Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bank Austria Onlinebanking - Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2015, 15:18   #1
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Hallo,


ich habe seit kurzem dasselbe Problem wie in diesem Thread geschildert: http://www.trojaner-board.de/166965-...ing-login.html

Es kommt beim Login zur Meldung, dass man am Smartphone eine App installieren muss und dass nur so ein Login möglich sei.
Das Öffnen der Login-Seite dauert übrigens auch länger, wohl weil da im Hintergrund irgendwas aktiv ist.

Screenshot dazu:


Das Problem tritt bei Firefox und Chrome auf, nicht aber bei IE und beim TOR-Browser.
Betriebssystem ist Windows 8.


Habe bis dato noch keinerlei Aktivitäten zum Entfernen des Schädlings unternommen. Die Bank hat den Onlinebanking-Zugang sicherheitshalber gesperrt, nachdem ich der Hotline von meinem Problem erzählt habe.


Danke vorab für eure Unterstützung!!

Provodnik

Alt 26.07.2015, 15:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 26.07.2015, 16:32   #3
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Besten Dank - hier die gewünschten Daten:


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von Helmut (Administrator) auf PC (26-07-2015 17:08:34)
Gestartet von C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner
Geladene Profile: UpdatusUser & Helmut (Verfügbare Profile: UpdatusUser & Helmut)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(TrueCrypt Foundation) C:\Users\Helmut\Desktop\Temp\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [VoipStunt] => "C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [GoogleChromeAutoLaunch_6A1ACEDA8FEAC8653E625843AF7DBDE9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-24] (Google Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeHautocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

AutoConfigURL: [S-1-5-21-4276634122-1349516129-2453334311-1002] => https://securedtonnel.net/a2stunnel.js
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-05-14] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4BEE7756-6650-4ECE-9FA4-D0754901862D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{65D95393-D577-4F11-BD33-971548548A4C}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4276634122-1349516129-2453334311-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-images.xml [2015-02-05]
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-maps.xml [2015-02-05]
FF Extension: Social Fixer - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\socialfixer@mattkruse.com.xpi [2014-04-12]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-06-09]
FF Extension: Video DownloadHelper - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16]
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-05-25]

Chrome: 
=======
CHR Profile: C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google Search) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2014-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Google Wallet) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Synology Download Station) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida [2015-05-25]
CHR Extension: (Gmail) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-13] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2015-01-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2014-04-28] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2014-04-28] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2014-04-28] (SafeNet Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2015-04-13] (SafeNet Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R4 truecrypt; C:\Users\Helmut\Desktop\Temp\TrueCrypt\truecrypt-x64.sys [231376 2012-02-08] (TrueCrypt Foundation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-26 17:08 - 2015-07-26 17:08 - 00000000 ____D C:\FRST
2015-07-21 00:00 - 2015-07-21 00:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-07-20 21:08 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 21:08 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-17 18:40 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-17 18:40 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-17 18:40 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-17 18:40 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-17 18:40 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-17 18:40 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-17 18:40 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-17 18:39 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-17 18:39 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-17 18:39 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-17 18:39 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-17 18:39 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-17 18:39 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-17 18:39 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-17 18:39 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-17 18:39 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-17 18:39 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-17 18:39 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-17 18:39 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-17 18:39 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-17 18:39 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-17 18:39 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-17 18:39 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-17 18:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-17 18:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-17 18:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-17 18:39 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-17 18:39 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-17 18:39 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-17 18:39 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-17 18:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-17 18:38 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-17 18:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-17 18:38 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-17 18:38 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-17 18:38 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-17 18:38 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-17 18:38 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-17 18:38 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-17 18:38 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-17 18:38 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-17 18:38 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-17 18:38 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-17 18:38 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-17 18:38 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-17 18:38 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-17 18:38 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-17 18:38 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-17 18:38 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-17 18:38 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-17 18:38 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-17 18:38 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-17 18:38 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-17 18:38 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-17 18:38 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-17 18:38 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-17 18:38 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-17 18:38 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-17 18:38 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-17 18:38 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-17 18:38 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-17 18:38 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-17 18:38 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-17 18:38 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-17 18:38 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-17 18:38 - 2015-04-23 19:01 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-07-17 18:38 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-17 18:38 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-17 18:38 - 2014-11-04 21:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-17 18:38 - 2014-11-04 21:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-17 18:38 - 2014-11-04 08:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-17 18:37 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-17 18:37 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-05 15:18 - 2015-07-07 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-26 17:07 - 2014-04-13 18:57 - 00000000 ____D C:\Users\Helmut\Desktop\Temp
2015-07-26 17:06 - 2014-04-12 18:47 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\ClassicShell
2015-07-26 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-26 16:57 - 2014-05-21 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-26 16:26 - 2014-04-12 18:41 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-26 16:08 - 2014-04-12 20:01 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\vlc
2015-07-26 15:50 - 2014-04-12 19:03 - 01653423 _____ C:\Windows\WindowsUpdate.log
2015-07-26 15:27 - 2014-04-12 18:10 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4276634122-1349516129-2453334311-1002
2015-07-26 10:51 - 2013-09-12 13:28 - 00765378 _____ C:\Windows\system32\perfh007.dat
2015-07-26 10:51 - 2013-09-12 13:28 - 00159696 _____ C:\Windows\system32\perfc007.dat
2015-07-26 10:51 - 2013-09-12 13:00 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-26 10:47 - 2014-05-21 21:47 - 00000000 ____D C:\Users\Helmut\AppData\Local\FreePDF_XP
2015-07-26 10:47 - 2014-04-12 18:41 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-26 10:47 - 2013-08-22 16:46 - 00097701 _____ C:\Windows\setupact.log
2015-07-26 10:47 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 00:52 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-25 21:27 - 2014-07-13 12:11 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-25 15:51 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 22:32 - 2014-11-05 23:28 - 00000000 ____D C:\Windows\AutoKMS
2015-07-21 23:32 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-21 19:32 - 2013-08-22 16:44 - 00485192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 23:51 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-18 10:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-07-18 08:17 - 2014-04-12 19:04 - 00000000 ____D C:\Users\Helmut
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 22:35 - 2014-04-13 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 22:34 - 2015-04-16 07:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 22:34 - 2015-03-12 01:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 22:33 - 2014-04-14 07:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 22:29 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 19:21 - 2014-04-12 18:41 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 19:21 - 2014-04-12 18:41 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 18:57 - 2014-05-21 19:57 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:33 - 2014-04-12 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 21:33 - 2013-09-12 12:53 - 00128404 _____ C:\Windows\PFRO.log
2015-07-05 12:08 - 2013-09-13 11:12 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 23:17 - 2014-04-29 20:50 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\Skype
2015-07-03 08:43 - 2013-11-22 13:15 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 01:35 - 2014-04-13 22:14 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\uTorrent
2015-07-01 00:57 - 2014-04-13 22:16 - 00000000 ____D C:\Users\Helmut\_TORRENT
2015-07-01 00:56 - 2014-04-28 22:29 - 00000000 ____D C:\Users\Helmut\.OziExplorer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-17 23:22 - 2011-11-04 12:46 - 0733184 _____ (www.rene-zeidler.de) C:\Program Files\Snipping Tool Plus.exe
2014-10-21 07:56 - 2014-10-21 07:56 - 0000050 _____ () C:\Users\Helmut\AppData\Roaming\Camdata.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamLayout.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamShapes.ini
2014-05-06 19:43 - 2015-05-17 15:00 - 0000891 _____ () C:\Users\Helmut\AppData\Roaming\FBS.ini
2014-02-25 10:55 - 2014-02-25 10:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-25 11:07 - 2014-02-25 11:07 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-02-25 11:04 - 2014-02-25 11:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-02-25 11:03 - 2014-02-25 11:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-02-25 11:06 - 2014-02-25 11:07 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-02-25 11:03 - 2014-02-25 11:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-02-25 11:05 - 2014-02-25 11:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Einige Dateien in TEMP:
====================
C:\Users\Helmut\AppData\Local\Temp\fdm_videomon_inst.exe
C:\Users\Helmut\AppData\Local\Temp\SetupVoipConnect-VoipStunt.exe
C:\Users\Helmut\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-17 22:27

==================== Ende von log ============================
         


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015
durchgeführt von Helmut an 2015-07-26 17:09:21
Gestartet von C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4276634122-1349516129-2453334311-500 - Administrator - Disabled)
Gast (S-1-5-21-4276634122-1349516129-2453334311-501 - Limited - Disabled)
Helmut (S-1-5-21-4276634122-1349516129-2453334311-1002 - Administrator - Enabled) => C:\Users\Helmut
UpdatusUser (S-1-5-21-4276634122-1349516129-2453334311-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
A1 Dashboard (HKLM-x32\...\A1 Dashboard) (Version: 1.17.0.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.17.0.0 - A1 Telekom Austria AG) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMap Fly 5.0 (HKLM-x32\...\{9F1433AA-BA61-4D98-92FD-0AC1641CD862}) (Version: 6.6.0.0000 - EADS Deutschland GmbH)
AMap Fly basierend auf Geogrid®-Viewer Version 3.1 (HKLM-x32\...\DeInst_d2vexcrd C:/Program Files (x86)/Austrian Map Fly) (Version:  - )
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.55 - Cliqz.com)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Download Manager 3.9.5 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free FLV Converter V 7.6.1 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.6.1.0 - Koyote Lab Inc.)
Free MP4 Video Converter version 5.0.58.415 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.58.415 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Geogrid® - Viewer V1.1 (HKLM-x32\...\DeInst_d2vexcrdGeogrid® - Viewer V1.1 (Build 1.1.5.596)) (Version:  - )
Geogrid® DPV (HKLM-x32\...\Geogrid_DPV) (Version:  - )
Geogrid®-Viewer (x32 Version: 6.6.0.0000 - EADS Deutschland GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
NVIDIA Graphics Driver 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
ODBC (HKLM-x32\...\ODBC) (Version:  - )
OSM generic routable (HKLM-x32\...\OSM generic routable) (Version:  - )
OSM generic routable(AZE) (HKLM-x32\...\OSM generic routable(AZE)) (Version:  - )
OziExplorer 3.95 (HKLM-x32\...\OziExplorer 3.95_is1) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SurfMusik 3.1a (HKLM-x32\...\SurfMusik 3.1a_is1) (Version: 3.1a - Marcus Schmitt)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

08-07-2015 00:29:18 Geplanter Prüfpunkt
17-07-2015 22:27:36 Windows Update
20-07-2015 22:35:54 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {20E11FEF-B53A-40F5-93DD-47CE16268B14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {3E09A8D8-5E82-43FF-9356-80435319EF11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {65B37EBC-7DEE-4C03-B4CD-FB7F0562B9E1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {80D642C0-808E-482E-A9F3-81ADC4F6AD9F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {95500E3B-49A2-48EF-BC92-FAA11869B8EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {994708A1-D6E0-4167-8330-028113B4F783} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-02-25 10:53 - 2014-01-08 02:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-21 21:45 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-02-25 11:10 - 2011-08-22 15:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2014-02-25 11:10 - 2012-07-30 12:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2015-01-21 22:08 - 2015-01-21 22:08 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-09 19:58 - 2013-05-09 19:58 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-07-30 11:38 - 2014-07-30 11:38 - 00121363 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02524691 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00713235 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00034323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00070163 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02376211 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00106515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00263699 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00080915 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00051219 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00608275 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01022995 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00125459 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00043539 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00140307 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02218003 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00318995 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01470995 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00058387 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00043027 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00190995 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 12501523 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00039955 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00341011 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01505811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00330771 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00417811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00230931 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01745427 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00192019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00833555 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00031763 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00218643 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 11244051 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00857107 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00040467 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00028179 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00701459 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00121875 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00032787 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00057363 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00072211 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01506835 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-02-25 11:05 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-05-19 22:05 - 2015-05-19 22:05 - 03350640 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-05-19 22:05 - 2015-05-19 22:05 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-19 22:05 - 2015-05-19 22:05 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-25 10:48 - 2013-09-04 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2010-12-17 14:56 - 2010-12-17 14:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 14:53 - 2013-03-07 14:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-12-17 14:56 - 2010-12-17 14:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 14:56 - 2010-12-17 14:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 18:55 - 2010-01-12 18:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 18:55 - 2010-01-12 18:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 14:16 - 2010-12-16 14:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2010-01-18 01:34 - 2010-01-18 01:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 14:55 - 2013-03-07 14:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 14:58 - 2013-03-07 14:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 14:54 - 2013-03-07 14:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 14:56 - 2010-12-17 14:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 14:56 - 2010-12-17 14:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 14:56 - 2010-12-17 14:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2015-07-25 21:27 - 2015-07-24 00:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-25 21:27 - 2015-07-24 00:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Helmut\_FOTOS 518GB\_2013 174GB\__TRANSSIB\201307 Transsib Selektion\05 ergaki\IMG_7554.JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4BFBB66C-D362-4175-A8BF-CD07FDC6C193}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0C86B584-73DF-4DEA-BBC4-D01787984179}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{16FBD600-41B3-416E-BCAF-ACB5E19779E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{BD9A9B1B-B9A3-44D8-BC59-C94FC706FD73}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C941F725-4A23-4868-A6D0-02BAEF2158CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{7DC4C1C7-23EA-4A1A-9D8D-EAED910DDEFF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{8B584BAA-0123-41C9-80AD-EF8C5FCD48F4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3C8250E8-ABF4-4F4B-AF3B-25AB4F89FF0E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{4B6BC34A-43DF-419B-84D2-CE4D0EDA69DA}] => (Allow) C:\Users\Helmut\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4858E02F-6291-487D-80E8-D319C9EEBA29}] => (Allow) C:\Users\Helmut\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0B0BE2A-5C2F-4A0D-9694-509C6EED756E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{640612EC-8744-49B8-BEFE-DDF394944B0C}] => (Allow) LPort=2869
FirewallRules: [{04D3C1CA-7C45-4502-8E41-0AB5D59FED88}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{05F546B4-6666-40AF-A765-B86991A09A00}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Block) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{4E56E8AE-D9F5-4984-8D7D-5CC98284D14D}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Block) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [TCP Query User{7F6A28CB-40B4-462F-8DBC-B9E4C9AE4EBB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C13D66C3-2FCE-4C9D-BCA9-A92EE6C79DE0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{EB11FCD8-7058-4CA9-B670-A6B75FCA1644}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{30634AAE-AAB3-4E84-AC17-E7A61EE6D942}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F1EF213E-DF97-4C35-9FC6-F4CA4C028792}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{760ACAF9-488D-42F2-93A9-3CFEB815B032}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{467CD40D-25AB-4829-9501-010619A6840C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{EBB2519F-4D99-4F29-84A3-8AE4599E4E82}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{CC63C7A6-E3B0-4FBA-860D-99A14DFCC7FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C66D98B2-B720-4824-9C5F-FA7A0FDD7FB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCB4189F-7252-44A4-95F4-AEF926FD2690}] => (Allow) C:\Program Files (x86)\VoipStunt.com\VoipStunt\VoipStunt.exe
FirewallRules: [{D3F25545-BFB0-47C2-A473-7A2C12034440}] => (Allow) C:\Program Files (x86)\VoipStunt.com\VoipStunt\VoipStunt.exe
FirewallRules: [{C387C5B0-715B-4BE3-A7BD-68F7A54178AB}] => (Allow) C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
FirewallRules: [{A86F1C67-E7A8-49E8-8A2A-D42446DFE2F4}] => (Allow) C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
FirewallRules: [{56EBD2EC-19BB-4EFC-B4BA-8507B1E5BDCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/26/2015 04:11:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SurfMusik.exe, Version: 3.1.0.1, Zeitstempel: 0x47069e59
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503d84
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009b39f
ID des fehlerhaften Prozesses: 0xeac
Startzeit der fehlerhaften Anwendung: 0xSurfMusik.exe0
Pfad der fehlerhaften Anwendung: SurfMusik.exe1
Pfad des fehlerhaften Moduls: SurfMusik.exe2
Berichtskennung: SurfMusik.exe3
Vollständiger Name des fehlerhaften Pakets: SurfMusik.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SurfMusik.exe5

Error: (07/25/2015 06:11:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{c1c6ec63-dbe1-48e3-8003-c0402dfc79d2}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/25/2015 05:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Name des fehlerhaften Moduls: MFC71.DLL, Version: 7.10.6030.0, Zeitstempel: 0x44b453c2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000bd502
ID des fehlerhaften Prozesses: 0xdb0
Startzeit der fehlerhaften Anwendung: 0xd2rexapp.exe0
Pfad der fehlerhaften Anwendung: d2rexapp.exe1
Pfad des fehlerhaften Moduls: d2rexapp.exe2
Berichtskennung: d2rexapp.exe3
Vollständiger Name des fehlerhaften Pakets: d2rexapp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: d2rexapp.exe5

Error: (07/25/2015 05:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Name des fehlerhaften Moduls: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f3c8
ID des fehlerhaften Prozesses: 0xdb0
Startzeit der fehlerhaften Anwendung: 0xd2rexapp.exe0
Pfad der fehlerhaften Anwendung: d2rexapp.exe1
Pfad des fehlerhaften Moduls: d2rexapp.exe2
Berichtskennung: d2rexapp.exe3
Vollständiger Name des fehlerhaften Pakets: d2rexapp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: d2rexapp.exe5

Error: (07/25/2015 03:57:46 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)

Error: (07/25/2015 03:57:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Die Daten sind unzulässig.   0x8007000d (0x8007000d)

Error: (07/23/2015 10:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Name des fehlerhaften Moduls: MFC71.DLL, Version: 7.10.6030.0, Zeitstempel: 0x44b453c2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000bd502
ID des fehlerhaften Prozesses: 0x17d0
Startzeit der fehlerhaften Anwendung: 0xd2rexapp.exe0
Pfad der fehlerhaften Anwendung: d2rexapp.exe1
Pfad des fehlerhaften Moduls: d2rexapp.exe2
Berichtskennung: d2rexapp.exe3
Vollständiger Name des fehlerhaften Pakets: d2rexapp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: d2rexapp.exe5

Error: (07/23/2015 10:36:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Name des fehlerhaften Moduls: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f3c8
ID des fehlerhaften Prozesses: 0x17d0
Startzeit der fehlerhaften Anwendung: 0xd2rexapp.exe0
Pfad der fehlerhaften Anwendung: d2rexapp.exe1
Pfad des fehlerhaften Moduls: d2rexapp.exe2
Berichtskennung: d2rexapp.exe3
Vollständiger Name des fehlerhaften Pakets: d2rexapp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: d2rexapp.exe5

Error: (07/23/2015 07:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005473b
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (07/05/2015 11:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: d2rexapp.exe, Version: 6.7.2.2269, Zeitstempel: 0x49fa1380
Name des fehlerhaften Moduls: MFC71.DLL, Version: 7.10.6030.0, Zeitstempel: 0x44b453c2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000bd502
ID des fehlerhaften Prozesses: 0x1374
Startzeit der fehlerhaften Anwendung: 0xd2rexapp.exe0
Pfad der fehlerhaften Anwendung: d2rexapp.exe1
Pfad des fehlerhaften Moduls: d2rexapp.exe2
Berichtskennung: d2rexapp.exe3
Vollständiger Name des fehlerhaften Pakets: d2rexapp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: d2rexapp.exe5


Systemfehler:
=============
Error: (07/26/2015 03:15:58 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (07/26/2015 03:15:28 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (07/25/2015 08:27:50 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/25/2015 04:33:57 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 08:05:20 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 08:04:50 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 06:55:10 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 06:54:40 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 01:04:11 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 01:03:41 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office:
=========================
Error: (07/26/2015 04:11:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SurfMusik.exe3.1.0.147069e59combase.dll6.3.9600.1741554503d84c00000050009b39feac01d0c78d14513bf2C:\Program Files (x86)\SurfMusik 3.1\SurfMusik.exeC:\Windows\SYSTEM32\combase.dll4333a2c7-33a0-11e5-837f-d43d7efb5818

Error: (07/25/2015 06:11:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{c1c6ec63-dbe1-48e3-8003-c0402dfc79d2}\Falscher Parameter. (0x80070057)

Error: (07/25/2015 05:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: d2rexapp.exe6.7.2.226949fa1380MFC71.DLL7.10.6030.044b453c2c0000005000bd502db001d0c6ec22b7d97eC:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exeC:\Program Files (x86)\Austrian Map Fly 5.0\bin\MFC71.DLLe581da97-32e2-11e5-837e-d43d7efb5818

Error: (07/25/2015 05:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: d2rexapp.exe6.7.2.226949fa1380d2rexapp.exe6.7.2.226949fa1380c00000050000f3c8db001d0c6ec22b7d97eC:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exeC:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exee4368d9a-32e2-11e5-837e-d43d7efb5818

Error: (07/25/2015 03:57:46 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (07/25/2015 03:57:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Die Daten sind unzulässig.   0x8007000d (0x8007000d)
4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)

Error: (07/23/2015 10:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: d2rexapp.exe6.7.2.226949fa1380MFC71.DLL7.10.6030.044b453c2c0000005000bd50217d001d0c56e8bcc79bcC:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exeC:\Program Files (x86)\Austrian Map Fly 5.0\bin\MFC71.DLL70080b37-317a-11e5-837c-d43d7efb5818

Error: (07/23/2015 10:36:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: d2rexapp.exe6.7.2.226949fa1380d2rexapp.exe6.7.2.226949fa1380c00000050000f3c817d001d0c56e8bcc79bcC:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exeC:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exe6f591ac1-317a-11e5-837c-d43d7efb5818

Error: (07/23/2015 07:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000005473b103401d0c569842b43efC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllfcc1716f-315c-11e5-837c-d43d7efb5818

Error: (07/05/2015 11:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: d2rexapp.exe6.7.2.226949fa1380MFC71.DLL7.10.6030.044b453c2c0000005000bd502137401d0b750ea01cea1C:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexapp.exeC:\Program Files (x86)\Austrian Map Fly 5.0\bin\MFC71.DLLdde64a0a-235e-11e5-8372-d43d7efb5818


CodeIntegrity Fehler:
===================================
  Date: 2015-07-23 20:04:22.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 22:35:48.893
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 00:13:01.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-17 22:39:58.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-06 23:13:52.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-29 19:28:23.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-28 16:25:53.926
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-26 20:03:38.862
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-23 22:51:00.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-20 10:07:58.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 16340.35 MB
Available physical RAM: 12815.34 MB
Total Virtual: 18772.35 MB
Available Virtual: 14575.96 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:2732.81 GB) (Free:1385.1 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.54 GB) NTFS
Drive h: () (Fixed) (Total:69.98 GB) (Free:13.63 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== Ende von log ============================
         
__________________

Alt 27.07.2015, 07:20   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2015, 17:26   #5
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



War tagsüber nicht daheim, konnte daher erst jetzt die weiteren Schritte durchführen. Hier die Resultate:


mbar-log-2015-07-27 (17-45-30).txt

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.27.05
  rootkit: v2015.07.22.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17905
Helmut :: PC [administrator]

27.07.2015 17:45:30
mbar-log-2015-07-27 (17-45-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 412218
Time elapsed: 18 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


TDSSKiller.3.1.0.5_27.07.2015_18.07.49_log.txt


Code:
ATTFilter
18:07:49.0616 0x0980  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:07:49.0616 0x0980  UEFI system
18:08:31.0313 0x0980  ============================================================
18:08:31.0313 0x0980  Current date / time: 2015/07/27 18:08:31.0313
18:08:31.0313 0x0980  SystemInfo:
18:08:31.0313 0x0980  
18:08:31.0313 0x0980  OS Version: 6.3.9600 ServicePack: 0.0
18:08:31.0313 0x0980  Product type: Workstation
18:08:31.0313 0x0980  ComputerName: PC
18:08:31.0313 0x0980  UserName: Helmut
18:08:31.0313 0x0980  Windows directory: C:\Windows
18:08:31.0313 0x0980  System windows directory: C:\Windows
18:08:31.0313 0x0980  Running under WOW64
18:08:31.0313 0x0980  Processor architecture: Intel x64
18:08:31.0313 0x0980  Number of processors: 8
18:08:31.0313 0x0980  Page size: 0x1000
18:08:31.0313 0x0980  Boot type: Normal boot
18:08:31.0313 0x0980  ============================================================
18:08:31.0576 0x0980  KLMD registered as C:\Windows\system32\drivers\98543109.sys
18:08:31.0814 0x0980  System UUID: {A5F4A83B-4E53-0770-E8EF-A912E32E029D}
18:08:32.0099 0x0980  Drive \Device\Harddisk0\DR0 - Size: 0x2BAA1240E00 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:08:32.0110 0x0980  ============================================================
18:08:32.0110 0x0980  \Device\Harddisk0\DR0:
18:08:32.0110 0x0980  GPT partitions:
18:08:32.0110 0x0980  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C1C6EC63-DBE1-48E3-8003-C0402DFC79D2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800
18:08:32.0110 0x0980  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {99C904D8-D49A-416F-9C34-FC8B2C21C15F}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x32000
18:08:32.0110 0x0980  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {001B3BAD-F362-48D6-AE5F-15EF2BDB23FF}, Name: Microsoft reserved partition, StartLBA 0x12C000, BlocksNum 0x40000
18:08:32.0110 0x0980  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {75FF9B77-0140-43E8-9A08-D17994DFDE1C}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000
18:08:32.0110 0x0980  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C32F3F10-0099-4F33-896E-A164539C2BC6}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x5599E38F
18:08:32.0110 0x0980  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BC294135-0758-4D87-BAE1-C45FE21A17AC}, Name: Basic data partition, StartLBA 0x155D0A800, BlocksNum 0x77FA800
18:08:32.0110 0x0980  MBR partitions:
18:08:32.0110 0x0980  ============================================================
18:08:32.0111 0x0980  C: <-> \Device\Harddisk0\DR0\Partition5
18:08:32.0112 0x0980  D: <-> \Device\Harddisk0\DR0\Partition6
18:08:32.0112 0x0980  ============================================================
18:08:32.0112 0x0980  Initialize success
18:08:32.0112 0x0980  ============================================================
18:09:30.0356 0x11e4  ============================================================
18:09:30.0356 0x11e4  Scan started
18:09:30.0356 0x11e4  Mode: Manual; SigCheck; TDLFS; 
18:09:30.0356 0x11e4  ============================================================
18:09:30.0356 0x11e4  KSN ping started
18:09:39.0647 0x11e4  KSN ping finished: true
18:09:41.0350 0x11e4  ================ Scan system memory ========================
18:09:41.0350 0x11e4  System memory - ok
18:09:41.0350 0x11e4  ================ Scan services =============================
18:09:41.0393 0x11e4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
18:09:41.0429 0x11e4  1394ohci - ok
18:09:41.0436 0x11e4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
18:09:41.0444 0x11e4  3ware - ok
18:09:41.0459 0x11e4  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:09:41.0474 0x11e4  ACPI - ok
18:09:41.0478 0x11e4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
18:09:41.0486 0x11e4  acpiex - ok
18:09:41.0488 0x11e4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
18:09:41.0495 0x11e4  acpipagr - ok
18:09:41.0498 0x11e4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
18:09:41.0516 0x11e4  AcpiPmi - ok
18:09:41.0518 0x11e4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
18:09:41.0532 0x11e4  acpitime - ok
18:09:41.0535 0x11e4  [ 2D766591E87FFFF237C0C9C16CDDECAB, AF04A4C029FD34A5F16B689A4F7F328FCEE11B0033E077FF5FC154C6021B2986 ] ACT2PM          C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys
18:09:41.0543 0x11e4  ACT2PM - ok
18:09:41.0573 0x11e4  [ C47D15FC2CA269DD2EC5946953C5BF03, 20C9CEDECE45E24AA9C78A1FFE4BE6D150B10B726F6F576889971E40CDA267C4 ] ACT2_Service    C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
18:09:41.0597 0x11e4  ACT2_Service - ok
18:09:41.0628 0x11e4  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:09:41.0636 0x11e4  AdobeFlashPlayerUpdateSvc - ok
18:09:41.0655 0x11e4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
18:09:41.0673 0x11e4  ADP80XX - ok
18:09:41.0681 0x11e4  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:09:41.0696 0x11e4  AeLookupSvc - ok
18:09:41.0709 0x11e4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
18:09:41.0735 0x11e4  AFD - ok
18:09:41.0739 0x11e4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:09:41.0746 0x11e4  agp440 - ok
18:09:41.0749 0x11e4  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
18:09:41.0758 0x11e4  ahcache - ok
18:09:41.0790 0x11e4  [ 1CC3E547FE3DEC8272780F24F3059519, 72400F60D41239E9F2493DF71472704ECB006F5871E3CBB125DE2D0303051617 ] AHDDC2          C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
18:09:41.0814 0x11e4  AHDDC2 - ok
18:09:41.0820 0x11e4  [ 3190C577746303CA4C65114441192FE2, AEE970D59E9FB314B559CF0C41DD2CD3C9C9B5DD060A339368000F975F4CD389 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
18:09:41.0825 0x11e4  aksdf - ok
18:09:41.0832 0x11e4  [ 2845A05E5AF65B5C7A143D637F08496D, 38DB4590EDD8CBE735ED0C072A03F4E619A3CDA7B8D908FD1CA8E90728F077EF ] aksfridge       C:\Windows\system32\DRIVERS\aksfridge.sys
18:09:41.0838 0x11e4  aksfridge - ok
18:09:41.0859 0x11e4  [ 35E43EE8FE28CFD581E8CE42847DFE2B, 1A78FC49422CB73EFD4B0A09BD32B35244A91478DB2268C023FDDCA826C8EE5D ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
18:09:41.0864 0x11e4  akshasp - ok
18:09:41.0876 0x11e4  [ 053B204554F104CB5DC3D94B61BDA458, 72EB2556AA4B83489D2908ADC40DEB2E5ACE98D7A6112E9395F46924BD60501E ] akshhl          C:\Windows\system32\DRIVERS\akshhl.sys
18:09:41.0881 0x11e4  akshhl - ok
18:09:41.0894 0x11e4  [ 8D584711424446969B5E4CB16870A898, 842FBE4FD5BEB044EC1F10EAD8B2F2AB5F38D544D136A09474AF94D83EFA4F35 ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
18:09:41.0902 0x11e4  aksusb - ok
18:09:41.0906 0x11e4  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
18:09:41.0940 0x11e4  ALG - ok
18:09:41.0945 0x11e4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
18:09:41.0953 0x11e4  AmdK8 - ok
18:09:41.0958 0x11e4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
18:09:41.0969 0x11e4  AmdPPM - ok
18:09:41.0974 0x11e4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:09:41.0981 0x11e4  amdsata - ok
18:09:41.0990 0x11e4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:09:42.0000 0x11e4  amdsbs - ok
18:09:42.0003 0x11e4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:09:42.0009 0x11e4  amdxata - ok
18:09:42.0029 0x11e4  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
18:09:42.0063 0x11e4  AppID - ok
18:09:42.0066 0x11e4  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:09:42.0085 0x11e4  AppIDSvc - ok
18:09:42.0089 0x11e4  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\Windows\System32\appinfo.dll
18:09:42.0098 0x11e4  Appinfo - ok
18:09:42.0111 0x11e4  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
18:09:42.0137 0x11e4  AppReadiness - ok
18:09:42.0180 0x11e4  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
18:09:42.0205 0x11e4  AppXSvc - ok
18:09:42.0210 0x11e4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:09:42.0218 0x11e4  arcsas - ok
18:09:42.0221 0x11e4  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:09:42.0229 0x11e4  AsyncMac - ok
18:09:42.0232 0x11e4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:09:42.0238 0x11e4  atapi - ok
18:09:42.0245 0x11e4  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:09:42.0274 0x11e4  AudioEndpointBuilder - ok
18:09:42.0294 0x11e4  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:09:42.0313 0x11e4  Audiosrv - ok
18:09:42.0319 0x11e4  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:09:42.0330 0x11e4  AxInstSV - ok
18:09:42.0343 0x11e4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:09:42.0358 0x11e4  b06bdrv - ok
18:09:42.0362 0x11e4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
18:09:42.0369 0x11e4  BasicDisplay - ok
18:09:42.0372 0x11e4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
18:09:42.0387 0x11e4  BasicRender - ok
18:09:42.0392 0x11e4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
18:09:42.0396 0x11e4  bcmfn2 - ok
18:09:42.0405 0x11e4  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
18:09:42.0417 0x11e4  BDESVC - ok
18:09:42.0420 0x11e4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
18:09:42.0426 0x11e4  Beep - ok
18:09:42.0445 0x11e4  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\Windows\System32\bfe.dll
18:09:42.0464 0x11e4  BFE - ok
18:09:42.0486 0x11e4  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
18:09:42.0511 0x11e4  BITS - ok
18:09:42.0516 0x11e4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:09:42.0530 0x11e4  bowser - ok
18:09:42.0537 0x11e4  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:09:42.0554 0x11e4  BrokerInfrastructure - ok
18:09:42.0559 0x11e4  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
18:09:42.0574 0x11e4  Browser - ok
18:09:42.0577 0x11e4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
18:09:42.0588 0x11e4  BthAvrcpTg - ok
18:09:42.0607 0x11e4  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
18:09:42.0632 0x11e4  BthHFEnum - ok
18:09:42.0635 0x11e4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
18:09:42.0645 0x11e4  bthhfhid - ok
18:09:42.0668 0x11e4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
18:09:42.0693 0x11e4  BthHFSrv - ok
18:09:42.0697 0x11e4  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
18:09:42.0705 0x11e4  BTHMODEM - ok
18:09:42.0710 0x11e4  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
18:09:42.0720 0x11e4  bthserv - ok
18:09:42.0725 0x11e4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:09:42.0735 0x11e4  cdfs - ok
18:09:42.0741 0x11e4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
18:09:42.0754 0x11e4  cdrom - ok
18:09:42.0761 0x11e4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:09:42.0771 0x11e4  CertPropSvc - ok
18:09:42.0774 0x11e4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
18:09:42.0785 0x11e4  circlass - ok
18:09:42.0794 0x11e4  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
18:09:42.0806 0x11e4  CLFS - ok
18:09:42.0814 0x11e4  [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
18:09:42.0820 0x11e4  CLVirtualDrive - ok
18:09:42.0823 0x11e4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
18:09:42.0830 0x11e4  CmBatt - ok
18:09:42.0843 0x11e4  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:09:42.0859 0x11e4  CNG - ok
18:09:42.0863 0x11e4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
18:09:42.0871 0x11e4  CompositeBus - ok
18:09:42.0873 0x11e4  COMSysApp - ok
18:09:42.0876 0x11e4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
18:09:42.0891 0x11e4  condrv - ok
18:09:42.0897 0x11e4  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:09:42.0905 0x11e4  CryptSvc - ok
18:09:42.0910 0x11e4  [ 9FF6436D65CD8C798691373E28FBFB3B, 7A9ACD14679FB82E71EF4C47E43DAD931EC4FD727A5656AF8A3CC3B95D67EB5B ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
18:09:42.0916 0x11e4  CyberLink PowerDVD 10 MS Monitor Service - ok
18:09:42.0924 0x11e4  [ 06B5C625CB915E9A7A1F08A43E332FA1, 66F0BFE088B44ED3D36E62DC05200CD09F135FF63C447846C603D6246FABB9BE ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
18:09:42.0932 0x11e4  CyberLink PowerDVD 10 MS Service - ok
18:09:42.0936 0x11e4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
18:09:42.0943 0x11e4  dam - ok
18:09:42.0961 0x11e4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:09:42.0979 0x11e4  DcomLaunch - ok
18:09:42.0992 0x11e4  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
18:09:43.0040 0x11e4  defragsvc - ok
18:09:43.0051 0x11e4  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
18:09:43.0066 0x11e4  DeviceAssociationService - ok
18:09:43.0071 0x11e4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
18:09:43.0088 0x11e4  DeviceInstall - ok
18:09:43.0094 0x11e4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
18:09:43.0107 0x11e4  Dfsc - ok
18:09:43.0129 0x11e4  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:09:43.0135 0x11e4  dg_ssudbus - ok
18:09:43.0145 0x11e4  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:09:43.0157 0x11e4  Dhcp - ok
18:09:43.0195 0x11e4  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:09:43.0240 0x11e4  DiagTrack - ok
18:09:43.0246 0x11e4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
18:09:43.0254 0x11e4  disk - ok
18:09:43.0257 0x11e4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
18:09:43.0264 0x11e4  dmvsc - ok
18:09:43.0271 0x11e4  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:09:43.0281 0x11e4  Dnscache - ok
18:09:43.0288 0x11e4  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:09:43.0309 0x11e4  dot3svc - ok
18:09:43.0315 0x11e4  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
18:09:43.0325 0x11e4  DPS - ok
18:09:43.0328 0x11e4  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:09:43.0334 0x11e4  drmkaud - ok
18:09:43.0340 0x11e4  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
18:09:43.0350 0x11e4  DsmSvc - ok
18:09:43.0384 0x11e4  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:09:43.0415 0x11e4  DXGKrnl - ok
18:09:43.0421 0x11e4  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
18:09:43.0437 0x11e4  Eaphost - ok
18:09:43.0512 0x11e4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:09:43.0573 0x11e4  ebdrv - ok
18:09:43.0580 0x11e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
18:09:43.0587 0x11e4  EFS - ok
18:09:43.0591 0x11e4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
18:09:43.0598 0x11e4  EhStorClass - ok
18:09:43.0602 0x11e4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
18:09:43.0610 0x11e4  EhStorTcgDrv - ok
18:09:43.0612 0x11e4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
18:09:43.0618 0x11e4  ErrDev - ok
18:09:43.0633 0x11e4  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
18:09:43.0647 0x11e4  EventSystem - ok
18:09:43.0655 0x11e4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:09:43.0681 0x11e4  exfat - ok
18:09:43.0688 0x11e4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:09:43.0697 0x11e4  fastfat - ok
18:09:43.0713 0x11e4  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
18:09:43.0730 0x11e4  Fax - ok
18:09:43.0734 0x11e4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
18:09:43.0747 0x11e4  fdc - ok
18:09:43.0750 0x11e4  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:09:43.0764 0x11e4  fdPHost - ok
18:09:43.0767 0x11e4  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:09:43.0782 0x11e4  FDResPub - ok
18:09:43.0788 0x11e4  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
18:09:43.0802 0x11e4  fhsvc - ok
18:09:43.0806 0x11e4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:09:43.0814 0x11e4  FileInfo - ok
18:09:43.0817 0x11e4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:09:43.0826 0x11e4  Filetrace - ok
18:09:43.0829 0x11e4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
18:09:43.0835 0x11e4  flpydisk - ok
18:09:43.0846 0x11e4  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:09:43.0857 0x11e4  FltMgr - ok
18:09:43.0903 0x11e4  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\Windows\system32\FntCache.dll
18:09:43.0929 0x11e4  FontCache - ok
18:09:43.0935 0x11e4  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:09:43.0941 0x11e4  FontCache3.0.0.0 - ok
18:09:43.0945 0x11e4  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:09:43.0951 0x11e4  FsDepends - ok
18:09:43.0954 0x11e4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:09:43.0960 0x11e4  Fs_Rec - ok
18:09:43.0975 0x11e4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:09:43.0991 0x11e4  fvevol - ok
18:09:43.0994 0x11e4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
18:09:44.0001 0x11e4  FxPPM - ok
18:09:44.0004 0x11e4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:09:44.0011 0x11e4  gagp30kx - ok
18:09:44.0013 0x11e4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
18:09:44.0020 0x11e4  gencounter - ok
18:09:44.0026 0x11e4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
18:09:44.0033 0x11e4  GPIOClx0101 - ok
18:09:44.0062 0x11e4  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:09:44.0088 0x11e4  gpsvc - ok
18:09:44.0092 0x11e4  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
18:09:44.0096 0x11e4  grmnusb - ok
18:09:44.0101 0x11e4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:09:44.0106 0x11e4  gupdate - ok
18:09:44.0110 0x11e4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:09:44.0115 0x11e4  gupdatem - ok
18:09:44.0123 0x11e4  [ 3F61D126BA1ACD5F0D840CFF6441B354, A33150197C61CF5027F4DECBAB166BA81D2460655B0C7CC4FAC78F265DE2594B ] hardlock        C:\Windows\system32\drivers\hardlock.sys
18:09:44.0131 0x11e4  hardlock - ok
18:09:44.0133 0x11e4  hasplms - ok
18:09:44.0144 0x11e4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:09:44.0157 0x11e4  HdAudAddService - ok
18:09:44.0162 0x11e4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
18:09:44.0169 0x11e4  HDAudBus - ok
18:09:44.0171 0x11e4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
18:09:44.0190 0x11e4  HidBatt - ok
18:09:44.0211 0x11e4  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
18:09:44.0219 0x11e4  HidBth - ok
18:09:44.0222 0x11e4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
18:09:44.0229 0x11e4  hidi2c - ok
18:09:44.0232 0x11e4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
18:09:44.0256 0x11e4  HidIr - ok
18:09:44.0259 0x11e4  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
18:09:44.0267 0x11e4  hidserv - ok
18:09:44.0270 0x11e4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
18:09:44.0277 0x11e4  HidUsb - ok
18:09:44.0282 0x11e4  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:09:44.0290 0x11e4  hkmsvc - ok
18:09:44.0297 0x11e4  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:09:44.0308 0x11e4  HomeGroupListener - ok
18:09:44.0319 0x11e4  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:09:44.0332 0x11e4  HomeGroupProvider - ok
18:09:44.0336 0x11e4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:09:44.0343 0x11e4  HpSAMD - ok
18:09:44.0366 0x11e4  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:09:44.0388 0x11e4  HTTP - ok
18:09:44.0392 0x11e4  [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\Windows\System32\drivers\ew_jubusenum.sys
18:09:44.0400 0x11e4  huawei_enumerator - ok
18:09:44.0418 0x11e4  [ 4B80AF36EE9F31361C1DCB2EE563719A, 6729ABDFBADA03DF0EBC71B4A898951B797B9640E718D42B9669A0396F1BE730 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:09:44.0427 0x11e4  hwdatacard - ok
18:09:44.0430 0x11e4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:09:44.0436 0x11e4  hwpolicy - ok
18:09:44.0440 0x11e4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
18:09:44.0446 0x11e4  hyperkbd - ok
18:09:44.0449 0x11e4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
18:09:44.0455 0x11e4  HyperVideo - ok
18:09:44.0475 0x11e4  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
18:09:44.0483 0x11e4  i8042prt - ok
18:09:44.0486 0x11e4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
18:09:44.0491 0x11e4  iaLPSSi_GPIO - ok
18:09:44.0495 0x11e4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
18:09:44.0501 0x11e4  iaLPSSi_I2C - ok
18:09:44.0515 0x11e4  [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
18:09:44.0529 0x11e4  iaStorA - ok
18:09:44.0550 0x11e4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
18:09:44.0563 0x11e4  iaStorAV - ok
18:09:44.0568 0x11e4  [ 6241810294275CEA59EBA9733080E5EE, F9A1A505B9279CD660CAAF4F8D21BDC34AC75FD86E881632A378B9BF39A3738E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:09:44.0573 0x11e4  IAStorDataMgrSvc - ok
18:09:44.0583 0x11e4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:09:44.0595 0x11e4  iaStorV - ok
18:09:44.0598 0x11e4  IEEtwCollectorService - ok
18:09:44.0622 0x11e4  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:09:44.0643 0x11e4  IKEEXT - ok
18:09:44.0721 0x11e4  [ 517869DB2BC6058D250A2963AE32B2D4, 155452DCBA19ABDF8ED72286E9AC43947A06F08C1BD044F88A870F3465981B79 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:09:44.0777 0x11e4  IntcAzAudAddService - ok
18:09:44.0798 0x11e4  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:09:44.0810 0x11e4  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
18:09:51.0380 0x11e4  Detect skipped due to KSN trusted
18:09:51.0380 0x11e4  Intel(R) Capability Licensing Service Interface - ok
18:09:51.0434 0x11e4  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:09:51.0460 0x11e4  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:09:51.0481 0x11e4  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:09:51.0486 0x11e4  Intel(R) ME Service - ok
18:09:51.0490 0x11e4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:09:51.0496 0x11e4  intelide - ok
18:09:51.0499 0x11e4  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
18:09:51.0506 0x11e4  intelpep - ok
18:09:51.0510 0x11e4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
18:09:51.0518 0x11e4  intelppm - ok
18:09:51.0523 0x11e4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:09:51.0550 0x11e4  IpFilterDriver - ok
18:09:51.0570 0x11e4  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:09:51.0590 0x11e4  iphlpsvc - ok
18:09:51.0607 0x11e4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
18:09:51.0615 0x11e4  IPMIDRV - ok
18:09:51.0621 0x11e4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:09:51.0629 0x11e4  IPNAT - ok
18:09:51.0631 0x11e4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:09:51.0657 0x11e4  IRENUM - ok
18:09:51.0660 0x11e4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:09:51.0666 0x11e4  isapnp - ok
18:09:51.0675 0x11e4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
18:09:51.0685 0x11e4  iScsiPrt - ok
18:09:51.0691 0x11e4  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:09:51.0697 0x11e4  jhi_service - ok
18:09:51.0701 0x11e4  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
18:09:51.0708 0x11e4  kbdclass - ok
18:09:51.0711 0x11e4  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
18:09:51.0723 0x11e4  kbdhid - ok
18:09:51.0726 0x11e4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
18:09:51.0737 0x11e4  kdnic - ok
18:09:51.0740 0x11e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
18:09:51.0747 0x11e4  KeyIso - ok
18:09:51.0751 0x11e4  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:09:51.0759 0x11e4  KSecDD - ok
18:09:51.0765 0x11e4  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:09:51.0774 0x11e4  KSecPkg - ok
18:09:51.0778 0x11e4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:09:51.0785 0x11e4  ksthunk - ok
18:09:51.0795 0x11e4  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:09:51.0808 0x11e4  KtmRm - ok
18:09:51.0818 0x11e4  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:09:51.0829 0x11e4  LanmanServer - ok
18:09:51.0838 0x11e4  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:09:51.0849 0x11e4  LanmanWorkstation - ok
18:09:51.0862 0x11e4  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
18:09:51.0877 0x11e4  lfsvc - ok
18:09:51.0881 0x11e4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:09:51.0890 0x11e4  lltdio - ok
18:09:51.0898 0x11e4  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:09:51.0909 0x11e4  lltdsvc - ok
18:09:51.0912 0x11e4  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:09:51.0928 0x11e4  lmhosts - ok
18:09:51.0938 0x11e4  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:09:51.0947 0x11e4  LMS - ok
18:09:51.0953 0x11e4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:09:51.0960 0x11e4  LSI_SAS - ok
18:09:51.0964 0x11e4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:09:51.0971 0x11e4  LSI_SAS2 - ok
18:09:51.0975 0x11e4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
18:09:51.0981 0x11e4  LSI_SAS3 - ok
18:09:51.0985 0x11e4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
18:09:51.0992 0x11e4  LSI_SSS - ok
18:09:52.0010 0x11e4  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
18:09:52.0034 0x11e4  LSM - ok
18:09:52.0039 0x11e4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:09:52.0047 0x11e4  luafv - ok
18:09:52.0068 0x11e4  [ 830708A5CC0A19196C1DC205BED5A3A8, 551B69372AB7A49586498BFDF1AE83311D837B25558C7CEF04118010A99F5A1D ] massfilter      C:\Windows\system32\drivers\massfilter.sys
18:09:52.0074 0x11e4  massfilter - ok
18:09:52.0077 0x11e4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
18:09:52.0084 0x11e4  megasas - ok
18:09:52.0097 0x11e4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
18:09:52.0112 0x11e4  megasr - ok
18:09:52.0117 0x11e4  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
18:09:52.0122 0x11e4  MEIx64 - ok
18:09:52.0128 0x11e4  Microsoft SharePoint Workspace Audit Service - ok
18:09:52.0131 0x11e4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
18:09:52.0138 0x11e4  MMCSS - ok
18:09:52.0145 0x11e4  [ E9DE65D713D4BA84D96878BE99401228, 16B6D28A97D71C42FC6A3EE13EA71018CB627927BB1B8D2572C0CD2DF133CFC2 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
18:09:52.0152 0x11e4  Mobile Broadband HL Service - ok
18:09:52.0156 0x11e4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
18:09:52.0165 0x11e4  Modem - ok
18:09:52.0167 0x11e4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
18:09:52.0194 0x11e4  monitor - ok
18:09:52.0198 0x11e4  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
18:09:52.0204 0x11e4  mouclass - ok
18:09:52.0207 0x11e4  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
18:09:52.0214 0x11e4  mouhid - ok
18:09:52.0218 0x11e4  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:09:52.0225 0x11e4  mountmgr - ok
18:09:52.0230 0x11e4  [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:09:52.0237 0x11e4  MozillaMaintenance - ok
18:09:52.0241 0x11e4  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:09:52.0249 0x11e4  mpsdrv - ok
18:09:52.0268 0x11e4  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:09:52.0287 0x11e4  MpsSvc - ok
18:09:52.0307 0x11e4  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:09:52.0334 0x11e4  MRxDAV - ok
18:09:52.0345 0x11e4  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:09:52.0359 0x11e4  mrxsmb - ok
18:09:52.0368 0x11e4  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:09:52.0377 0x11e4  mrxsmb10 - ok
18:09:52.0384 0x11e4  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:09:52.0393 0x11e4  mrxsmb20 - ok
18:09:52.0417 0x11e4  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
18:09:52.0425 0x11e4  MsBridge - ok
18:09:52.0431 0x11e4  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
18:09:52.0439 0x11e4  MSDTC - ok
18:09:52.0444 0x11e4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:09:52.0468 0x11e4  Msfs - ok
18:09:52.0472 0x11e4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
18:09:52.0478 0x11e4  msgpiowin32 - ok
18:09:52.0481 0x11e4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:09:52.0489 0x11e4  mshidkmdf - ok
18:09:52.0491 0x11e4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
18:09:52.0501 0x11e4  mshidumdf - ok
18:09:52.0504 0x11e4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:09:52.0510 0x11e4  msisadrv - ok
18:09:52.0516 0x11e4  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:09:52.0529 0x11e4  MSiSCSI - ok
18:09:52.0531 0x11e4  msiserver - ok
18:09:52.0534 0x11e4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:09:52.0546 0x11e4  MSKSSRV - ok
18:09:52.0568 0x11e4  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
18:09:52.0575 0x11e4  MsLldp - ok
18:09:52.0578 0x11e4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:09:52.0585 0x11e4  MSPCLOCK - ok
18:09:52.0587 0x11e4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:09:52.0594 0x11e4  MSPQM - ok
18:09:52.0603 0x11e4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:09:52.0615 0x11e4  MsRPC - ok
18:09:52.0619 0x11e4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
18:09:52.0626 0x11e4  mssmbios - ok
18:09:52.0628 0x11e4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:09:52.0634 0x11e4  MSTEE - ok
18:09:52.0637 0x11e4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
18:09:52.0645 0x11e4  MTConfig - ok
18:09:52.0648 0x11e4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
18:09:52.0655 0x11e4  Mup - ok
18:09:52.0658 0x11e4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
18:09:52.0665 0x11e4  mvumis - ok
18:09:52.0676 0x11e4  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
18:09:52.0710 0x11e4  napagent - ok
18:09:52.0721 0x11e4  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:09:52.0733 0x11e4  NativeWifiP - ok
18:09:52.0740 0x11e4  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
18:09:52.0749 0x11e4  NcaSvc - ok
18:09:52.0754 0x11e4  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
18:09:52.0763 0x11e4  NcbService - ok
18:09:52.0767 0x11e4  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
18:09:52.0775 0x11e4  NcdAutoSetup - ok
18:09:52.0798 0x11e4  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:09:52.0823 0x11e4  NDIS - ok
18:09:52.0840 0x11e4  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:09:52.0848 0x11e4  NdisCap - ok
18:09:52.0859 0x11e4  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:09:52.0886 0x11e4  NdisImPlatform - ok
18:09:52.0960 0x11e4  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:09:52.0988 0x11e4  NdisTapi - ok
18:09:52.0991 0x11e4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:09:52.0999 0x11e4  Ndisuio - ok
18:09:53.0001 0x11e4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
18:09:53.0019 0x11e4  NdisVirtualBus - ok
18:09:53.0025 0x11e4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:09:53.0045 0x11e4  NdisWan - ok
18:09:53.0051 0x11e4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
18:09:53.0062 0x11e4  NdisWanLegacy - ok
18:09:53.0065 0x11e4  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:09:53.0073 0x11e4  NDProxy - ok
18:09:53.0078 0x11e4  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
18:09:53.0091 0x11e4  Ndu - ok
18:09:53.0095 0x11e4  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:09:53.0102 0x11e4  NetBIOS - ok
18:09:53.0110 0x11e4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:09:53.0125 0x11e4  NetBT - ok
18:09:53.0127 0x11e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
18:09:53.0134 0x11e4  Netlogon - ok
18:09:53.0142 0x11e4  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
18:09:53.0153 0x11e4  Netman - ok
18:09:53.0166 0x11e4  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
18:09:53.0181 0x11e4  netprofm - ok
18:09:53.0189 0x11e4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:09:53.0217 0x11e4  NetTcpPortSharing - ok
18:09:53.0226 0x11e4  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
18:09:53.0234 0x11e4  netvsc - ok
18:09:53.0245 0x11e4  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:09:53.0277 0x11e4  NlaSvc - ok
18:09:53.0280 0x11e4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:09:53.0296 0x11e4  Npfs - ok
18:09:53.0299 0x11e4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
18:09:53.0306 0x11e4  npsvctrig - ok
18:09:53.0309 0x11e4  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
18:09:53.0321 0x11e4  nsi - ok
18:09:53.0324 0x11e4  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:09:53.0331 0x11e4  nsiproxy - ok
18:09:53.0398 0x11e4  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:09:53.0437 0x11e4  Ntfs - ok
18:09:53.0443 0x11e4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
18:09:53.0449 0x11e4  Null - ok
18:09:53.0456 0x11e4  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:09:53.0463 0x11e4  NVHDA - ok
18:09:53.0717 0x11e4  [ A6ED9DACE68E83B6F79FEC5799799FB6, 9CB41236E73B8435364B3133A7EF1A286E5E92C4832ADC4B54F86BB13C6B44A9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:09:53.0894 0x11e4  nvlddmkm - ok
18:09:53.0909 0x11e4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:09:53.0918 0x11e4  nvraid - ok
18:09:53.0923 0x11e4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:09:53.0932 0x11e4  nvstor - ok
18:09:53.0953 0x11e4  [ 9D67B25C69B684139169C18C9F1DFDE1, 90A4F1920EB3F071BD32BA70F998E2040BAC2ABD1B22BDF43E71455B88DAEA4D ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:09:53.0970 0x11e4  nvsvc - ok
18:09:53.0999 0x11e4  [ 87FCD47E1C99D3E5E2807912AA17236A, AB9CD34A9FD52D71B4E862CE909F27B34348732DD2F3A9B13BFF9452F1AE12AF ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:09:54.0023 0x11e4  nvUpdatusService - ok
18:09:54.0028 0x11e4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:09:54.0036 0x11e4  nv_agp - ok
18:09:54.0041 0x11e4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:09:54.0047 0x11e4  ose - ok
18:09:54.0164 0x11e4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:09:54.0238 0x11e4  osppsvc - ok
18:09:54.0253 0x11e4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:09:54.0265 0x11e4  p2pimsvc - ok
18:09:54.0277 0x11e4  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
18:09:54.0290 0x11e4  p2psvc - ok
18:09:54.0295 0x11e4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
18:09:54.0303 0x11e4  Parport - ok
18:09:54.0307 0x11e4  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:09:54.0315 0x11e4  partmgr - ok
18:09:54.0327 0x11e4  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:09:54.0341 0x11e4  PcaSvc - ok
18:09:54.0350 0x11e4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
18:09:54.0360 0x11e4  pci - ok
18:09:54.0363 0x11e4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:09:54.0369 0x11e4  pciide - ok
18:09:54.0374 0x11e4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:09:54.0382 0x11e4  pcmcia - ok
18:09:54.0385 0x11e4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:09:54.0392 0x11e4  pcw - ok
18:09:54.0396 0x11e4  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
18:09:54.0404 0x11e4  pdc - ok
18:09:54.0419 0x11e4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:09:54.0447 0x11e4  PEAUTH - ok
18:09:54.0473 0x11e4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:09:54.0482 0x11e4  PerfHost - ok
18:09:54.0530 0x11e4  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
18:09:54.0574 0x11e4  pla - ok
18:09:54.0580 0x11e4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:09:54.0589 0x11e4  PlugPlay - ok
18:09:54.0592 0x11e4  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:09:54.0606 0x11e4  PNRPAutoReg - ok
18:09:54.0615 0x11e4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:09:54.0627 0x11e4  PNRPsvc - ok
18:09:54.0639 0x11e4  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:09:54.0651 0x11e4  PolicyAgent - ok
18:09:54.0656 0x11e4  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
18:09:54.0672 0x11e4  Power - ok
18:09:54.0677 0x11e4  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:09:54.0686 0x11e4  PptpMiniport - ok
18:09:54.0755 0x11e4  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
18:09:54.0833 0x11e4  PrintNotify - ok
18:09:54.0840 0x11e4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
18:09:54.0856 0x11e4  Processor - ok
18:09:54.0863 0x11e4  [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:09:54.0874 0x11e4  ProfSvc - ok
18:09:54.0880 0x11e4  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:09:54.0889 0x11e4  Psched - ok
18:09:54.0897 0x11e4  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
18:09:54.0909 0x11e4  QWAVE - ok
18:09:54.0928 0x11e4  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:09:54.0936 0x11e4  QWAVEdrv - ok
18:09:54.0943 0x11e4  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:09:54.0969 0x11e4  RasAcd - ok
18:09:54.0992 0x11e4  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:09:55.0000 0x11e4  RasAgileVpn - ok
18:09:55.0005 0x11e4  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
18:09:55.0013 0x11e4  RasAuto - ok
18:09:55.0018 0x11e4  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:09:55.0027 0x11e4  Rasl2tp - ok
18:09:55.0040 0x11e4  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
18:09:55.0055 0x11e4  RasMan - ok
18:09:55.0059 0x11e4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:09:55.0069 0x11e4  RasPppoe - ok
18:09:55.0082 0x11e4  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:09:55.0089 0x11e4  RasSstp - ok
18:09:55.0100 0x11e4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:09:55.0111 0x11e4  rdbss - ok
18:09:55.0115 0x11e4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
18:09:55.0121 0x11e4  rdpbus - ok
18:09:55.0127 0x11e4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:09:55.0136 0x11e4  RDPDR - ok
18:09:55.0140 0x11e4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:09:55.0146 0x11e4  RdpVideoMiniport - ok
18:09:55.0153 0x11e4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:09:55.0163 0x11e4  rdyboost - ok
18:09:55.0183 0x11e4  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
18:09:55.0204 0x11e4  ReFS - ok
18:09:55.0212 0x11e4  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:09:55.0238 0x11e4  RemoteAccess - ok
18:09:55.0245 0x11e4  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:09:55.0261 0x11e4  RemoteRegistry - ok
18:09:55.0265 0x11e4  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:09:55.0274 0x11e4  RpcEptMapper - ok
18:09:55.0276 0x11e4  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
18:09:55.0289 0x11e4  RpcLocator - ok
18:09:55.0308 0x11e4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\Windows\system32\rpcss.dll
18:09:55.0327 0x11e4  RpcSs - ok
18:09:55.0332 0x11e4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:09:55.0346 0x11e4  rspndr - ok
18:09:55.0366 0x11e4  [ CFE738C524F35B6E523A4D0F54840C30, 73E051DEA744EEC5202693C11EDABB36DE2D086160648D4E41F1F299CBAD8409 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
18:09:55.0381 0x11e4  RTL8168 - ok
18:09:55.0436 0x11e4  [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
18:09:55.0467 0x11e4  RtlWlanu - ok
18:09:55.0472 0x11e4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
18:09:55.0492 0x11e4  s3cap - ok
18:09:55.0495 0x11e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
18:09:55.0503 0x11e4  SamSs - ok
18:09:55.0507 0x11e4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:09:55.0514 0x11e4  sbp2port - ok
18:09:55.0522 0x11e4  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:09:55.0531 0x11e4  SCardSvr - ok
18:09:55.0536 0x11e4  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
18:09:55.0545 0x11e4  ScDeviceEnum - ok
18:09:55.0565 0x11e4  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:09:55.0573 0x11e4  scfilter - ok
18:09:55.0610 0x11e4  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\Windows\system32\schedsvc.dll
18:09:55.0635 0x11e4  Schedule - ok
18:09:55.0641 0x11e4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:09:55.0650 0x11e4  SCPolicySvc - ok
18:09:55.0658 0x11e4  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
18:09:55.0668 0x11e4  sdbus - ok
18:09:55.0672 0x11e4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
18:09:55.0679 0x11e4  sdstor - ok
18:09:55.0682 0x11e4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:09:55.0705 0x11e4  secdrv - ok
18:09:55.0708 0x11e4  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
18:09:55.0723 0x11e4  seclogon - ok
18:09:55.0726 0x11e4  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
18:09:55.0736 0x11e4  SENS - ok
18:09:55.0743 0x11e4  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:09:55.0754 0x11e4  SensrSvc - ok
18:09:55.0757 0x11e4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
18:09:55.0763 0x11e4  SerCx - ok
18:09:55.0768 0x11e4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
18:09:55.0776 0x11e4  SerCx2 - ok
18:09:55.0780 0x11e4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
18:09:55.0788 0x11e4  Serenum - ok
18:09:55.0792 0x11e4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
18:09:55.0800 0x11e4  Serial - ok
18:09:55.0804 0x11e4  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
18:09:55.0811 0x11e4  sermouse - ok
18:09:55.0824 0x11e4  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
18:09:55.0836 0x11e4  SessionEnv - ok
18:09:55.0839 0x11e4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
18:09:55.0846 0x11e4  sfloppy - ok
18:09:55.0856 0x11e4  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:09:55.0869 0x11e4  SharedAccess - ok
18:09:55.0885 0x11e4  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:09:55.0903 0x11e4  ShellHWDetection - ok
18:09:55.0906 0x11e4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:09:55.0913 0x11e4  SiSRaid2 - ok
18:09:55.0916 0x11e4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:09:55.0923 0x11e4  SiSRaid4 - ok
18:09:55.0932 0x11e4  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:09:55.0942 0x11e4  SkypeUpdate - ok
18:09:55.0945 0x11e4  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
18:09:55.0951 0x11e4  smphost - ok
18:09:55.0956 0x11e4  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:09:55.0963 0x11e4  SNMPTRAP - ok
18:09:55.0975 0x11e4  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
18:09:55.0987 0x11e4  spaceport - ok
18:09:55.0991 0x11e4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
18:09:55.0998 0x11e4  SpbCx - ok
18:09:56.0017 0x11e4  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
18:09:56.0036 0x11e4  Spooler - ok
18:09:56.0172 0x11e4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
18:09:56.0287 0x11e4  sppsvc - ok
18:09:56.0302 0x11e4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:09:56.0314 0x11e4  srv - ok
18:09:56.0330 0x11e4  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:09:56.0349 0x11e4  srv2 - ok
18:09:56.0356 0x11e4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:09:56.0365 0x11e4  srvnet - ok
18:09:56.0373 0x11e4  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:09:56.0383 0x11e4  SSDPSRV - ok
18:09:56.0388 0x11e4  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:09:56.0409 0x11e4  SstpSvc - ok
18:09:56.0430 0x11e4  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:09:56.0438 0x11e4  ssudmdm - ok
18:09:56.0441 0x11e4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:09:56.0447 0x11e4  stexstor - ok
18:09:56.0462 0x11e4  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
18:09:56.0478 0x11e4  stisvc - ok
18:09:56.0483 0x11e4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
18:09:56.0491 0x11e4  storahci - ok
18:09:56.0494 0x11e4  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:09:56.0500 0x11e4  storflt - ok
18:09:56.0504 0x11e4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
18:09:56.0510 0x11e4  stornvme - ok
18:09:56.0513 0x11e4  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
18:09:56.0536 0x11e4  StorSvc - ok
18:09:56.0539 0x11e4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:09:56.0546 0x11e4  storvsc - ok
18:09:56.0548 0x11e4  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
18:09:56.0556 0x11e4  svsvc - ok
18:09:56.0558 0x11e4  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
18:09:56.0565 0x11e4  swenum - ok
18:09:56.0581 0x11e4  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
18:09:56.0599 0x11e4  swprv - ok
18:09:56.0642 0x11e4  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\Windows\system32\sysmain.dll
18:09:56.0665 0x11e4  SysMain - ok
18:09:56.0675 0x11e4  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:09:56.0687 0x11e4  SystemEventsBroker - ok
18:09:56.0692 0x11e4  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:09:56.0702 0x11e4  TabletInputService - ok
18:09:56.0710 0x11e4  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:09:56.0721 0x11e4  TapiSrv - ok
18:09:56.0836 0x11e4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:09:56.0882 0x11e4  Tcpip - ok
18:09:56.0936 0x11e4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:09:56.0981 0x11e4  TCPIP6 - ok
18:09:56.0988 0x11e4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:09:56.0995 0x11e4  tcpipreg - ok
18:09:57.0000 0x11e4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:09:57.0008 0x11e4  tdx - ok
18:09:57.0011 0x11e4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
18:09:57.0017 0x11e4  terminpt - ok
18:09:57.0038 0x11e4  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
18:09:57.0060 0x11e4  TermService - ok
18:09:57.0064 0x11e4  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
18:09:57.0092 0x11e4  Themes - ok
18:09:57.0096 0x11e4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:09:57.0104 0x11e4  THREADORDER - ok
18:09:57.0111 0x11e4  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
18:09:57.0122 0x11e4  TimeBroker - ok
18:09:57.0128 0x11e4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
18:09:57.0136 0x11e4  TPM - ok
18:09:57.0141 0x11e4  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
18:09:57.0150 0x11e4  TrkWks - ok
18:09:57.0154 0x11e4  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:09:57.0168 0x11e4  TrustedInstaller - ok
18:09:57.0172 0x11e4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:09:57.0179 0x11e4  TsUsbFlt - ok
18:09:57.0193 0x11e4  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
18:09:57.0211 0x11e4  TsUsbGD - ok
18:09:57.0216 0x11e4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:09:57.0226 0x11e4  tunnel - ok
18:09:57.0229 0x11e4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:09:57.0236 0x11e4  uagp35 - ok
18:09:57.0240 0x11e4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
18:09:57.0247 0x11e4  UASPStor - ok
18:09:57.0254 0x11e4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
18:09:57.0262 0x11e4  UCX01000 - ok
18:09:57.0283 0x11e4  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:09:57.0311 0x11e4  udfs - ok
18:09:57.0314 0x11e4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
18:09:57.0321 0x11e4  UEFI - ok
18:09:57.0326 0x11e4  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:09:57.0334 0x11e4  UI0Detect - ok
18:09:57.0337 0x11e4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:09:57.0344 0x11e4  uliagpkx - ok
18:09:57.0347 0x11e4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
18:09:57.0355 0x11e4  umbus - ok
18:09:57.0357 0x11e4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
18:09:57.0371 0x11e4  UmPass - ok
18:09:57.0381 0x11e4  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:09:57.0394 0x11e4  UmRdpService - ok
18:09:57.0405 0x11e4  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
18:09:57.0419 0x11e4  upnphost - ok
18:09:57.0426 0x11e4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
18:09:57.0434 0x11e4  usbccgp - ok
18:09:57.0451 0x11e4  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
18:09:57.0458 0x11e4  usbcir - ok
18:09:57.0462 0x11e4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
18:09:57.0469 0x11e4  usbehci - ok
18:09:57.0481 0x11e4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
18:09:57.0494 0x11e4  usbhub - ok
18:09:57.0506 0x11e4  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
18:09:57.0520 0x11e4  USBHUB3 - ok
18:09:57.0534 0x11e4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
18:09:57.0556 0x11e4  usbohci - ok
18:09:57.0559 0x11e4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
18:09:57.0566 0x11e4  usbprint - ok
18:09:57.0572 0x11e4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
18:09:57.0580 0x11e4  USBSTOR - ok
18:09:57.0600 0x11e4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
18:09:57.0607 0x11e4  usbuhci - ok
18:09:57.0616 0x11e4  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
18:09:57.0627 0x11e4  USBXHCI - ok
18:09:57.0630 0x11e4  [ B73B55A194BEAF71985211279585A316, A40B0E362ABF4F33818696150086C4FBCA38F6E306838C825C73F57F55A49347 ] usb_rndisx      C:\Windows\System32\drivers\usb8023x.sys
18:09:57.0637 0x11e4  usb_rndisx - ok
18:09:57.0640 0x11e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
18:09:57.0647 0x11e4  VaultSvc - ok
18:09:57.0650 0x11e4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:09:57.0656 0x11e4  vdrvroot - ok
18:09:57.0700 0x11e4  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
18:09:57.0744 0x11e4  vds - ok
18:09:57.0750 0x11e4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
18:09:57.0758 0x11e4  VerifierExt - ok
18:09:57.0773 0x11e4  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
18:09:57.0788 0x11e4  vhdmp - ok
18:09:57.0791 0x11e4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:09:57.0797 0x11e4  viaide - ok
18:09:57.0801 0x11e4  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:09:57.0808 0x11e4  vmbus - ok
18:09:57.0810 0x11e4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
18:09:57.0819 0x11e4  VMBusHID - ok
18:09:57.0832 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
18:09:57.0846 0x11e4  vmicguestinterface - ok
18:09:57.0858 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
18:09:57.0871 0x11e4  vmicheartbeat - ok
18:09:57.0884 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:09:57.0898 0x11e4  vmickvpexchange - ok
18:09:57.0909 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
18:09:57.0922 0x11e4  vmicrdv - ok
18:09:57.0935 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
18:09:57.0948 0x11e4  vmicshutdown - ok
18:09:57.0961 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
18:09:57.0974 0x11e4  vmictimesync - ok
18:09:57.0987 0x11e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
18:09:58.0000 0x11e4  vmicvss - ok
18:09:58.0004 0x11e4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:09:58.0011 0x11e4  volmgr - ok
18:09:58.0021 0x11e4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:09:58.0032 0x11e4  volmgrx - ok
18:09:58.0042 0x11e4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:09:58.0053 0x11e4  volsnap - ok
18:09:58.0056 0x11e4  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
18:09:58.0063 0x11e4  vpci - ok
18:09:58.0068 0x11e4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:09:58.0077 0x11e4  vsmraid - ok
18:09:58.0122 0x11e4  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\Windows\system32\vssvc.exe
18:09:58.0151 0x11e4  VSS - ok
18:09:58.0160 0x11e4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
18:09:58.0170 0x11e4  VSTXRAID - ok
18:09:58.0183 0x11e4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:09:58.0204 0x11e4  vwifibus - ok
18:09:58.0207 0x11e4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:09:58.0221 0x11e4  vwififlt - ok
18:09:58.0240 0x11e4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:09:58.0247 0x11e4  vwifimp - ok
18:09:58.0257 0x11e4  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
18:09:58.0271 0x11e4  W32Time - ok
18:09:58.0273 0x11e4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
18:09:58.0280 0x11e4  WacomPen - ok
18:09:58.0284 0x11e4  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:09:58.0291 0x11e4  WANARP - ok
18:09:58.0294 0x11e4  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:09:58.0301 0x11e4  Wanarpv6 - ok
18:09:58.0338 0x11e4  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
18:09:58.0366 0x11e4  wbengine - ok
18:09:58.0379 0x11e4  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:09:58.0392 0x11e4  WbioSrvc - ok
18:09:58.0402 0x11e4  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
18:09:58.0414 0x11e4  Wcmsvc - ok
18:09:58.0425 0x11e4  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:09:58.0439 0x11e4  wcncsvc - ok
18:09:58.0442 0x11e4  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:09:58.0449 0x11e4  WcsPlugInService - ok
18:09:58.0453 0x11e4  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
18:09:58.0459 0x11e4  WdBoot - ok
18:09:58.0478 0x11e4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:09:58.0496 0x11e4  Wdf01000 - ok
18:09:58.0504 0x11e4  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
18:09:58.0513 0x11e4  WdFilter - ok
18:09:58.0518 0x11e4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:09:58.0527 0x11e4  WdiServiceHost - ok
18:09:58.0530 0x11e4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:09:58.0539 0x11e4  WdiSystemHost - ok
18:09:58.0544 0x11e4  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
18:09:58.0551 0x11e4  WdNisDrv - ok
18:09:58.0559 0x11e4  WdNisSvc - ok
18:09:58.0566 0x11e4  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\Windows\System32\webclnt.dll
18:09:58.0590 0x11e4  WebClient - ok
18:09:58.0597 0x11e4  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:09:58.0608 0x11e4  Wecsvc - ok
18:09:58.0611 0x11e4  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
18:09:58.0618 0x11e4  WEPHOSTSVC - ok
18:09:58.0621 0x11e4  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:09:58.0637 0x11e4  wercplsupport - ok
18:09:58.0727 0x11e4  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
18:09:58.0754 0x11e4  WerSvc - ok
18:09:58.0765 0x11e4  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
18:09:58.0778 0x11e4  WFPLWFS - ok
18:09:58.0782 0x11e4  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
18:09:58.0799 0x11e4  WiaRpc - ok
18:09:58.0803 0x11e4  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:09:58.0811 0x11e4  WIMMount - ok
18:09:58.0812 0x11e4  WinDefend - ok
18:09:58.0836 0x11e4  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
18:09:58.0859 0x11e4  WinHttpAutoProxySvc - ok
18:09:58.0868 0x11e4  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:09:58.0887 0x11e4  Winmgmt - ok
18:09:58.0949 0x11e4  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:09:58.0994 0x11e4  WinRM - ok
18:09:59.0015 0x11e4  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:09:59.0035 0x11e4  WinUsb - ok
18:09:59.0088 0x11e4  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
18:09:59.0130 0x11e4  WlanSvc - ok
18:09:59.0179 0x11e4  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
18:09:59.0208 0x11e4  wlidsvc - ok
18:09:59.0212 0x11e4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
18:09:59.0218 0x11e4  WmiAcpi - ok
18:09:59.0226 0x11e4  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:09:59.0252 0x11e4  wmiApSrv - ok
18:09:59.0254 0x11e4  WMPNetworkSvc - ok
18:09:59.0259 0x11e4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
18:09:59.0268 0x11e4  Wof - ok
18:09:59.0319 0x11e4  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
18:09:59.0348 0x11e4  workfolderssvc - ok
18:09:59.0353 0x11e4  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
18:09:59.0359 0x11e4  wpcfltr - ok
18:09:59.0362 0x11e4  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:09:59.0388 0x11e4  WPCSvc - ok
18:09:59.0392 0x11e4  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:09:59.0401 0x11e4  WPDBusEnum - ok
18:09:59.0403 0x11e4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
18:09:59.0409 0x11e4  WpdUpFltr - ok
18:09:59.0412 0x11e4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:09:59.0420 0x11e4  ws2ifsl - ok
18:09:59.0426 0x11e4  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:09:59.0437 0x11e4  wscsvc - ok
18:09:59.0439 0x11e4  WSearch - ok
18:09:59.0522 0x11e4  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
18:09:59.0588 0x11e4  WSService - ok
18:09:59.0668 0x11e4  [ 50CEC061C6D6FD2B9C89BECD08991CCB, 31EB1601426223E712C4E4AA29410EDFC81E020996A402BD3E850A2EAF127286 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:09:59.0727 0x11e4  wuauserv - ok
18:09:59.0734 0x11e4  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:09:59.0742 0x11e4  WudfPf - ok
18:09:59.0748 0x11e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
18:09:59.0757 0x11e4  WUDFRd - ok
18:09:59.0763 0x11e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
18:09:59.0772 0x11e4  WUDFSensorLP - ok
18:09:59.0777 0x11e4  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:09:59.0807 0x11e4  wudfsvc - ok
18:09:59.0813 0x11e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
18:09:59.0822 0x11e4  WUDFWpdFs - ok
18:09:59.0829 0x11e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:59.0838 0x11e4  WUDFWpdMtp - ok
18:09:59.0852 0x11e4  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:09:59.0867 0x11e4  WwanSvc - ok
18:09:59.0872 0x11e4  ================ Scan global ===============================
18:09:59.0876 0x11e4  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
18:09:59.0882 0x11e4  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
18:09:59.0887 0x11e4  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
18:09:59.0898 0x11e4  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
18:09:59.0903 0x11e4  [ Global ] - ok
18:09:59.0903 0x11e4  ================ Scan MBR ==================================
18:09:59.0920 0x11e4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:09:59.0989 0x11e4  \Device\Harddisk0\DR0 - ok
18:09:59.0989 0x11e4  ================ Scan VBR ==================================
18:09:59.0993 0x11e4  [ 14879225469ACA647E580F449E980E38 ] \Device\Harddisk0\DR0\Partition1
18:10:00.0043 0x11e4  \Device\Harddisk0\DR0\Partition1 - ok
18:10:00.0046 0x11e4  [ E095E1F900A66520F2E03BA5330AEE7D ] \Device\Harddisk0\DR0\Partition2
18:10:00.0086 0x11e4  \Device\Harddisk0\DR0\Partition2 - ok
18:10:00.0090 0x11e4  [ 9D327BA77F9A4BB193707A464C3EE21D ] \Device\Harddisk0\DR0\Partition3
18:10:00.0091 0x11e4  \Device\Harddisk0\DR0\Partition3 - ok
18:10:00.0095 0x11e4  [ 90FC948702078E2A42EB6348B85EDADA ] \Device\Harddisk0\DR0\Partition4
18:10:00.0134 0x11e4  \Device\Harddisk0\DR0\Partition4 - ok
18:10:00.0138 0x11e4  [ DECDF6F61AA9A67B0D6473D3EF9B9F22 ] \Device\Harddisk0\DR0\Partition5
18:10:00.0185 0x11e4  \Device\Harddisk0\DR0\Partition5 - ok
18:10:00.0189 0x11e4  [ F7374042E08CA97B5CE78B5649533FC0 ] \Device\Harddisk0\DR0\Partition6
18:10:00.0218 0x11e4  \Device\Harddisk0\DR0\Partition6 - ok
18:10:00.0218 0x11e4  ================ Scan generic autorun ======================
18:10:00.0222 0x11e4  [ E6A3062BDB2E18EBDEB69CF7F7A3A070, 48AB0CCA0230DCBB47CCC765659E390A4A42AC7303A27B835B9FBB1168AC7BF1 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
18:10:00.0248 0x11e4  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
18:10:04.0032 0x11e4  Detect skipped due to KSN trusted
18:10:04.0032 0x11e4  IAStorIcon - ok
18:10:04.0294 0x11e4  [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:10:04.0478 0x11e4  RTHDVCPL - ok
18:10:04.0491 0x11e4  [ D6BC654588848E413FC6F104FB4F0FE1, 91AAC411E87826F14875F1D344BD238919F49D7F49EDA24DFCF13D9AEB4DB3BD ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:10:04.0498 0x11e4  Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
18:10:12.0779 0x11e4  Detect skipped due to KSN trusted
18:10:12.0779 0x11e4  Classic Start Menu - ok
18:10:12.0806 0x11e4  [ 4E9AF25BA5E8219310E384AEA5B0EED8, 743062F755E7A88BA394E96CA26A988CCFDF73B441B779B3149D54A769CBC411 ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
18:10:12.0818 0x11e4  CLMLServer_For_P2G8 - ok
18:10:12.0831 0x11e4  [ 806222C9B0B8606061830527296328ED, 93E241CA93177D63120A97BF72B91A1EA3D14BE4ADB210181AF975074268183F ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
18:10:12.0842 0x11e4  CLVirtualDrive - ok
18:10:12.0846 0x11e4  [ 0966408A384E8B0FE57B0008E18D561C, 045AB5798CAFA7D27E7D02F780B3508EBF34C0991C8EF166A61CF869D9399B70 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
18:10:12.0852 0x11e4  RemoteControl10 - ok
18:10:12.0861 0x11e4  [ 2B282A4050FE3B4B70EF9E3070BBFF78, 019B667781F5CE411AEB569EAA4095FA2B9942E43A6A1DFC6EEBB2DA214131FE ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
18:10:12.0885 0x11e4  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
18:10:22.0191 0x11e4  Detect skipped due to KSN trusted
18:10:22.0191 0x11e4  FreePDF Assistant - ok
18:10:22.0222 0x11e4  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
18:10:22.0251 0x11e4  BCSSync - ok
18:10:22.0268 0x11e4  [ 34084D25BE6F48D072AA54DE630438FD, 522C96429FC679C2D07E9254E8D1793FEC018D65CD43D88FE9851CC8CEB61A07 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:10:22.0284 0x11e4  SunJavaUpdateSched - ok
18:10:22.0286 0x11e4  VoipStunt - ok
18:10:22.0306 0x11e4  [ F58B9D451C467B2BAD88C7A8BBD5C285, C23F4CED7B16FF5D01E17E95A5A4D1034702F2D60ACB50529FB251A708A27C0B ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
18:10:22.0321 0x11e4  GoogleChromeAutoLaunch_6A1ACEDA8FEAC8653E625843AF7DBDE9 - ok
18:10:22.0322 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:23.0323 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:24.0324 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:25.0325 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:26.0326 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:27.0326 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:28.0326 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:29.0327 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:30.0328 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:31.0328 0x11e4  Waiting for KSN requests completion. In queue: 3
18:10:32.0351 0x11e4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x61100 ( enabled : updated )
18:10:32.0357 0x11e4  Win FW state via NFP2: enabled ( trusted )
18:10:41.0707 0x11e4  ============================================================
18:10:41.0707 0x11e4  Scan finished
18:10:41.0707 0x11e4  ============================================================
18:10:41.0731 0x1310  Detected object count: 0
18:10:41.0731 0x1310  Actual detected object count: 0
         


Alt 28.07.2015, 07:15   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Bank Austria Onlinebanking - Trojaner

Alt 28.07.2015, 22:26   #7
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



mbam.txt


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 28.07.2015
Suchlaufzeit: 22:44
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.28.06
Rootkit-Datenbank: v2015.07.22.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Helmut

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 411025
Abgelaufene Zeit: 9 Min., 18 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.Koyote.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Free FLV Converter_is1, In Quarantäne, [02249c4b662475c12a716d9f2dd4ae52], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\SOFTWARE\CONDUIT\DistributionEngine, In Quarantäne, [d650bb2c96f41125b44ec8d3fc086a96], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 3
PUP.Optional.Koyote.A, C:\Program Files (x86)\Free FLV Converter\Uninstall.exe, In Quarantäne, [02249c4b662475c12a716d9f2dd4ae52], 
Trojan.Dropper.CRP, C:\Users\Helmut\AppData\Local\Temp\Rechnung_A1.zip, In Quarantäne, [b76fedfac2c8c274f82ee9448580e21e], 
PUP.Optional.OpenCandy.A, C:\Users\Helmut\Downloads\HC2Setup-2.29.01.exe, In Quarantäne, [69bd14d3f09ab97d5efbb285916f728e], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

-----------

AdwCleaner[S2].txt


Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 28/07/2015 um 23:09:34
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-26.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Helmut - PC
# Gestarted von : C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\DriverToolkit
Ordner Gelöscht : C:\Users\Helmut\AppData\Local\DriverToolkit

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\DriverToolkit

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 de)


-\\ Google Chrome v44.0.2403.107


*************************

AdwCleaner[R0].txt - [1595 Bytes] - [14/04/2014 20:22:48]
AdwCleaner[R1].txt - [899 Bytes] - [14/04/2014 20:24:19]
AdwCleaner[R2].txt - [1651 Bytes] - [28/07/2015 23:07:13]
AdwCleaner[R3].txt - [1710 Bytes] - [28/07/2015 23:08:57]
AdwCleaner[S0].txt - [1479 Bytes] - [14/04/2014 20:23:29]
AdwCleaner[S1].txt - [959 Bytes] - [14/04/2014 20:24:40]
AdwCleaner[S2].txt - [1427 Bytes] - [28/07/2015 23:09:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1486  Bytes] ##########
         

------------


JRT.txt


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by Helmut on 28.07.2015 at 23:14:27,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6A1ACEDA8FEAC8653E625843AF7DBDE9



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\5zhazwoj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted the following from C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\5zhazwoj.default\prefs.js

user_pref(socialfixer.1236794201/typeahead_new, for (;;);{\__ar\:1,\payload\:{\entries\:[{\uid\:1236794201,\photo\:\hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hp
Emptied folder: C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\5zhazwoj.default\minidumps [5 files]



~~~ Chrome


[C:\Users\Helmut\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Helmut\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Helmut\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Helmut\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2015 at 23:19:43,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


----------------

FRST.txt

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von Helmut (Administrator) auf PC (28-07-2015 23:20:55)
Gestartet von C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner
Geladene Profile: Helmut (Verfügbare Profile: UpdatusUser & Helmut)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [VoipStunt] => "C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [*LABAL*] => [X]
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeHautocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

AutoConfigURL: [S-1-5-21-4276634122-1349516129-2453334311-1002] => https://securedtonnel.net/a2stunnel.js
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-05-14] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4BEE7756-6650-4ECE-9FA4-D0754901862D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{65D95393-D577-4F11-BD33-971548548A4C}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4276634122-1349516129-2453334311-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-images.xml [2015-02-05]
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-maps.xml [2015-02-05]
FF Extension: Social Fixer - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\socialfixer@mattkruse.com.xpi [2014-04-12]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-06-09]
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-05-25]

Chrome: 
=======
CHR Profile: C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google Search) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2014-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Synology Download Station) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida [2015-05-25]
CHR Extension: (Gmail) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
S2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-13] (SafeNet Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2015-01-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2014-04-28] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2014-04-28] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2014-04-28] (SafeNet Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2015-04-13] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 23:19 - 2015-07-28 23:19 - 00001799 _____ C:\Users\Helmut\Desktop\JRT.txt
2015-07-28 22:40 - 2015-07-28 22:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-28 22:40 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 22:40 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-27 17:45 - 2015-07-28 23:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-27 17:45 - 2015-07-28 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-27 17:45 - 2015-07-27 18:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-27 17:43 - 2015-07-27 18:06 - 00000000 ____D C:\Users\Helmut\Desktop\mbar
2015-07-27 17:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-27 01:01 - 2015-07-27 01:01 - 44888560 _____ C:\Users\Helmut\Desktop\ЧС200 летит - всем бояться!.mp4
2015-07-27 00:55 - 2015-07-27 00:56 - 101771135 _____ C:\Users\Helmut\Desktop\Отправление соединённого грузового поезда.mp4
2015-07-26 22:46 - 2015-07-26 22:48 - 40045893 _____ C:\Users\Helmut\Desktop\Adriano Celentano - Svalutation - 2013(HD).mp4
2015-07-26 22:08 - 2015-07-26 22:08 - 13215805 _____ C:\Users\Helmut\Desktop\Adriano Celentano - Svalutation.mp4
2015-07-26 17:08 - 2015-07-28 23:20 - 00000000 ____D C:\FRST
2015-07-21 00:00 - 2015-07-21 00:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-07-20 21:08 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 21:08 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-17 18:40 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-17 18:40 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-17 18:40 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-17 18:40 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-17 18:40 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-17 18:40 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-17 18:40 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-17 18:39 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-17 18:39 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-17 18:39 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-17 18:39 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-17 18:39 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-17 18:39 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-17 18:39 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-17 18:39 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-17 18:39 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-17 18:39 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-17 18:39 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-17 18:39 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-17 18:39 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-17 18:39 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-17 18:39 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-17 18:39 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-17 18:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-17 18:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-17 18:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-17 18:39 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-17 18:39 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-17 18:39 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-17 18:39 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-17 18:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-17 18:38 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-17 18:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-17 18:38 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-17 18:38 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-17 18:38 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-17 18:38 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-17 18:38 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-17 18:38 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-17 18:38 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-17 18:38 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-17 18:38 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-17 18:38 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-17 18:38 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-17 18:38 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-17 18:38 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-17 18:38 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-17 18:38 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-17 18:38 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-17 18:38 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-17 18:38 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-17 18:38 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-17 18:38 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-17 18:38 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-17 18:38 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-17 18:38 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-17 18:38 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-17 18:38 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-17 18:38 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-17 18:38 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-17 18:38 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-17 18:38 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-17 18:38 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-17 18:38 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-17 18:38 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-17 18:38 - 2015-04-23 19:01 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-07-17 18:38 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-17 18:38 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-17 18:38 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-17 18:38 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-17 18:38 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-17 18:37 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-17 18:37 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-05 15:18 - 2015-07-07 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 23:11 - 2014-05-21 21:47 - 00000000 ____D C:\Users\Helmut\AppData\Local\FreePDF_XP
2015-07-28 23:11 - 2014-04-12 18:41 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 23:10 - 2014-04-12 19:03 - 02096992 _____ C:\Windows\WindowsUpdate.log
2015-07-28 23:10 - 2013-09-12 12:53 - 00129862 _____ C:\Windows\PFRO.log
2015-07-28 23:10 - 2013-08-22 16:46 - 00098165 _____ C:\Windows\setupact.log
2015-07-28 23:10 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-28 23:09 - 2014-04-14 20:22 - 00000000 ____D C:\AdwCleaner
2015-07-28 23:04 - 2013-09-12 13:28 - 00765378 _____ C:\Windows\system32\perfh007.dat
2015-07-28 23:04 - 2013-09-12 13:28 - 00159696 _____ C:\Windows\system32\perfc007.dat
2015-07-28 23:04 - 2013-09-12 13:00 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 23:01 - 2014-04-12 18:47 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\ClassicShell
2015-07-28 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-28 22:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\TAPI
2015-07-28 22:58 - 2014-04-21 18:51 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2015-07-28 22:57 - 2014-05-21 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-28 22:26 - 2014-04-12 18:41 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 21:29 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-28 21:28 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-27 00:15 - 2014-04-12 20:01 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\vlc
2015-07-26 17:07 - 2014-04-13 18:57 - 00000000 ____D C:\Users\Helmut\Desktop\Temp
2015-07-26 15:27 - 2014-04-12 18:10 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4276634122-1349516129-2453334311-1002
2015-07-26 00:52 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-25 21:27 - 2014-07-13 12:11 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-25 15:51 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 22:32 - 2014-11-05 23:28 - 00000000 ____D C:\Windows\AutoKMS
2015-07-21 19:32 - 2013-08-22 16:44 - 00485192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-18 10:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-07-18 08:17 - 2014-04-12 19:04 - 00000000 ____D C:\Users\Helmut
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 22:35 - 2014-04-13 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 22:34 - 2015-04-16 07:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 22:34 - 2015-03-12 01:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 22:33 - 2014-04-14 07:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 22:29 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 19:21 - 2014-04-12 18:41 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 19:21 - 2014-04-12 18:41 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 18:57 - 2014-05-21 19:57 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:33 - 2014-04-12 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 12:08 - 2013-09-13 11:12 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 23:17 - 2014-04-29 20:50 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\Skype
2015-07-03 08:43 - 2013-11-22 13:15 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 01:35 - 2014-04-13 22:14 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\uTorrent
2015-07-01 00:57 - 2014-04-13 22:16 - 00000000 ____D C:\Users\Helmut\_TORRENT
2015-07-01 00:56 - 2014-04-28 22:29 - 00000000 ____D C:\Users\Helmut\.OziExplorer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-17 23:22 - 2011-11-04 12:46 - 0733184 _____ (www.rene-zeidler.de) C:\Program Files\Snipping Tool Plus.exe
2014-10-21 07:56 - 2014-10-21 07:56 - 0000050 _____ () C:\Users\Helmut\AppData\Roaming\Camdata.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamLayout.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamShapes.ini
2014-05-06 19:43 - 2015-05-17 15:00 - 0000891 _____ () C:\Users\Helmut\AppData\Roaming\FBS.ini
2014-02-25 10:55 - 2014-02-25 10:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-25 11:07 - 2014-02-25 11:07 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-02-25 11:04 - 2014-02-25 11:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-02-25 11:03 - 2014-02-25 11:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-02-25 11:06 - 2014-02-25 11:07 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-02-25 11:03 - 2014-02-25 11:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-02-25 11:05 - 2014-02-25 11:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Einige Dateien in TEMP:
====================
C:\Users\Helmut\AppData\Local\Temp\fdm_videomon_inst.exe
C:\Users\Helmut\AppData\Local\Temp\Quarantine.exe
C:\Users\Helmut\AppData\Local\Temp\SetupVoipConnect-VoipStunt.exe
C:\Users\Helmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Helmut\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-27 18:19

==================== Ende von log ============================
         

Alt 29.07.2015, 08:57   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2015, 00:00   #9
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Hallo,

leider besteht das Problem noch immer, werde nach wie vor beim Aufrufen von https://online.bankaustria.at/wps/portal/userlogin auf eine falsche Seite umgeleitet, die zur Installation einer App auffordert.


Hier die Logfiles der letzten Runde:


ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9398608fcbd72f4bbe36028b2472504e
# end=init
# utc_time=2015-07-29 06:18:21
# local_time=2015-07-29 08:18:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25031
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9398608fcbd72f4bbe36028b2472504e
# end=updated
# utc_time=2015-07-29 06:20:35
# local_time=2015-07-29 08:20:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9398608fcbd72f4bbe36028b2472504e
# engine=25031
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-29 10:11:12
# local_time=2015-07-30 12:11:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 21923 15290264 0 0
# scanned=979205
# found=8
# cleaned=0
# scan_time=13837
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\AppData\Local\Microsoft\Windows\INetCache\IE\UILXJ9Y5\SPSetup[1].exe"
sh=1F93F5FE420B28E0C9E9161E81DDEB4F9C9DE449 ft=1 fh=c138ae358509f971 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\AppData\Local\Temp\DMR\dmr_72.exe"
sh=FF622AC4093AE77BB094FDBE732FFCBE9C076B96 ft=1 fh=a6764ee12cb41697 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe"
sh=FF622AC4093AE77BB094FDBE732FFCBE9C076B96 ft=1 fh=a6764ee12cb41697 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\uTorrent.exe"
sh=075478ED256C74207FB1540F41BE4934B47D549B ft=1 fh=5a1a58d6a5023955 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe"
sh=E18B5242B0C893DF09E34A9E89DE551503F31591 ft=1 fh=5a1a58d6d884f372 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe"
sh=8724C59A257E11A4D91C2B891297C16549255221 ft=1 fh=fa92c2bf28b1d1b8 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helmut\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe"
sh=8724C59A257E11A4D91C2B891297C16549255221 ft=1 fh=fa92c2bf28b1d1b8 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="I:\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe"
         



Checkup:


Code:
ATTFilter
 Results of screen317's Security Check version 1.006  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	18.0.0.209  
 Mozilla Firefox (39.0) 
 Mozilla Thunderbird 31.7.0 Thunderbird out of Date!  
 Google Chrome (44.0.2403.107) 
 Google Chrome (44.0.2403.89) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         


FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
durchgeführt von Helmut (Administrator) auf PC (30-07-2015 00:27:04)
Gestartet von C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner
Geladene Profile: UpdatusUser & Helmut (Verfügbare Profile: UpdatusUser & Helmut)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(EADS Deutschland GmbH, Friedrichshafen) C:\Program Files (x86)\Austrian Map Fly 5.0\bin\d2rexApp.exe
(TrueCrypt Foundation) C:\Users\Helmut\Desktop\Temp\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(www.rene-zeidler.de) C:\Program Files\Snipping Tool Plus.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [VoipStunt] => "C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [GoogleChromeAutoLaunch_6A1ACEDA8FEAC8653E625843AF7DBDE9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-24] (Google Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeHautocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

AutoConfigURL: [S-1-5-21-4276634122-1349516129-2453334311-1002] => https://securedtonnel.net/a2stunnel.js
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-05-14] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{65D95393-D577-4F11-BD33-971548548A4C}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4276634122-1349516129-2453334311-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-images.xml [2015-02-05]
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-maps.xml [2015-02-05]
FF Extension: Social Fixer - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\socialfixer@mattkruse.com.xpi [2014-04-12]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-06-09]
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-05-25]

Chrome: 
=======
CHR Profile: C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google Search) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2014-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Synology Download Station) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida [2015-05-25]
CHR Extension: (Gmail) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-13] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2015-01-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2014-04-28] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2014-04-28] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2014-04-28] (SafeNet Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2015-04-13] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R4 truecrypt; C:\Users\Helmut\Desktop\Temp\TrueCrypt\truecrypt-x64.sys [231376 2012-02-08] (TrueCrypt Foundation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-28 23:19 - 2015-07-28 23:19 - 00001799 _____ C:\Users\Helmut\Desktop\JRT.txt
2015-07-28 22:40 - 2015-07-28 22:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-28 22:40 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 22:40 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-27 17:45 - 2015-07-29 23:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-27 17:45 - 2015-07-28 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-27 17:45 - 2015-07-27 18:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-27 17:43 - 2015-07-27 18:06 - 00000000 ____D C:\Users\Helmut\Desktop\mbar
2015-07-27 17:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-27 01:01 - 2015-07-27 01:01 - 44888560 _____ C:\Users\Helmut\Desktop\ЧС200 летит - всем бояться!.mp4
2015-07-27 00:55 - 2015-07-27 00:56 - 101771135 _____ C:\Users\Helmut\Desktop\Отправление соединённого грузового поезда.mp4
2015-07-26 22:46 - 2015-07-26 22:48 - 40045893 _____ C:\Users\Helmut\Desktop\Adriano Celentano - Svalutation - 2013(HD).mp4
2015-07-26 22:08 - 2015-07-26 22:08 - 13215805 _____ C:\Users\Helmut\Desktop\Adriano Celentano - Svalutation.mp4
2015-07-26 17:08 - 2015-07-30 00:27 - 00000000 ____D C:\FRST
2015-07-21 00:00 - 2015-07-21 00:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-07-20 21:08 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 21:08 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-17 18:40 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-17 18:40 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-17 18:40 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-17 18:40 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-17 18:40 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-17 18:40 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-17 18:40 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-17 18:39 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-17 18:39 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-17 18:39 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-17 18:39 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-17 18:39 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-17 18:39 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-17 18:39 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-17 18:39 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-17 18:39 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-17 18:39 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-17 18:39 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-17 18:39 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-17 18:39 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-17 18:39 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-17 18:39 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-17 18:39 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-17 18:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-17 18:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-17 18:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-17 18:39 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-17 18:39 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-17 18:39 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-17 18:39 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-17 18:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-17 18:38 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-17 18:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-17 18:38 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-17 18:38 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-17 18:38 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-17 18:38 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-17 18:38 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-17 18:38 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-17 18:38 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-17 18:38 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-17 18:38 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-17 18:38 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-17 18:38 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-17 18:38 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-17 18:38 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-17 18:38 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-17 18:38 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-17 18:38 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-17 18:38 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-17 18:38 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-17 18:38 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-17 18:38 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-17 18:38 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-17 18:38 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-17 18:38 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-17 18:38 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-17 18:38 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-17 18:38 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-17 18:38 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-17 18:38 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-17 18:38 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-17 18:38 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-17 18:38 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-17 18:38 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-17 18:38 - 2015-04-23 19:01 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-07-17 18:38 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-17 18:38 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-17 18:38 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-17 18:38 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-17 18:38 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-17 18:37 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-17 18:37 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-05 15:18 - 2015-07-07 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-30 00:26 - 2014-04-12 18:41 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-30 00:19 - 2014-04-12 18:47 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\ClassicShell
2015-07-30 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-29 23:57 - 2014-05-21 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-29 22:52 - 2014-04-12 19:03 - 01293560 _____ C:\Windows\WindowsUpdate.log
2015-07-29 21:48 - 2014-04-12 18:10 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4276634122-1349516129-2453334311-1002
2015-07-29 20:15 - 2013-09-12 13:28 - 00765378 _____ C:\Windows\system32\perfh007.dat
2015-07-29 20:15 - 2013-09-12 13:28 - 00159696 _____ C:\Windows\system32\perfc007.dat
2015-07-29 20:15 - 2013-09-12 13:00 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 19:29 - 2014-04-13 18:57 - 00000000 ____D C:\Users\Helmut\Desktop\Temp
2015-07-29 19:26 - 2014-04-12 18:41 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 18:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-29 18:03 - 2014-05-21 21:47 - 00000000 ____D C:\Users\Helmut\AppData\Local\FreePDF_XP
2015-07-29 18:02 - 2013-08-22 16:46 - 00098281 _____ C:\Windows\setupact.log
2015-07-29 18:02 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-28 23:10 - 2013-09-12 12:53 - 00129862 _____ C:\Windows\PFRO.log
2015-07-28 23:09 - 2014-04-14 20:22 - 00000000 ____D C:\AdwCleaner
2015-07-28 22:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\TAPI
2015-07-28 22:58 - 2014-04-21 18:51 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2015-07-28 21:29 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-27 00:15 - 2014-04-12 20:01 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\vlc
2015-07-26 00:52 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-25 21:27 - 2014-07-13 12:11 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-25 15:51 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 22:32 - 2014-11-05 23:28 - 00000000 ____D C:\Windows\AutoKMS
2015-07-21 19:32 - 2013-08-22 16:44 - 00485192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-18 10:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-07-18 08:17 - 2014-04-12 19:04 - 00000000 ____D C:\Users\Helmut
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 22:35 - 2014-04-13 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 22:34 - 2015-04-16 07:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 22:34 - 2015-03-12 01:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 22:33 - 2014-04-14 07:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 22:29 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 19:21 - 2014-04-12 18:41 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 19:21 - 2014-04-12 18:41 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 18:57 - 2014-05-21 19:57 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:33 - 2014-04-12 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 12:08 - 2013-09-13 11:12 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 23:17 - 2014-04-29 20:50 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\Skype
2015-07-03 08:43 - 2013-11-22 13:15 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 01:35 - 2014-04-13 22:14 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\uTorrent
2015-07-01 00:57 - 2014-04-13 22:16 - 00000000 ____D C:\Users\Helmut\_TORRENT
2015-07-01 00:56 - 2014-04-28 22:29 - 00000000 ____D C:\Users\Helmut\.OziExplorer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-17 23:22 - 2011-11-04 12:46 - 0733184 _____ (www.rene-zeidler.de) C:\Program Files\Snipping Tool Plus.exe
2014-10-21 07:56 - 2014-10-21 07:56 - 0000050 _____ () C:\Users\Helmut\AppData\Roaming\Camdata.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamLayout.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamShapes.ini
2014-05-06 19:43 - 2015-05-17 15:00 - 0000891 _____ () C:\Users\Helmut\AppData\Roaming\FBS.ini
2014-02-25 10:55 - 2014-02-25 10:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-25 11:07 - 2014-02-25 11:07 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-02-25 11:04 - 2014-02-25 11:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-02-25 11:03 - 2014-02-25 11:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-02-25 11:06 - 2014-02-25 11:07 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-02-25 11:03 - 2014-02-25 11:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-02-25 11:05 - 2014-02-25 11:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Einige Dateien in TEMP:
====================
C:\Users\Helmut\AppData\Local\Temp\fdm_videomon_inst.exe
C:\Users\Helmut\AppData\Local\Temp\Quarantine.exe
C:\Users\Helmut\AppData\Local\Temp\SetupVoipConnect-VoipStunt.exe
C:\Users\Helmut\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Helmut\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-27 18:19

==================== Ende von log ============================
         


Wenn ich http://www.trojaner-board.de/166965-...g-login-2.html richtig verstehe, hat bei Nina, die im Mai 2015 das selbe Problem hatte, anscheinend "HitmanProAlert" den Durchbruch gebracht.
Ob das auch bei mir weiterhilft?


Warte aber auf Instruktionen von dir, bevor ich weitere Schritte unternehme.



LG

Helmut

Alt 30.07.2015, 16:46   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Teste mal bitte ob das nur in einem Browser kommt oder in allen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.07.2015, 18:46   #11
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Hallo,


hier die Übersicht zu verschiedenen Browsern:

Chrome: betroffen
Firefox: betroffen
IE: nicht betroffen
TOR: nicht betroffen


Screenshots:

Chrome:


Firefox:


IE:


TOR:




Bei Chrome und Firefox wird eine falsche Seite angezeigt, denn auch die Telefonnummer der BankAustria-Hotline ist dort eine andere (+43(0)60705 etc statt +43(0)50505 etc).


Ob die bei IE aufscheinende Meldung "Bitte überprüfen Sie die folgenden Felder: Anwendung derzeit nicht verfügbar, bitte versuchen Sie es später erneut." auch ein Problem ist, weiss ich nicht. Bei TOR taucht sie nicht auf.


Helmut

Alt 31.07.2015, 09:35   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Java und Thunderbird updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Helmut\AppData\Local\Microsoft\Windows\INetCache\IE\UILXJ9Y5\SPSetup[1].exe

C:\Users\Helmut\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Helmut\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe

C:\Users\Helmut\Downloads\uTorrent.exe

C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe

C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe

C:\Users\Helmut\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe

I:\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [*LABAL*] => [X]
AutoConfigURL: [S-1-5-21-4276634122-1349516129-2453334311-1002] => https://securedtonnel.net/a2stunnel.js
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF NetworkProxy: "type", 2
RemoveProxy:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.07.2015, 19:15   #13
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Hallo Schrauber,

da scheint nun der entscheidende Schritt dabei gewesen zu sein, die Meldungen sind verschwunden und ich komme wieder auf die reguläre Onlinebanking-Seite.


Hier die Fixlog:

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-07-2015
durchgeführt von Helmut (2015-07-31 19:25:29) Run:1
Gestartet von C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner\FRST-OlderVersion
Geladene Profile: UpdatusUser & Helmut (Verfügbare Profile: UpdatusUser & Helmut)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Users\Helmut\AppData\Local\Microsoft\Windows\INetCache\IE\UILXJ9Y5\SPSetup[1].exe

C:\Users\Helmut\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Helmut\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe

C:\Users\Helmut\Downloads\uTorrent.exe

C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe

C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe

C:\Users\Helmut\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe

I:\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [*LABAL*] => [X]
AutoConfigURL: [S-1-5-21-4276634122-1349516129-2453334311-1002] => https://securedtonnel.net/a2stunnel.js
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF NetworkProxy: "type", 2
RemoveProxy:
Emptytemp:        
*****************

C:\Users\Helmut\AppData\Local\Microsoft\Windows\INetCache\IE\UILXJ9Y5\SPSetup[1].exe => erfolgreich verschoben.
C:\Users\Helmut\AppData\Local\Temp\DMR\dmr_72.exe => erfolgreich verschoben.
C:\Users\Helmut\AppData\Roaming\uTorrent\updates\3.4.1_30768.exe => erfolgreich verschoben.
C:\Users\Helmut\Downloads\uTorrent.exe => erfolgreich verschoben.
C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\streamtransport_chrome_setup1.1.6.2.exe => erfolgreich verschoben.
C:\Users\Helmut\Downloads\streamtransport_1.1.6.2\Streamtransport IE10\streamtransport_setup.exe => erfolgreich verschoben.
C:\Users\Helmut\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe => erfolgreich verschoben.
"I:\_LANDKARTEN 162GB\_GENSHTAB\uTorrent_3.3.0.29126.exe" => Datei/Ordner nicht gefunden.
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Windows\CurrentVersion\Run\\*LABAL* => Wert erfolgreich entfernt
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => Wert erfolgreich entfernt
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4276634122-1349516129-2453334311-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4276634122-1349516129-2453334311-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========

EmptyTemp: => 2.7 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 19:26:31 ====
         


Wenn noch weitere Schritte zur Systembereinigung notwendig sind, mache ich die natürlich auch noch!
Bin aber am Wochenende von Samstagfrüh bis Sonntagnachmittag/abend nicht daheim.

Danke schonmal für die tolle Unterstützung bisher!


LG und schönes WE

Helmut

Alt 01.08.2015, 14:14   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Einfach ein frisches FRST log bitte, ich schau einmal drüber, dann räumen wir auf
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.08.2015, 17:54   #15
Provodnik
 
Bank Austria Onlinebanking - Trojaner - Standard

Bank Austria Onlinebanking - Trojaner



Hier nun die neueste FRST.txt:


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
durchgeführt von Helmut (Administrator) auf PC (03-08-2015 18:52:44)
Gestartet von C:\Users\Helmut\Desktop\Temp\BankAustria Trojaner
Geladene Profile: UpdatusUser & Helmut (Verfügbare Profile: UpdatusUser & Helmut)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [VoipStunt] => "C:\Program Files (x86)\VoipStunt.com\VoipStunt\voipstunt.exe" -nosplash -minimized
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Run: [GoogleChromeAutoLaunch_6A1ACEDA8FEAC8653E625843AF7DBDE9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeHautocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-31] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-05-14] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-31] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{65D95393-D577-4F11-BD33-971548548A4C}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4276634122-1349516129-2453334311-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-images.xml [2015-02-05]
FF SearchPlugin: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\searchplugins\google-maps.xml [2015-02-05]
FF Extension: Social Fixer - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\socialfixer@mattkruse.com.xpi [2014-04-12]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-06-09]
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5zhazwoj.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-4276634122-1349516129-2453334311-1002\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-05-25]

Chrome: 
=======
CHR Profile: C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-13]
CHR Extension: (Google Search) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-13]
CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2014-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-13]
CHR Extension: (Synology Download Station) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida [2015-05-25]
CHR Extension: (Gmail) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-13]

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 hasplms; C:\Windows\system32\hasplms.exe [4621632 2015-04-13] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2015-01-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2014-04-28] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2014-04-28] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2014-04-28] (SafeNet Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2015-04-13] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-31 19:21 - 2015-07-31 19:21 - 00563296 _____ (Oracle Corporation) C:\Users\Helmut\Desktop\jre-8u51-windows-i586-iftw.exe
2015-07-28 23:19 - 2015-07-28 23:19 - 00001799 _____ C:\Users\Helmut\Desktop\JRT.txt
2015-07-28 22:40 - 2015-07-28 22:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-28 22:40 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 22:40 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-28 21:30 - 2015-07-25 15:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 17:45 - 2015-08-03 17:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-27 17:45 - 2015-07-28 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-27 17:45 - 2015-07-27 18:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-27 17:43 - 2015-07-27 18:06 - 00000000 ____D C:\Users\Helmut\Desktop\mbar
2015-07-27 17:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-27 01:01 - 2015-07-27 01:01 - 44888560 _____ C:\Users\Helmut\Desktop\ЧС200 летит - всем бояться!.mp4
2015-07-27 00:55 - 2015-07-27 00:56 - 101771135 _____ C:\Users\Helmut\Desktop\Отправление соединённого грузового поезда.mp4
2015-07-26 22:46 - 2015-07-26 22:48 - 40045893 _____ C:\Users\Helmut\Desktop\Adriano Celentano - Svalutation - 2013(HD).mp4
2015-07-26 22:08 - 2015-07-26 22:08 - 13215805 _____ C:\Users\Helmut\Desktop\Adriano Celentano - Svalutation.mp4
2015-07-26 17:08 - 2015-08-03 18:52 - 00000000 ____D C:\FRST
2015-07-21 00:00 - 2015-07-21 00:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-07-20 21:08 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 21:08 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 21:08 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-17 18:40 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-17 18:40 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-17 18:40 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-17 18:40 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-17 18:40 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-17 18:40 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-17 18:40 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-17 18:40 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-17 18:40 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-17 18:40 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-17 18:40 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-17 18:40 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-17 18:39 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-17 18:39 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-17 18:39 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-17 18:39 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-17 18:39 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-17 18:39 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-17 18:39 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-17 18:39 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-17 18:39 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-17 18:39 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-17 18:39 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-17 18:39 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-17 18:39 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-17 18:39 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-17 18:39 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-17 18:39 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-17 18:39 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-17 18:39 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-17 18:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-17 18:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-17 18:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-17 18:39 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-17 18:39 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-17 18:39 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-17 18:39 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-17 18:39 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-17 18:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-17 18:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-17 18:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-17 18:38 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-17 18:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-17 18:38 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-17 18:38 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-17 18:38 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-17 18:38 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-17 18:38 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-17 18:38 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-17 18:38 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-17 18:38 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-17 18:38 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-17 18:38 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-17 18:38 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-17 18:38 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-17 18:38 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-17 18:38 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-17 18:38 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-17 18:38 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-17 18:38 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-17 18:38 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-17 18:38 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-17 18:38 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-17 18:38 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-17 18:38 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-17 18:38 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-17 18:38 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-17 18:38 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-17 18:38 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-17 18:38 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-17 18:38 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-17 18:38 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-17 18:38 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-17 18:38 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-17 18:38 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-17 18:38 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-17 18:38 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-17 18:38 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-17 18:38 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-17 18:38 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-17 18:38 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-17 18:38 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-17 18:38 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-17 18:38 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 18:38 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-17 18:38 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-17 18:38 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-17 18:38 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-07-17 18:38 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-17 18:38 - 2015-04-23 19:01 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-07-17 18:38 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-17 18:38 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-17 18:38 - 2014-11-04 21:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-17 18:38 - 2014-11-04 21:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-17 18:38 - 2014-11-04 08:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-17 18:38 - 2014-11-04 08:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-17 18:37 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-17 18:37 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-05 15:18 - 2015-07-07 21:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-03 18:26 - 2014-04-12 18:41 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-03 18:06 - 2014-04-12 19:03 - 01785390 _____ C:\Windows\WindowsUpdate.log
2015-08-03 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-03 17:57 - 2014-05-21 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-03 17:49 - 2013-09-12 13:28 - 00765378 _____ C:\Windows\system32\perfh007.dat
2015-08-03 17:49 - 2013-09-12 13:28 - 00159696 _____ C:\Windows\system32\perfc007.dat
2015-08-03 17:49 - 2013-09-12 13:00 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-03 17:44 - 2014-05-21 21:47 - 00000000 ____D C:\Users\Helmut\AppData\Local\FreePDF_XP
2015-08-03 17:44 - 2014-04-12 18:41 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-03 17:43 - 2013-08-22 16:46 - 00098977 _____ C:\Windows\setupact.log
2015-08-03 17:43 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 01:21 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-03 01:20 - 2014-04-12 18:47 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\ClassicShell
2015-08-02 22:47 - 2014-04-12 20:01 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\vlc
2015-08-02 20:40 - 2014-04-12 18:41 - 00000000 ____D C:\Users\Helmut\AppData\Local\Google
2015-08-02 20:40 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-31 19:38 - 2014-04-12 18:10 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4276634122-1349516129-2453334311-1002
2015-07-31 19:27 - 2013-09-12 12:53 - 00131302 _____ C:\Windows\PFRO.log
2015-07-31 19:25 - 2015-05-25 21:29 - 00000000 ____D C:\Users\Helmut\Downloads\streamtransport_1.1.6.2
2015-07-31 19:22 - 2015-05-25 21:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-31 19:22 - 2015-05-25 21:16 - 00000000 ____D C:\ProgramData\Oracle
2015-07-31 19:22 - 2015-05-25 21:16 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-31 01:41 - 2014-04-29 20:50 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\Skype
2015-07-30 21:56 - 2014-10-06 22:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-30 21:56 - 2014-04-29 20:50 - 00000000 ____D C:\ProgramData\Skype
2015-07-30 20:27 - 2014-07-13 12:11 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-30 19:33 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-29 19:29 - 2014-04-13 18:57 - 00000000 ____D C:\Users\Helmut\Desktop\Temp
2015-07-28 23:09 - 2014-04-14 20:22 - 00000000 ____D C:\AdwCleaner
2015-07-28 22:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\TAPI
2015-07-28 22:58 - 2014-04-21 18:51 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2015-07-25 15:51 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 22:32 - 2014-11-05 23:28 - 00000000 ____D C:\Windows\AutoKMS
2015-07-21 19:32 - 2013-08-22 16:44 - 00485192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-18 10:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-07-18 08:17 - 2014-04-12 19:04 - 00000000 ____D C:\Users\Helmut
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 23:54 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 22:35 - 2014-04-13 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 22:34 - 2015-04-16 07:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 22:34 - 2015-03-12 01:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 22:33 - 2014-04-14 07:14 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 22:29 - 2015-04-07 19:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 19:21 - 2014-04-12 18:41 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 19:21 - 2014-04-12 18:41 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 18:57 - 2014-05-21 19:57 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 21:33 - 2014-04-12 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 12:08 - 2013-09-13 11:12 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-17 23:22 - 2011-11-04 12:46 - 0733184 _____ (www.rene-zeidler.de) C:\Program Files\Snipping Tool Plus.exe
2014-10-21 07:56 - 2014-10-21 07:56 - 0000050 _____ () C:\Users\Helmut\AppData\Roaming\Camdata.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamLayout.ini
2014-10-21 07:56 - 2014-10-21 07:56 - 0000408 _____ () C:\Users\Helmut\AppData\Roaming\CamShapes.ini
2014-05-06 19:43 - 2015-05-17 15:00 - 0000891 _____ () C:\Users\Helmut\AppData\Roaming\FBS.ini
2014-02-25 10:55 - 2014-02-25 10:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-25 11:07 - 2014-02-25 11:07 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-02-25 11:04 - 2014-02-25 11:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-02-25 11:03 - 2014-02-25 11:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-02-25 11:06 - 2014-02-25 11:07 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-02-25 11:03 - 2014-02-25 11:04 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2014-02-25 11:05 - 2014-02-25 11:06 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-03 18:47

==================== Ende von log ============================
         

Antwort

Themen zu Bank Austria Onlinebanking - Trojaner
aktiv, aktivitäten, bank austria onlinebanking, dasselbe, dauert, ebanking, entferne, entfernen, firefox, gesperrt, hintergrund, hotline, installiere, installieren, keinerlei, kurzem, länger, meldung, onlinebanking, phone, problem, thread, tritt, troja, trojaner, unterstützung, windows




Ähnliche Themen: Bank Austria Onlinebanking - Trojaner


  1. Bank Austria Onlinebanking, falsche Webseite
    Plagegeister aller Art und deren Bekämpfung - 19.11.2015 (16)
  2. Onlinebanking Zugang von der Bank gesperrt - keine Infektion gefunden
    Log-Analyse und Auswertung - 09.10.2015 (20)
  3. Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt
    Log-Analyse und Auswertung - 04.06.2014 (1)
  4. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  5. Popupfenster mit Tanabfrage beim Onlinebanking der Deutschen Bank
    Log-Analyse und Auswertung - 17.05.2013 (11)
  6. Trojan.Agent.IET / IPH.Trojan.Zbot.Rke / 100er Tan Abfrage OnlineBanking Deutsche Bank
    Log-Analyse und Auswertung - 27.03.2013 (10)
  7. Online Cyber Police Trojaner Austria
    Log-Analyse und Auswertung - 19.09.2012 (1)
  8. cyber polizei austria
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (17)
  9. Polizei mit Ukash-Virus in Austria
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (14)
  10. Bundespolizei Austria Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (11)
  11. Trojaner Bundeskriminalamt Austria Ip-Adresse vorübergehend gesperrt - 100 € zahlen
    Mülltonne - 21.02.2012 (1)
  12. Trojaner Bundeskriminalamt Austria Ip-Adresse vorübergehend gesperrt - 100 € zahlen
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (8)
  13. 20 TANs von Deutsche Bank OnlineBanking gefordert
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (27)
  14. 50 TAN Trojaner bei VR-Bank?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (6)
  15. Bank Austria: Hardware verletzt Bankgeheimnis [Update]
    Nachrichten - 06.10.2010 (0)
  16. Bank Austria: Hardware verletzt Bankgeheimnis
    Nachrichten - 06.10.2010 (0)
  17. 20 Tan Trojaner bei VR Bank
    Plagegeister aller Art und deren Bekämpfung - 18.09.2010 (10)

Zum Thema Bank Austria Onlinebanking - Trojaner - Hallo, ich habe seit kurzem dasselbe Problem wie in diesem Thread geschildert: http://www.trojaner-board.de/166965-...ing-login.html Es kommt beim Login zur Meldung, dass man am Smartphone eine App installieren muss und dass nur - Bank Austria Onlinebanking - Trojaner...
Archiv
Du betrachtest: Bank Austria Onlinebanking - Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.