe	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\FreeYouTubeToMP3Converter31011.exe	Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\pc-wizard_2014.2.13-setup.exe	MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\PDFCreator-1_7_0_setup.exe	Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\unlocker1.9.0.exe	Win32/Adware.ADON evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\zaSetup_92_058_000_de.exe	Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter	Android/Exploit.Lotoor.AK Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Daniela\Ulk\INFECTED\Mona1.exe	Joke.Mona.A potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe	Variante von Win32/Systweak.H evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\avira_antivir_personal_de.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\avira_free_antivirus_de.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\ccsetup318.exe	Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\disk-defrag-setup321.exe	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\FoxitReader513.1201_enu_Setup.exe	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\FreeYouTubeToMP3Converter31011.exe	Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\pc-wizard_2014.2.13-setup.exe	MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\PDFCreator-1_7_0_setup.exe	Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\unlocker1.9.0.exe	Win32/Adware.ADON evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\zaSetup_92_058_000_de.exe	Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
J:\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter	Android/Exploit.Lotoor.AK Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
J:\Ulk\INFECTED\Mona1.exe	Joke.Mona.A potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
         
Hier habe ich noch eine Logdatei von Eset.
LG von Daniela

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=422fda0664a79a43a19615b110f8e90d
# engine=20211
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-06 08:22:03
# local_time=2015-04-06 10:22:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4747183 51335717 0 0
# scanned=228218
# found=27
# cleaned=27
# scan_time=5237
sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe"
sh=39CE0C48EBF2E925048173DFDA62D83319FBE75C ft=1 fh=08064668fc05246e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\avira_antivir_personal_de.exe"
sh=9ED22B17AF956934B73F176C0AEB87AFA2F2B5B3 ft=1 fh=f57fa58ae860c262 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\avira_free_antivirus_de.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\ccsetup318.exe"
sh=1EACA9B902BDEDC0D664499D520B9A28EEB23C12 ft=1 fh=ec1b02fa0ed165e3 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\disk-defrag-setup321.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\FoxitReader513.1201_enu_Setup.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=6BACEE658526F4F1597581AE945F3B2A5150CD8E ft=1 fh=04a3da4c16b7212f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\pc-wizard_2014.2.13-setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\PDFCreator-1_7_0_setup.exe"
sh=E115AC80776D091765ED3EA022A001E0D8AA4DC9 ft=1 fh=85ce5afd4a88c17f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\unlocker1.9.0.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\zaSetup_92_058_000_de.exe"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
sh=AE2D4F5383CE23382006DA6ED368C3D45239C11C ft=1 fh=2a7a9ac07cbef117 vn="Joke.Mona.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Ulk\INFECTED\Mona1.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe"
sh=39CE0C48EBF2E925048173DFDA62D83319FBE75C ft=1 fh=08064668fc05246e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\avira_antivir_personal_de.exe"
sh=9ED22B17AF956934B73F176C0AEB87AFA2F2B5B3 ft=1 fh=f57fa58ae860c262 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\avira_free_antivirus_de.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\ccsetup318.exe"
sh=1EACA9B902BDEDC0D664499D520B9A28EEB23C12 ft=1 fh=ec1b02fa0ed165e3 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\disk-defrag-setup321.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\FoxitReader513.1201_enu_Setup.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=6BACEE658526F4F1597581AE945F3B2A5150CD8E ft=1 fh=04a3da4c16b7212f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\pc-wizard_2014.2.13-setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\PDFCreator-1_7_0_setup.exe"
sh=E115AC80776D091765ED3EA022A001E0D8AA4DC9 ft=1 fh=85ce5afd4a88c17f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\unlocker1.9.0.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\zaSetup_92_058_000_de.exe"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="J:\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
sh=AE2D4F5383CE23382006DA6ED368C3D45239C11C ft=1 fh=2a7a9ac07cbef117 vn="Joke.Mona.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Ulk\INFECTED\Mona1.exe"
         

Alt 07.04.2015, 17:07   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Bis auf den ersten Fund sind das alles nur downloads, also Installer. Alle löschen. Und mal über das Surfverhalten nachdenken.

CPUID komplett deinstallieren.


Und den Ordner INFECTED gleich komplett killen. Dann den Rest von Oben
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.04.2015, 03:16   #11
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
ich habe den Eset Online Scanner noch mal laufen lassen + er hat tatsächlich in dem Installer vom MKV-Player auch noch etwas gefunden. Das war aber der einzigste Fund.
Leider habe ich keine Log-Datei, weil ich vor dem Schließen "Fälle in Quarantände löschen" + "Eset Scanner deinstallieren" angegeben hatte.
CPUID habe ich gelöscht + den Ordner INFECT auch, aber im Ordner INFECT waren nur Scherzprogramme. Die Datei Mona ist leicht unzüchtig gewesen: Mona Lisa hat darin ihre Bluse gelüftet + dabei richtig gelächelt.
Aber was hat das denn mit den vielen Funden in den Installern auf sich? Normalerweise lade ich Programme bei Chip runter. Bedeutet das, dass Chip verseuchte Dateien zum Download anbietet? Ich meine, die Installationsdatei von Avira Antivirus z.B. kann doch nicht schlecht sein oder hängen sich diese verseuchten Dinger erst irgendwann später an die Downloaddateien?
Hier jetzt noch die Log-Dateien von SecurityCheck und FRST.
LG von Daniela

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.99  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 40  
 Adobe Flash Player 	17.0.0.134  
 Adobe Reader XI  
 Mozilla Firefox (37.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Admin (administrator) on DANIELA-PC on 08-04-2015 03:43:27
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Daniela & Admin & Dani)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(G Data Software AG) C:\Program Files\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [GDataUsbProtection] => C:\Program Files\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1405560 2014-09-03] (G Data Software AG)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-02] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\searchplugins\search_engine.xml [2014-07-14]
FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\amazon-icon@giga.de [2014-06-07]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-25]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-08]
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2015-04-04]
FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Admin\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker32.sys [27648 2015-04-06] (G Data Software AG)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1308736 2012-03-02] (Ralink Technology Corp.)
R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-14] (NXP Semiconductors GmbH)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 03:43 - 2015-04-08 03:44 - 00015365 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-04-08 03:41 - 2015-04-08 03:41 - 00000905 _____ () C:\Users\Admin\Desktop\checkup.txt
2015-04-08 03:15 - 2014-12-03 00:10 - 00000000 ____D () C:\Users\Dani\.egvp2_client
2015-04-08 01:35 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 01:35 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 01:35 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 01:35 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 01:35 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 01:35 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 01:35 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 01:35 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ___HD () C:\Users\Dani\Documents\_SYNCAPP
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\X-Box Einrichtung der EasyBox 802
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\xbox
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Wolfsberg
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Turbo Lister Backup
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\TRC
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Quiz
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Projektarbeit
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Outlook
2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\onetouch Manager
2015-04-08 00:59 - 2015-04-08 01:00 - 00000000 ____D () C:\Users\Dani\Documents\Nokia
2015-04-08 00:56 - 2015-04-08 00:58 - 00000000 ____D () C:\Users\Dani\Documents\MyPhoneExplorer
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Memorycard Handy
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Kinderzuschlag
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Handelsschule Herrmann
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\gegl-0.0
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Fotos ibis acam
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Fax
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Elster
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Eigene Webs
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\EGVP2
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\EGVP1
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\EGVP
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Dozenten Handelsschule
2015-04-08 00:56 - 2014-07-11 17:18 - 00000000 ____D () C:\Users\Dani\Documents\Eigene Scans
2015-04-08 00:56 - 2010-03-25 22:08 - 00000000 ____D () C:\Users\Dani\Documents\My Art
2015-04-08 00:56 - 2010-03-24 20:26 - 00000000 ____D () C:\Users\Dani\Documents\ForceField Shared Files
2015-04-08 00:56 - 2007-12-15 00:01 - 00000000 ____D () C:\Users\Dani\Documents\Eigene eBooks
2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Commerzbank
2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Bewerbungen, Schriftverkehr
2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Anschluss FritzBox
2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\ANNEN-POST
2015-04-08 00:55 - 2010-03-24 16:34 - 00000000 ____D () C:\Users\Dani\Documents\Bluetooth-Exchange-Ordner
2015-04-08 00:53 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Anlagen Outlook
2015-04-08 00:53 - 2015-04-08 00:53 - 00000000 ____D () C:\Users\Dani\Documents\Android Manager
2015-04-08 00:53 - 2014-12-05 03:04 - 00028160 _____ () C:\Users\Dani\Documents\XBOX360 ohne Batman+Halo3.xls
2015-04-08 00:53 - 2014-05-24 06:19 - 00023040 _____ () C:\Users\Dani\Documents\Torsten.xls
2015-04-08 00:53 - 2011-04-15 13:52 - 00024064 _____ () C:\Users\Dani\Documents\TRC_Gehälter.xls
2015-04-08 00:53 - 2011-03-08 22:52 - 00029696 _____ () C:\Users\Dani\Documents\TRC_Okt10.xls
2015-04-08 00:53 - 2011-03-08 22:50 - 00029184 _____ () C:\Users\Dani\Documents\TRC_Sept10.xls
2015-04-08 00:53 - 2011-03-08 22:49 - 00029184 _____ () C:\Users\Dani\Documents\TRC_Nov10.xls
2015-04-08 00:53 - 2011-01-14 16:29 - 00018944 _____ () C:\Users\Dani\Documents\TRC_Arbeitszeiten2.xls
2015-04-08 00:53 - 2010-11-27 21:38 - 00033792 _____ () C:\Users\Dani\Documents\TRC_Arbeitsplan.xls
2015-04-08 00:53 - 2010-08-31 08:42 - 00094720 _____ () C:\Users\Dani\Documents\TRC_Strichliste.xls
2015-04-08 00:53 - 2010-03-17 01:46 - 00083968 _____ () C:\Users\Dani\Documents\xp_gewinn_verlust.xls
2015-04-08 00:53 - 2009-07-14 15:20 - 00053760 _____ () C:\Users\Dani\Documents\TRC_Arbeitszeiten.xls
2015-04-08 00:53 - 2009-06-25 00:55 - 14149830 _____ () C:\Users\Dani\Documents\Spiegel TV - Über die TRC Telemedia, MC Multimedia &amp;amp; Allinkasso.AVI
2015-04-08 00:53 - 2009-03-04 15:00 - 00013824 _____ () C:\Users\Dani\Documents\Tilgung.xls
2015-04-08 00:53 - 2009-01-30 00:39 - 00019456 _____ () C:\Users\Dani\Documents\TRC_Jan.xls
2015-04-08 00:53 - 2009-01-18 10:21 - 00018944 _____ () C:\Users\Dani\Documents\TRC_Dez.xls
2015-04-08 00:53 - 2008-11-02 12:57 - 00018944 _____ () C:\Users\Dani\Documents\TSW.xls
2015-04-08 00:53 - 2008-09-16 01:36 - 00017408 _____ () C:\Users\Dani\Documents\TRC_Tätigkeitenüberblick.xls
2015-04-08 00:53 - 2008-03-24 01:54 - 03232845 _____ () C:\Users\Dani\Documents\Sonderheft_Netzwerke.zip
2015-04-08 00:53 - 2007-10-13 22:27 - 03254784 ____R () C:\Users\Dani\Documents\WelcomeToRomania[1].pps
2015-04-08 00:53 - 2007-04-29 17:32 - 00127488 ____R () C:\Users\Dani\Documents\Vodafone_April2007.xls
2015-04-08 00:53 - 2005-09-09 17:04 - 00015872 ____R () C:\Users\Dani\Documents\Stundenpläne.xls
2015-04-08 00:52 - 2015-04-08 01:05 - 00272384 _____ () C:\Users\Dani\Documents\Lampenwelt_Arbeitszeiten.xls
2015-04-08 00:52 - 2015-04-02 01:27 - 00062464 _____ () C:\Users\Dani\Documents\Finanzen.xls
2015-04-08 00:52 - 2015-03-16 04:08 - 00110080 _____ () C:\Users\Dani\Documents\Lampenwelt Lieferantenliste Ersatzgläser 1.5.xls
2015-04-08 00:52 - 2014-12-28 08:30 - 00112640 _____ () C:\Users\Dani\Documents\Lampenwelt Ersatz-Lieferantenliste Ersatzgläser Dezember 2014.xls
2015-04-08 00:52 - 2014-12-28 04:54 - 00061645 _____ () C:\Users\Dani\Documents\Lampenwelt Ersatz-Lieferantenliste Ersatzgläser Oktober 2014 1.3.xlsx
2015-04-08 00:52 - 2014-06-28 02:42 - 12971704 _____ () C:\Users\Dani\Documents\Donata verbrennt 16.06.14.mp4
2015-04-08 00:52 - 2013-06-01 01:13 - 00023552 _____ () C:\Users\Dani\Documents\Krampftagebuch.xls
2015-04-08 00:52 - 2013-01-26 23:20 - 00015039 _____ () C:\Users\Dani\Documents\ESt2012_Palancianu_Daniela.elfo
2015-04-08 00:52 - 2012-06-05 00:21 - 00024064 _____ () C:\Users\Dani\Documents\Senior-Katzenfutter.xls
2015-04-08 00:52 - 2012-05-17 22:42 - 00004080 _____ () C:\Users\Dani\Documents\cc_20120517_223836.reg
2015-04-08 00:52 - 2012-04-07 17:33 - 00097394 _____ () C:\Users\Dani\Documents\ESt2011_Palancianu_Daniela.elfo
2015-04-08 00:52 - 2012-02-23 23:13 - 00055296 _____ () C:\Users\Dani\Documents\FRITZ!Box_Anrufliste2.xls
2015-04-08 00:52 - 2012-02-15 03:37 - 00023552 _____ () C:\Users\Dani\Documents\Kreditkarten.xls
2015-04-08 00:52 - 2012-02-14 18:43 - 00013824 _____ () C:\Users\Dani\Documents\Adrian.xls
2015-04-08 00:52 - 2012-02-14 01:35 - 00055808 _____ () C:\Users\Dani\Documents\FRITZ!Box_Anrufliste.xls
2015-04-08 00:52 - 2012-01-04 01:10 - 00049152 _____ () C:\Users\Dani\Documents\Lampenwelt_Statistik.xls
2015-04-08 00:52 - 2011-01-10 21:19 - 00048334 _____ () C:\Users\Dani\Documents\Handleiding JIM² Foon.txt
2015-04-08 00:52 - 2010-10-04 17:01 - 00525779 _____ () C:\Users\Dani\Documents\PferdeStehlen.zip
2015-04-08 00:52 - 2010-05-28 09:34 - 01905664 _____ () C:\Users\Dani\Documents\Kläranlage.ppt
2015-04-08 00:52 - 2010-03-28 03:01 - 00000185 _____ () C:\Users\Dani\Documents\GB.txt
2015-04-08 00:52 - 2009-08-06 16:12 - 01793536 _____ () C:\Users\Dani\Documents\Bsp_Unikate2.xls
2015-04-08 00:52 - 2009-08-05 12:59 - 04265984 _____ () C:\Users\Dani\Documents\Bsp_Unikate1.xls
2015-04-08 00:52 - 2009-07-08 15:18 - 235049700 _____ () C:\Users\Dani\Documents\2009-07-08 Nokia N78.nbu
2015-04-08 00:52 - 2009-06-25 01:26 - 25401786 _____ () C:\Users\Dani\Documents\Akte 09 - Bei Anruf Abzocke! Wie die TRC Telemedia Sie jetzt um ihr Geld bringt.AVI
2015-04-08 00:52 - 2009-06-25 00:38 - 18346640 _____ () C:\Users\Dani\Documents\BiZZ in Fulda MC Multimedia TRC Telemedia.AVI
2015-04-08 00:52 - 2009-03-24 23:16 - 00024576 _____ () C:\Users\Dani\Documents\Adressen Konfer.xls
2015-04-08 00:52 - 2008-10-05 21:22 - 00256512 _____ () C:\Users\Dani\Documents\Deutsch-Englisch-Funktionen.xls
2015-04-08 00:52 - 2008-10-04 03:52 - 01788928 _____ () C:\Users\Dani\Documents\BeispielFuerDaniela2.xls
2015-04-08 00:52 - 2008-10-04 02:43 - 01792000 _____ () C:\Users\Dani\Documents\BeispielFuerDaniela.xls
2015-04-08 00:52 - 2008-03-21 17:22 - 00714377 _____ () C:\Users\Dani\Documents\ISO1_DVD.nri
2015-04-08 00:52 - 2008-01-15 02:57 - 00025600 _____ () C:\Users\Dani\Documents\Bewerbungsliste1.xls
2015-04-08 00:52 - 2007-02-13 03:38 - 00016896 _____ () C:\Users\Dani\Documents\Bewerbungsliste.xls
2015-04-08 00:52 - 2006-10-29 23:55 - 00005976 ____R () C:\Users\Dani\Documents\cc_20061029_2254.reg
2015-04-08 00:52 - 2006-10-01 01:58 - 00003466 _____ () C:\Users\Dani\Documents\Erklärung2005.05
2015-04-08 00:52 - 2006-08-07 03:33 - 159318937 _____ () C:\Users\Dani\Documents\karpaten.wmv
2015-04-08 00:52 - 2006-04-22 20:56 - 01949090 _____ () C:\Users\Dani\Documents\Rumänische Musik.wmv
2015-04-08 00:52 - 2004-11-08 23:40 - 01507443 _____ () C:\Users\Dani\Documents\Dupli-Color.dat
2015-04-08 00:52 - 2004-11-08 23:34 - 00865053 _____ () C:\Users\Dani\Documents\Motip.dat
2015-04-08 00:52 - 2004-09-28 16:02 - 00031232 _____ () C:\Users\Dani\Documents\Betreuungsabrechnung.xls
2015-04-08 00:52 - 2004-07-16 21:50 - 00000125 ____H () C:\Users\Dani\Documents\desktop (2).ini
2015-04-08 00:42 - 2015-04-08 00:44 - 00000000 ____D () C:\Users\Dani\Scans
2015-04-06 07:40 - 2015-04-06 07:40 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\MyPhoneExplorer
2015-04-06 07:39 - 2015-04-08 00:45 - 00000000 ____D () C:\Users\Dani\Ulk
2015-04-06 07:33 - 2015-04-06 07:33 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBBlocker32.sys
2015-04-06 07:33 - 2015-04-06 07:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBBlocker32_01007.Wdf
2015-04-06 07:33 - 2015-04-06 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA USB KEYBOARD GUARD
2015-04-06 07:33 - 2015-04-06 07:33 - 00000000 ____D () C:\Program Files\G DATA
2015-04-06 07:32 - 2015-04-06 07:32 - 00000000 ____D () C:\ProgramData\G Data
2015-04-06 07:30 - 2015-04-06 07:30 - 11893880 _____ (G Data Software AG) C:\Users\Dani\Downloads\INT_GD_USB_KEYBOARD_GUARD.exe
2015-04-06 04:23 - 2015-04-06 04:51 - 03735552 ___HT () C:\Users\Dani\Desktop\~backup.pst.tmp
2015-04-06 03:18 - 2015-04-06 03:18 - 00000000 ____D () C:\Users\Dani\AppData\Local\Adobe
2015-04-06 03:07 - 2015-04-06 03:07 - 00000000 ____D () C:\Users\Dani\AppData\Local\Apple Computer
2015-04-06 02:49 - 2015-04-06 02:50 - 00000000 ____D () C:\Datensicherung
2015-04-06 02:45 - 2015-04-06 02:49 - 00001150 _____ () C:\Users\Dani\Desktop\Registry-Sicherung.lnk
2015-04-06 02:33 - 2015-04-06 02:33 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView
2015-04-06 02:10 - 2015-04-04 06:54 - 06215640 _____ (Tonec Inc.) C:\Users\Dani\Downloads\idman623.exe
2015-04-06 02:10 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Dani\Downloads\AdwCleaner 4.200.exe
2015-04-06 01:31 - 2015-04-06 01:31 - 00000000 ____D () C:\Users\Dani\Downloads\OTRDecoder_2.0.0.22
2015-04-06 01:25 - 2015-04-06 07:31 - 00000000 ____D () C:\Users\Dani\Downloads\Filme
2015-04-06 01:12 - 2015-04-06 01:12 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\ProductData
2015-04-06 00:21 - 2015-04-06 00:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DANIELA-PC-Windows-7-Home-Premium-(32-bit).dat
2015-04-06 00:21 - 2015-04-06 00:21 - 00000000 ____D () C:\RegBackup
2015-04-05 14:12 - 2015-04-05 14:12 - 01302528 _____ () C:\Users\Dani\Downloads\OLFix Outlook-Reperatur.exe
2015-04-05 14:03 - 2015-04-05 14:03 - 00002795 _____ () C:\Users\Dani\Desktop\Microsoft Office Outlook 2007.lnk
2015-04-05 14:03 - 2015-04-05 14:03 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\HP
2015-04-05 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-05 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 13:29 - 2015-04-05 13:55 - 00000000 ____D () C:\Qoobox
2015-04-05 13:29 - 2015-04-05 13:53 - 00000000 ____D () C:\Windows\erdnt
2015-04-05 12:28 - 2015-04-05 12:28 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Apple Computer
2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Mozilla
2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieUserList
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieSiteList
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieBrowserModeList
2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Macromedia
2015-04-05 10:53 - 2015-04-05 10:53 - 00109664 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\ATI
2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Local\ATI
2015-04-05 10:52 - 2015-04-08 03:15 - 00000000 ____D () C:\Users\Dani
2015-04-05 10:52 - 2015-04-06 03:18 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Adobe
2015-04-05 10:52 - 2015-04-05 10:52 - 00001425 _____ () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-05 10:52 - 2015-04-05 10:52 - 00000020 ___SH () C:\Users\Dani\ntuser.ini
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Startmenü
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Netzwerkumgebung
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Druckumgebung
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Musik
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Bilder
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Local\Verlauf
2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\VirtualStore
2015-04-05 10:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\Microsoft Help
2015-04-05 10:52 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IObit
2015-04-05 10:52 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-05 10:52 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-05 10:43 - 2015-04-08 03:42 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner-Board
2015-04-04 22:04 - 2015-04-04 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-04 07:56 - 2015-04-05 13:46 - 00001136 _____ () C:\Windows\PFRO.log
2015-04-04 07:53 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Admin\Downloads\AdwCleaner 4.200.exe
2015-04-04 07:41 - 2015-04-04 07:41 - 00000000 ____D () C:\Users\Admin\Downloads\OTRDecoder_2.0.0.22
2015-04-04 06:58 - 2015-04-08 00:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DMCache
2015-04-04 06:58 - 2015-04-04 07:56 - 00000000 ____D () C:\Program Files\Internet Download Manager
2015-04-04 06:58 - 2015-04-04 07:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IDM
2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\IDM
2015-04-04 06:54 - 2015-04-04 06:54 - 06215640 _____ (Tonec Inc.) C:\Users\Admin\Downloads\idman623.exe
2015-04-04 06:47 - 2015-04-04 06:55 - 00000000 ____D () C:\Program Files\Free Download Manager
2015-04-04 06:47 - 2015-04-04 06:47 - 00000000 ____D () C:\ProgramData\Free Download Manager
2015-04-04 06:41 - 2015-04-04 09:29 - 00000000 ____D () C:\Users\Admin\Downloads\Filme
2015-04-04 02:25 - 2015-04-08 03:43 - 00000000 ____D () C:\FRST
2015-04-04 02:24 - 2015-04-04 02:24 - 01135104 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-04-04 02:22 - 2015-04-04 02:22 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-04-04 02:07 - 2015-04-04 02:07 - 00109664 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-04 02:05 - 2015-04-08 01:40 - 00001447 _____ () C:\Windows\setupact.log
2015-04-04 02:05 - 2015-04-04 02:05 - 00411880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-04 02:05 - 2015-04-04 02:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-04 02:04 - 2015-04-04 02:04 - 00003608 ____N () C:\bootsqm.dat
2015-04-03 14:16 - 2015-03-14 03:58 - 02171392 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.112.exe
2015-04-03 14:16 - 2014-04-07 19:23 - 27560794 _____ () C:\Users\Daniela\Downloads\ar11lite_11.0.0.379_deu Vorsicht.exe
2015-04-03 14:16 - 2013-10-16 18:55 - 29040552 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u45-windows-i586.exe
2015-04-03 14:16 - 2013-09-27 01:26 - 29036456 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u40-windows-i586.exe
2015-04-03 14:16 - 2013-09-15 23:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Daniela\Downloads\mbam-clean-1.60.2.0003.exe
2015-04-03 14:16 - 2013-09-05 01:04 - 31714728 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u25-windows-i586.exe
2015-04-03 14:16 - 2013-07-10 18:13 - 03866624 _____ (Microsoft Corporation) C:\Users\Daniela\Downloads\FreePDF4.08.EXE
2015-04-03 14:16 - 2013-01-18 14:23 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (2).exe
2015-04-03 14:16 - 2012-12-08 03:06 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Daniela\Downloads\jre-6u37-windows-i586.exe
2015-04-03 14:16 - 2012-10-03 03:57 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (1).exe
2015-04-03 13:55 - 2015-04-03 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DirSync
2015-04-02 15:54 - 2015-03-27 02:10 - 00122432 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-04-01 04:47 - 2015-04-08 01:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 04:47 - 2015-04-01 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-01 04:47 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-01 04:47 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-01 04:47 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-01 04:00 - 2015-04-01 04:00 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2015-04-01 03:29 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Daniela\Downloads\AdwCleaner 4.200.exe
2015-03-31 09:33 - 2015-03-31 09:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-29 11:57 - 2015-03-31 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-03-29 11:57 - 2015-03-29 11:57 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-29 11:09 - 2015-03-29 11:09 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Microsoft Help
2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk
2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk
2015-03-29 10:57 - 2015-03-29 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-29 10:57 - 2009-02-26 19:18 - 00029552 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll
2015-03-29 10:54 - 2015-03-29 11:51 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-03-29 10:48 - 2015-03-29 11:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\IDE
2015-03-29 10:47 - 2015-03-31 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-03-29 10:46 - 2015-03-29 10:46 - 00000000 ___RD () C:\MSOCache
2015-03-29 10:41 - 2015-03-29 10:35 - 1122369536 _____ () C:\Users\Daniela\outlook.pst
2015-03-29 05:15 - 2015-03-29 10:43 - 00000000 ____D () C:\Users\Daniela\Downloads\Microsoft Office 2007 Professional Plus
2015-03-29 03:26 - 2015-03-29 03:26 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Sun
2015-03-28 07:35 - 2015-03-31 09:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-27 04:05 - 2015-03-27 04:15 - 492980834 _____ () C:\Users\Daniela\Downloads\MSO2007P.exe
2015-03-25 06:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-25 06:02 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\ProductData
2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2015-03-25 05:37 - 2015-03-25 05:37 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IObit
2015-03-25 05:27 - 2015-03-25 05:28 - 40909304 _____ () C:\Users\Daniela\Downloads\Firefox Setup 36.0.4.exe
2015-03-25 05:23 - 2015-03-25 05:24 - 37064104 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-8u40-windows-i586.exe
2015-03-25 04:12 - 2015-04-03 15:25 - 58048512 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 34934784 _____ () C:\Windows\system32\config\components.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit
2015-03-25 04:12 - 2015-04-03 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-03-25 03:03 - 2015-03-25 03:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-03-25 03:03 - 2015-03-25 03:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ___RD () C:\Program Files\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-03-25 02:15 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData
2015-03-25 02:14 - 2015-04-01 02:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\IObit
2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\IObit
2015-03-25 02:14 - 2015-03-25 02:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2015-03-25 02:14 - 2015-03-25 02:14 - 00000000 ____D () C:\Users\Admin\AppData\IObit
2015-03-24 05:01 - 2015-03-24 05:01 - 00000000 ____D () C:\Users\Daniela\Downloads\MSO2007P
2015-03-24 04:50 - 2015-03-24 04:54 - 498949156 _____ () C:\Users\Daniela\Downloads\MSO2007P.zip
2015-03-24 03:01 - 2015-03-24 03:01 - 00000000 ____D () C:\ProgramData\ATI
2015-03-24 01:53 - 2015-03-24 01:53 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2015-03-24 01:37 - 2015-03-24 02:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-03-23 22:21 - 2015-03-23 22:21 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA Corporation
2015-03-23 05:24 - 2015-03-23 05:24 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA
2015-03-23 05:22 - 2015-03-24 04:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 05:20 - 2015-03-24 02:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-19 06:58 - 2015-03-19 06:58 - 00002019 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2015-03-19 05:55 - 2015-04-01 04:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-19 05:55 - 2015-03-19 05:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-19 05:52 - 2015-03-19 05:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\Malwarebytes 2.0.4.exe
2015-03-19 04:21 - 2015-03-19 04:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games
2015-03-18 23:25 - 2015-03-19 08:59 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\MyPhoneExplorer
2015-03-18 23:00 - 2015-03-18 23:00 - 07332272 _____ () C:\Users\Daniela\Downloads\MyPhoneExplorer.exe
2015-03-18 22:28 - 2015-03-18 22:28 - 00000000 ____D () C:\Users\Daniela\AppData\Local\{042FA28C-4DB3-4B64-94C0-A384193D060C}
2015-03-10 22:29 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 22:29 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 22:29 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 22:29 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 22:29 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 22:28 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:28 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:28 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:28 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:28 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:28 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:28 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:28 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:28 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:28 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:28 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:28 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:28 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:28 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:28 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:28 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:28 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:28 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:28 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:28 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:28 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:28 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:28 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:28 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:28 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:28 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:28 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:28 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:28 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:28 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 22:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 22:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:28 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 22:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 22:28 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:28 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:28 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 22:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:28 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:28 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:28 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:28 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:27 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:27 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:27 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:27 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:27 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:27 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:27 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:26 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:26 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:26 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-09 00:09 - 2015-03-09 00:09 - 00107301 _____ () C:\Users\Admin\Desktop\DANIELA-PC.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 03:29 - 2014-04-06 07:33 - 01333517 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 02:46 - 2014-05-14 19:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 01:48 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 01:48 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 01:40 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 01:39 - 2014-12-09 23:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 01:39 - 2014-04-23 00:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 01:22 - 2014-04-08 01:42 - 00000000 ____D () C:\Users\Daniela\Ulk
2015-04-08 01:20 - 2014-04-08 01:39 - 00000000 ____D () C:\Users\Daniela\Scans
2015-04-08 00:08 - 2014-09-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-04-08 00:08 - 2014-09-14 20:43 - 00000000 ____D () C:\Program Files\CPUID
2015-04-06 00:06 - 2015-02-12 04:38 - 00000000 ____D () C:\AdwCleaner
2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-04-05 13:49 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-04-04 08:03 - 2014-08-20 17:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate
2015-04-04 02:22 - 2014-04-07 01:31 - 00000000 ____D () C:\Users\Admin
2015-04-03 15:09 - 2014-04-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-03 14:16 - 2014-05-26 00:59 - 00000000 ____D () C:\Users\Daniela\Downloads\Alcatel
2015-04-03 13:36 - 2014-04-06 07:44 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 12:41 - 2015-01-29 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-03 12:41 - 2014-04-06 13:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-01 04:01 - 2015-01-24 04:01 - 00000000 ____D () C:\Program Files\DAP
2015-04-01 04:01 - 2015-01-24 03:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2015-04-01 03:52 - 2015-01-24 04:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-01 03:02 - 2015-01-29 03:52 - 00000000 ____D () C:\Users\Daniela\Downloads\Filme
2015-03-31 09:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-31 09:26 - 2009-07-14 04:04 - 00000534 _____ () C:\Windows\win.ini
2015-03-31 09:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-31 09:04 - 2014-04-06 07:37 - 00000000 ____D () C:\Users\Daniela
2015-03-31 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-30 00:48 - 2014-04-06 07:55 - 00109664 _____ () C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-29 11:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 11:01 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\ShellNew
2015-03-29 10:54 - 2014-04-26 08:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-29 10:54 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-29 10:52 - 2014-04-06 14:00 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2015-03-29 10:51 - 2014-04-26 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2015-03-29 04:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-25 05:30 - 2014-04-07 18:43 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-25 05:25 - 2014-07-27 05:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-25 05:25 - 2014-07-27 05:08 - 00000000 ____D () C:\Program Files\Java
2015-03-25 05:18 - 2014-10-15 04:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-03-25 05:18 - 2014-04-06 14:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-25 05:18 - 2014-04-06 14:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-25 04:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-25 04:19 - 2014-04-06 08:30 - 00000000 ____D () C:\Windows\Panther
2015-03-25 03:55 - 2014-06-09 14:39 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 02:51 - 2014-11-19 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2015-03-25 02:16 - 2014-04-07 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-03-25 02:03 - 2014-05-20 03:54 - 00000000 ____D () C:\ProgramData\Nokia
2015-03-25 02:03 - 2014-04-13 07:08 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-03-25 02:03 - 2014-04-13 06:09 - 00000000 ____D () C:\Program Files\Nokia
2015-03-25 01:48 - 2014-06-20 23:59 - 00000000 ____D () C:\Program Files\Allway Sync
2015-03-25 01:47 - 2014-11-19 23:14 - 00000000 ____D () C:\Program Files\Lavalys
2015-03-25 01:47 - 2014-05-02 20:41 - 00000000 ____D () C:\Windows\pss
2015-03-25 01:47 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IrfanView
2015-03-25 01:47 - 2014-04-08 22:47 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2015-03-25 01:47 - 2014-04-08 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-25 01:47 - 2014-04-08 22:42 - 00000000 ____D () C:\Program Files\HP
2015-03-25 01:47 - 2014-04-08 22:40 - 00000000 ____D () C:\ProgramData\HP
2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-25 01:47 - 2014-04-06 16:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 01:47 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-03-25 01:47 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2015-03-25 01:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security
2015-03-25 01:46 - 2014-04-08 22:45 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD APP
2015-03-25 01:43 - 2014-04-06 16:19 - 00000000 ____D () C:\NVIDIA
2015-03-25 01:43 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD AVT
2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI
2015-03-24 03:54 - 2014-04-08 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HP
2015-03-24 03:53 - 2014-04-08 22:41 - 00012575 _____ () C:\ProgramData\hpzinstall.log
2015-03-24 03:49 - 2014-04-12 01:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP
2015-03-24 03:00 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\AMD
2015-03-24 02:28 - 2014-08-19 03:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\NokiaAccount
2015-03-24 00:35 - 2014-10-02 02:13 - 00000000 ____D () C:\Users\Daniela\AppData\Local\FreePDF_XP
2015-03-23 01:46 - 2014-04-13 03:41 - 1108410368 _____ () C:\Users\Daniela\outlook_alt.pst
2015-03-19 04:46 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView
2015-03-19 04:45 - 2014-04-06 14:54 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-19 04:44 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mobile Action
2015-03-19 02:38 - 2014-04-13 06:11 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\PC Suite
2015-03-10 22:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

==================== Files in the root of some directories =======

2014-08-05 00:03 - 2014-10-07 05:56 - 0128621 _____ () C:\Users\Admin\AppData\Local\ars.cache
2014-08-05 00:04 - 2014-10-07 05:57 - 0367993 _____ () C:\Users\Admin\AppData\Local\census.cache
2014-08-04 18:38 - 2014-08-04 18:38 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2014-04-08 22:41 - 2015-03-24 03:53 - 0012575 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Daniela\Registry.reg


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 02:56

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-08 03:45:13
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design online.TiVi (HKLM\...\{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1) (Version: 1.6.0.0 - concept/design GmbH)
concept/design onlineTV 11 (HKLM\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.0.0.0 - concept/design GmbH)
CoolSoft VirtualMIDISynth 1.9.2 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.2.0 - CoolSoft)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirSync  2.96 (HKLM\...\DirSync) (Version:  - Stephen Kalisch)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP (HKLM\...\{EDA192EA-4DA3-416D-965D-65BFDA0E3715}) (Version: 1.5.3.0 - Governikus KG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
G DATA USB KEYBOARD GUARD (HKLM\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.0.0.32 - G DATA Software AG)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version:  - CPUID)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.17.0 - Ralink)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-04-2015 10:39:08 Installed Microsoft Fix it 50848
06-04-2015 20:26:05 Windows Update
08-04-2015 01:35:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-04-05 13:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3625605D-9736-4E0D-ADED-80AB17549529} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {3A05D166-9113-4EC4-9566-5F56785457AF} - System32\Tasks\ASC8_SkipUac_Admin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {4A95605E-2F72-413F-9F4A-4F9B662C3B70} - System32\Tasks\{5589489F-BCF7-4E4E-A924-E7FCCE636DA8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {653435B1-E8BB-4611-8BBB-E2FE2CBE8B8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {690E5BA0-2B04-4E7B-906A-6CCA9CB3331D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {7FEA1C05-5956-47C1-9720-5580AA7A98CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8734083E-A084-4978-A36C-CA4115FD8883} - System32\Tasks\{085A87EE-090C-40C6-B1AC-A2A6111D4864} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Task: {BDAC862A-E650-4CF1-B04B-EDEB1AB59011} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2CAD89D-9A42-4025-8876-58161729CDCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F815A518-89BD-445C-8A71-0D92281353F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-25 02:16 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-10-02 02:12 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-04-06 16:24 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-03-25 02:16 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-25 02:16 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-06 20:50 - 2012-02-20 13:59 - 01087336 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Admin (S-1-5-21-3046395627-4054670192-1170409365-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3046395627-4054670192-1170409365-500 - Administrator - Disabled)
Dani (S-1-5-21-3046395627-4054670192-1170409365-1005 - Limited - Enabled) => C:\Users\Dani
Daniela (S-1-5-21-3046395627-4054670192-1170409365-1000 - Limited - Enabled) => C:\Users\Daniela
Gast (S-1-5-21-3046395627-4054670192-1170409365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046395627-4054670192-1170409365-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 00:40:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (04/07/2015 03:47:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/07/2015 03:47:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/07/2015 01:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17690, Zeitstempel: 0x54e7d023
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f45e49
ID des fehlerhaften Prozesses: 0x15f4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/07/2015 01:07:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17690, Zeitstempel: 0x54e7d023
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f45e49
ID des fehlerhaften Prozesses: 0x16f0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/07/2015 00:58:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17690, Zeitstempel: 0x54e7d023
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f45e49
ID des fehlerhaften Prozesses: 0xd70
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (04/06/2015 09:17:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (04/06/2015 07:47:58 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (04/06/2015 07:47:58 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig


System errors:
=============
Error: (04/08/2015 03:25:25 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature: %%886

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert 

	Grund: %%858

Error: (04/08/2015 03:25:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/08/2015 02:17:59 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/08/2015 01:50:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/08/2015 01:41:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/07/2015 01:36:13 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (04/07/2015 01:36:13 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (04/07/2015 01:34:42 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (04/07/2015 01:34:42 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (04/06/2015 08:23:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 3071.3 MB
Available physical RAM: 1838.16 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4480.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:218.24 GB) (Free:117.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.52 GB) NTFS
Drive i: (KINGSTON) (Removable) (Total:7.44 GB) (Free:3.44 GB) FAT32
Drive j: (Intenso) (Fixed) (Total:465.76 GB) (Free:349.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

========================================================
Disk: 5 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AF084B5D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 08.04.2015, 15:34   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Zum Lesen:
CHIP-Installer - was ist das? - Anleitungen



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.04.2015, 23:05   #13
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
das mit Chip ist ja der Hammer.
Ich habe das leider bisher noch nie gehört. :-(
Ich habe was falsch gemacht mit Defogger: Ich bin 2x auf Re-enable gegangen.
Beim ersten Mal kam eine Meldung, dass Anti-Malware-Software beendet werden soll.
Das habe ich gemacht + bin dann auf Ja gegangen + Defogger war danach immer noch offen.
Deshalb habe ich gedacht, dass ich noch mal auf Re-enable gehen muss.
Es kam wieder die Meldung + als ich dann auf Ja geklickt habe, kam "Enable to open Files" oder so ähnlich.
Was soll ich jetzt machen?
LG von Daniela

Alt 09.04.2015, 15:50   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



asst schon, es wurde ja auch nix deaktiviert am Anfang
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.04.2015, 19:28   #15
nickdaniela
 
Windows 7: Internet fasst zum Stillstand verlangsamt - Standard

Windows 7: Internet fasst zum Stillstand verlangsamt



Hallo Schrauber,
auch mit der Deinstallation von Combofix hatte ich Probleme...
Beim ersten Mal hat er irgendwas gemeldet wie Combofix ist nicht installiert. Ich habe es vergessen, sorry...
Ich habe es einfach noch mal laufen lassen + dann hat auch die Deinstallation funktioniert.
Ich poste hier jetzt noch die letzte Log-Datei von Combofix.
Ich hatte zwischendurch alle Programme in einen Ordner Trojaner-Board geschoben + nur das Programm auf dem Desktop gelassen, das ich gerade ausführen sollte. Vielleicht ließ sich Combofix deswegen nicht deinstallieren?
LG von Daniela

Code:
ATTFilter
ComboFix 15-04-09.01 - Admin 09.04.2015  19:54:24.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1992 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-09 bis 2015-04-09  ))))))))))))))))))))))))))))))
.
.
2015-04-09 18:08 . 2015-04-09 18:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-09 07:21 . 2015-04-09 07:21	--------	d-----w-	c:\users\Default\AppData\Roaming\ProductData
2015-04-09 00:30 . 2015-03-14 10:06	9119072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{888F727F-50C0-48DD-ABDD-5D7F836569D4}\mpengine.dll
2015-04-09 00:24 . 2015-04-09 00:24	--------	d-----w-	c:\program files\Qualcomm Atheros
2015-04-09 00:22 . 2015-04-09 00:23	--------	d-----w-	c:\program files\WinPcap
2015-04-08 21:59 . 2015-03-14 10:06	9119072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-07 23:35 . 2015-03-23 03:06	576000	----a-w-	c:\windows\system32\generaltel.dll
2015-04-07 23:35 . 2015-03-23 03:06	630784	----a-w-	c:\windows\system32\invagent.dll
2015-04-07 23:35 . 2015-03-23 03:06	331264	----a-w-	c:\windows\system32\devinv.dll
2015-04-07 23:35 . 2015-03-23 03:06	860160	----a-w-	c:\windows\system32\appraiser.dll
2015-04-07 23:35 . 2015-03-23 03:06	26112	----a-w-	c:\windows\system32\acmigration.dll
2015-04-07 23:35 . 2015-03-23 03:06	159744	----a-w-	c:\windows\system32\aepic.dll
2015-04-07 23:35 . 2015-03-23 02:59	896000	----a-w-	c:\windows\system32\aeinv.dll
2015-04-07 23:35 . 2015-03-23 03:06	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-04-06 05:33 . 2015-04-06 05:33	27648	----a-w-	c:\windows\system32\drivers\GDKBBlocker32.sys
2015-04-06 05:33 . 2015-04-06 05:33	--------	d-----w-	c:\program files\G DATA
2015-04-06 05:32 . 2015-04-06 05:32	--------	d-----w-	c:\programdata\G Data
2015-04-06 00:49 . 2015-04-06 00:50	--------	d-----w-	C:\Datensicherung
2015-04-05 22:21 . 2015-04-05 22:21	--------	d-----w-	C:\RegBackup
2015-04-05 09:37 . 2015-04-08 02:37	--------	dc----w-	c:\users\Admin\AppData\Local\MigWiz
2015-04-05 08:52 . 2015-04-08 01:15	--------	d-----w-	c:\users\Dani
2015-04-04 20:04 . 2015-04-04 20:27	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-04 04:58 . 2015-04-04 05:03	--------	d-----w-	c:\users\Admin\AppData\Roaming\IDM
2015-04-04 04:58 . 2015-04-04 04:58	--------	d-----w-	c:\programdata\IDM
2015-04-04 04:58 . 2015-04-09 18:11	--------	d-----w-	c:\users\Admin\AppData\Roaming\DMCache
2015-04-04 04:58 . 2015-04-04 05:56	--------	d-----w-	c:\program files\Internet Download Manager
2015-04-04 04:47 . 2015-04-04 04:47	--------	d-----w-	c:\programdata\Free Download Manager
2015-04-04 04:47 . 2015-04-04 04:55	--------	d-----w-	c:\program files\Free Download Manager
2015-04-04 00:25 . 2015-04-08 01:46	--------	d-----w-	C:\FRST
2015-04-03 11:55 . 2015-04-03 12:01	--------	d-----w-	c:\users\Admin\AppData\Roaming\DirSync
2015-04-03 10:41 . 2015-03-27 07:52	924040	----a-w-	c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-04-03 10:41 . 2015-03-27 05:01	187504	----a-w-	c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-04-03 10:41 . 2015-03-27 05:01	50800	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-04-02 13:54 . 2015-03-27 00:10	122432	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2015-04-01 02:47 . 2015-04-09 18:10	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 02:47 . 2015-03-17 04:15	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-01 02:47 . 2015-03-17 04:15	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 02:47 . 2015-03-17 04:15	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-01 02:00 . 2015-04-01 02:00	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2015-04-01 01:39 . 2015-03-25 22:00	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C28C4660-A74B-444B-96C7-58E331EF7C51}\gapaengine.dll
2015-03-29 09:57 . 2015-03-29 09:57	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2015-03-29 09:52 . 2015-03-29 09:52	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2015-03-29 08:57 . 2009-02-26 17:18	29552	----a-w-	c:\windows\system32\mdimon.dll
2015-03-29 08:57 . 2006-10-26 17:58	30512	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2015-03-29 08:54 . 2015-03-29 09:51	--------	d-----w-	c:\program files\Microsoft Works
2015-03-29 08:48 . 2015-03-29 08:48	--------	d-----w-	C:\IDE
2015-03-29 08:48 . 2015-03-29 09:00	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2015-03-29 08:47 . 2015-03-29 08:47	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Help
2015-03-29 08:47 . 2015-03-31 07:41	--------	d-----w-	c:\programdata\Microsoft Help
2015-03-29 08:46 . 2015-03-29 08:46	--------	d-----r-	C:\MSOCache
2015-03-28 05:35 . 2015-03-31 07:04	--------	d-s---w-	c:\windows\system32\GWX
2015-03-25 04:12 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\system32\DWrite.dll
2015-03-25 04:02 . 2015-04-09 07:20	--------	d-----w-	c:\users\Default\AppData\Roaming\IObit
2015-03-25 03:34 . 2013-10-05 09:38	970912	----a-w-	c:\program files\Mozilla Firefox\msvcr120.dll
2015-03-25 03:34 . 2013-10-05 09:38	455328	----a-w-	c:\program files\Mozilla Firefox\msvcp120.dll
2015-03-25 03:34 . 2013-08-22 05:03	3466856	----a-w-	c:\program files\Mozilla Firefox\d3dcompiler_47.dll
2015-03-25 01:03 . 2015-03-25 01:03	--------	d-----w-	c:\users\Admin\AppData\Local\Skype
2015-03-25 01:03 . 2015-03-25 01:05	--------	d-----w-	c:\users\Admin\AppData\Roaming\Skype
2015-03-25 01:02 . 2015-03-25 01:02	--------	d-----w-	c:\program files\Common Files\Skype
2015-03-25 01:02 . 2015-03-25 01:02	--------	d-----r-	c:\program files\Skype
2015-03-25 01:02 . 2015-03-25 01:02	--------	d-----w-	c:\programdata\Skype
2015-03-25 00:16 . 2015-03-25 00:16	--------	d-----w-	c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 00:16 . 2015-03-25 00:16	--------	d-----w-	c:\program files\Common Files\IObit
2015-03-25 00:15 . 2015-03-31 07:04	--------	d-----w-	c:\users\Admin\AppData\Roaming\ProductData
2015-03-25 00:14 . 2015-03-25 00:16	--------	d-----w-	c:\programdata\IObit
2015-03-25 00:14 . 2015-04-08 02:02	--------	d-----w-	c:\programdata\ProductData
2015-03-25 00:14 . 2015-03-25 00:16	--------	d-----w-	c:\program files\IObit
2015-03-25 00:14 . 2015-03-25 00:15	--------	d-----w-	c:\users\Admin\AppData\Roaming\IObit
2015-03-24 01:01 . 2015-03-24 01:01	--------	d-----w-	c:\programdata\ATI
2015-03-23 23:53 . 2015-03-23 23:53	--------	d-----w-	c:\program files\Microsoft ASP.NET
2015-03-23 23:37 . 2015-03-24 00:38	--------	d-----w-	c:\users\Admin\AppData\Local\NVIDIA Corporation
2015-03-23 22:45 . 2015-03-23 22:45	--------	d-----w-	c:\program files\Hewlett-Packard
2015-03-23 03:22 . 2015-03-24 02:19	--------	d-----w-	c:\programdata\NVIDIA
2015-03-23 03:20 . 2015-03-24 00:40	--------	d-----w-	c:\programdata\NVIDIA Corporation
2015-03-19 04:58 . 2015-03-19 04:58	--------	d-----w-	c:\program files\MyPhoneExplorer
2015-03-19 03:55 . 2015-04-01 02:49	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-03-19 03:55 . 2015-03-19 03:55	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-19 02:21 . 2015-03-19 02:21	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft Games
2015-03-10 20:29 . 2015-01-31 03:33	2744320	----a-w-	c:\windows\system32\rdpcorets.dll
2015-03-10 20:29 . 2015-01-31 03:33	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 20:29 . 2015-01-31 00:48	221184	----a-w-	c:\windows\system32\rdpudd.dll
2015-03-10 20:29 . 2015-02-03 03:12	3209728	----a-w-	c:\windows\system32\mf.dll
2015-03-10 20:27 . 2015-02-03 03:12	1230848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-03-10 20:26 . 2015-02-03 03:12	171520	----a-w-	c:\windows\system32\ubpm.dll
2015-03-10 20:26 . 2015-02-26 03:11	2381312	----a-w-	c:\windows\system32\win32k.sys
2015-03-10 20:26 . 2015-01-17 02:30	828928	----a-w-	c:\windows\system32\msctf.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 21:48 . 2015-03-14 01:30	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-03-25 22:00 . 2014-04-20 00:34	908832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:25 . 2014-07-27 03:09	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-03-25 03:18 . 2014-04-06 12:54	778928	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-03-25 03:18 . 2014-04-06 12:54	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-03 13:16 . 2014-04-06 06:07	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-17 14:04 . 2015-02-17 14:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
2015-01-27 23:36 . 2015-02-10 22:37	1167520	----a-w-	c:\windows\system32\aitstatic.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02	23008	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 8"="c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-02 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"GDataUsbProtection"="c:\program files\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe" [2014-09-03 1405560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2015-1-6 12658536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57	43848	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2014-03-18 18:50	373760	----a-w-	c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10	1516632	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-07-04 10:40	191528	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz137;cpuz137;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [2014-02-17 26856]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2012-03-02 1308736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-07-01 15576]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-07-01 10200]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2011-08-18 625728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-03-17 92888]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-04 815392]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-27 122432]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-03-17 1871160]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-03-17 1080120]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 GDKBBlocker;G Data GDKBBlocker Driver;c:\windows\system32\drivers\GDKBBlocker32.sys [2015-04-06 27648]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-09 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB32.sys [2009-07-13 1277952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 03:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Download aller Links mit IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.url - hxxp://google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3046395627-4054670192-1170409365-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):0d,66,d3,4a,ae,28,0f,a2,23,22,29,e5,af,72,92,1d,b3,f4,03,d5,d3,
   37,47,08,a1,e1,13,29,ed,cd,e5,9e,e8,4b,7c,35,d9,6b,14,50,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3046395627-4054670192-1170409365-1003_Classes\CLSID\{f776ad71-9d81-4c26-a3de-cdd7228fe4c5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000062
"Therad"=dword:00000006
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5188)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\IObit\Advanced SystemCare 8\Monitor.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Ralink\Common\RaUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft\BingDesktop\BDExtHost.exe
c:\program files\Microsoft\BingDesktop\BDAppHost.exe
c:\program files\Microsoft\BingDesktop\BDRuntimeHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-09  20:17:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-09 18:17
.
Vor Suchlauf: 19 Verzeichnis(se), 125.415.809.024 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 125.517.176.832 Bytes frei
.
- - End Of File - - AE21A4CEC69F454856125C9E2B441D17
A36C5E4F47E84449FF07ED3517B43A31
         

Antwort

Themen zu Windows 7: Internet fasst zum Stillstand verlangsamt
avira, branding, browser, cpu-z, desktop, excel, fehler, firefox, flash player, helper, home, homepage, installation, internet, launch, microsoft fix it, mozilla, officejet, problem, scan, security, software, svchost.exe, system, updates, viren, warnung, windows, windows updates, windows xp



Ähnliche Themen: Windows 7: Internet fasst zum Stillstand verlangsamt


  1. Windows XP: Internet-Leistung extrem verlangsamt nach Trojaner-Befall?
    Log-Analyse und Auswertung - 18.11.2015 (10)
  2. PUP.optional.Iminent.A verlangsamt den PC und das Internet
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (11)
  3. Internet verlangsamt unter Safari - Mac OS X Version 10.8.5
    Alles rund um Mac OSX & Linux - 07.11.2014 (1)
  4. Windows 7 : Internet plötzlich extrem verlangsamt
    Log-Analyse und Auswertung - 17.12.2013 (19)
  5. Computer und Internet verlangsamt seit Trojanerfund ~
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (19)
  6. Internet extrem verlangsamt, zuviel Werbung und Spyware
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (8)
  7. Internet stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (22)
  8. Internet ist total verlangsamt und Eingabe über Tastatur Zeitverzögert
    Log-Analyse und Auswertung - 07.05.2013 (1)
  9. Internet stark verlangsamt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  10. Unrecognized attempt blocked from... immer im Router Log und Internet verlangsamt.
    Log-Analyse und Auswertung - 09.12.2008 (4)
  11. Internet plötzlich stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 26.11.2008 (0)
  12. Internet stark verlangsamt bis gar nicht funktionsfähig
    Log-Analyse und Auswertung - 18.09.2008 (1)
  13. Virus verlangsamt Internet ?!
    Plagegeister aller Art und deren Bekämpfung - 24.07.2008 (0)
  14. Internet verlangsamt
    Log-Analyse und Auswertung - 18.04.2008 (12)
  15. Internet verlangsamt
    Log-Analyse und Auswertung - 26.02.2008 (2)
  16. Internet extrem verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 26.12.2006 (10)
  17. ielower.exe windows/lsass - bringt internet zu stillstand
    Log-Analyse und Auswertung - 05.11.2005 (1)

Zum Thema Windows 7: Internet fasst zum Stillstand verlangsamt - Ein Hallo an alle, ich bin mir nicht sicher, ob ich mir irgendetwas eingefangen habe. Ich will aber ein paar Auffälligkeiten der letzten Zeit schildern. Mit dem Download Accelarator Plus - Windows 7: Internet fasst zum Stillstand verlangsamt...
Archiv
Du betrachtest: Windows 7: Internet fasst zum Stillstand verlangsamt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.