Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: FTP-Passwörter geknackt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.09.2014, 00:41   #1
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Hallo zusammen,

nachdem ich mit den üblichen Bordmitteln (avast, Spybot S&D) nicht mehr weiterkomme, wende ich mich vertrauensvoll an diese tolle Institution...

Ich betreibe einige kleine Websites (verschiedene Domains, verschiedene Hoster). Vor Kurzem bekam ich eine E-Mail von einem Hoster dass es Virenfunde in einer Wordpress-Installation gab. Der Verursacher wurde in der automatisch generierten E-Mail ebenfalls benannt. Es war eine .php-Datei die im Verzeichnis einer anderen Homepage lag, die ich da ganz sicher nicht abgeladen hatte... Absurderweise ist dieses Projekt komplett ohne CMS gebaut worden, so dass es eigentlich keine "Standard-Angriffsflächen" gibt... außer man hat natürlich das FTP-Passwort. Das scheint wohl genau das Problem zu sein. Da ich hier komplett auf'm Schlauch stehe wie das wohl in den Griff zu bekommen ist poste ich hier jetzt die initial geforderten Logs und warte ehrfürchtig(!) auf auf einen Helfer.


Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:44 on 01/09/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ***** (administrator) on THINKTANK on 01-09-2014 22:51:40
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synology Inc.) C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-18] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-30] (Google Inc.)
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {6D0687E1-170A-4BC6-9B30-C0E863DDAE84} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6D0687E1-170A-4BC6-9B30-C0E863DDAE84} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=e29718ee-f9ba-11e0-bd86-001f163629ae&q={searchTerms}
SearchScopes: HKCU - {6D0687E1-170A-4BC6-9B30-C0E863DDAE84} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=e29718ee-f9ba-11e0-bd86-001f163629ae&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-05-08]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-27] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-27] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 22:51 - 2014-09-01 22:52 - 00028032 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:42 - 2014-08-19 14:43 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-11 21:50 - 2014-08-11 21:51 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-03 08:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 08:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 08:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 08:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 08:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 08:26 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 08:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 08:26 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 08:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 22:52 - 2014-09-01 22:51 - 00028032 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:50 - 2011-03-30 10:32 - 01976008 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 22:46 - 2012-07-06 10:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-01 22:46 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-01 22:45 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-01 22:45 - 2011-04-07 11:13 - 00322378 _____ () C:\Windows\PFRO.log
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 22:45 - 2009-07-14 06:51 - 00232321 _____ () C:\Windows\setupact.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:44 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-01 22:44 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-01 22:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 22:29 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-01 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-01 18:36 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-01 17:57 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 17:57 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 17:57 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:43 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 14:43 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 12:12 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-09-01 09:00 - 2012-01-13 10:40 - 00029082 _____ () C:\Windows\system32\lvcoinst.log
2014-09-01 09:00 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-01 09:00 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-01 01:34 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-08-31 22:37 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-08-30 15:47 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:43 - 2014-08-19 14:42 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-11 21:51 - 2014-08-11 21:50 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:11 - 2013-10-16 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 21:10 - 2011-03-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Java

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 16:14

==================== End Of Log ============================
         

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by ***** at 2014-09-01 22:53:04
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Advanced Web Ranking (HKLM-x32\...\{7D4F5844-407A-40CE-91B3-AF88A6D3E877}) (Version: 11.0 - Caphyon)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Amazon MP3-Downloader 1.0.15 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM-x32\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.9 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.9 - Balsamiq SRL) Hidden
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM Development Team)
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bwin Poker (HKLM-x32\...\bwincomPoker) (Version:  - bwincom)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5200 series Benutzerregistrierung (HKLM-x32\...\Canon MG5200 series Benutzerregistrierung) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
DirComp (HKLM-x32\...\{C153B6B0-A94B-44F4-9957-99551406FB02}) (Version: 2.08.0000 - Wirth IT Design)
Ditto 3.17.0.17 (HKLM-x32\...\Ditto_is1) (Version:  - Scott Brogden)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Google AdWords Editor (HKLM-x32\...\{52915551-80CE-4446-8E61-85085BA98495}) (Version: 10.2.1 - Google)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
HDClone 4 Free Edition (HKLM-x32\...\HDClone.Free.4.0.4.1031-{AB647B59-8203-4474-937A-E665448D873F}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
iTunesFolderWatch (HKLM-x32\...\{42CA9D92-E0D2-4514-A59A-C0C6CD9E1679}) (Version: 2.1.05 - JezSoft)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 1.61.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM-x32\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.6.6 - Vaclav Slavik)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (HKLM-x32\...\{8F311E72-C27F-4DF0-8254-B739A1831668}_is1) (Version: v2012.build.53 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad TrackPoint Driver (HKLM\...\TrackPoint) (Version: 4.73.1.0 - Lenovo)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.8 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.140610 - TweetAdder.com)
TweetDeck (HKLM-x32\...\{C5AC39F1-001D-4338-84C6-35109525588A}) (Version: 1.0.0 - Twitter, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-19 16:18 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {27C244D6-2F9A-47A2-A5BF-308486B93EBE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {2CF775A5-0AFB-49E0-A4EC-0D299E8468BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {30C26CDD-93EB-4F2F-8A8C-3F80D8D1E669} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {366217DA-82DA-4F13-B630-144920D37808} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {3F0B957A-D255-4313-8D18-1976E1535F6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4ADC716C-470B-4DE7-BBC3-D74FA8DA0F69} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {4BF8F90E-D15F-48F3-994D-034123880621} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {54721562-667D-4ED8-8713-C51961C69575} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {556AE063-D1B9-4490-BCBB-33BB2A53D921} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {5B2FAC70-8377-4780-9C07-93CD75A70F8B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {6643CC10-48C8-4356-AB2A-31FD573B671B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {6A269A4F-44D1-4352-8363-9932342325CC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {6F2B3585-85CE-4166-8B54-5EA640F8EE47} - System32\Tasks\{4B877246-0C6E-4893-A99E-89300D88AAAD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.6.59.110/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {6F874530-4B6A-44A1-AE16-D1CC7B89E0F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {9D79092E-4CAC-4FF9-A46D-A2F1A57E3586} - System32\Tasks\Synology Data Replicator 3-Thinktank-***** => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe [2013-06-28] (Synology Inc.)
Task: {9F836E20-0092-48CD-8B41-FC6185CC1042} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {A250D90D-9E31-490F-B5A9-D372B1FEB767} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {BE41DBA2-81E9-41F5-85F6-DAFB19667974} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {C4E54C5A-36D8-45C7-9429-E42A0D811438} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {CC2B3395-CD3C-4BCD-88AD-02F0E82A812D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-27] (AVAST Software)
Task: {EB07A15B-D3AB-4309-BB33-6DD5380F1EFE} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {EFC7CB89-D1F9-4217-9343-55E1B7FB19B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F08C858A-5D73-42AF-ACAA-323FFC0E4CA0} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {F300BE69-F190-4FFB-A0B7-991927E24FAA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {FE050AF2-484A-4AA6-95F3-D93CEA6D971B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-06-28 11:35 - 2013-06-28 11:35 - 00381312 _____ () C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
2013-11-14 15:28 - 2013-11-14 15:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2011-05-06 13:39 - 2010-12-23 12:56 - 00831488 _____ () C:\Program Files (x86)\Ditto\Ditto.exe
2011-03-30 10:28 - 2012-05-16 06:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2014-09-01 20:16 - 2014-09-01 20:16 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090101\algo.dll
2014-09-01 22:48 - 2014-09-01 22:48 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090102\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-19 05:49 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 05:49 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 05:49 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-19 05:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 05:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-05-06 13:39 - 2010-12-23 12:55 - 00511383 _____ () C:\Program Files (x86)\Ditto\sqlite3.dll
2011-05-06 13:39 - 2010-12-23 12:55 - 00034304 _____ () C:\Program Files (x86)\Ditto\focus.dll
2011-05-06 13:39 - 2010-12-23 12:55 - 00059904 _____ () C:\Program Files (x86)\Ditto\zlib1.dll
2013-10-23 16:53 - 2013-10-23 16:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4617

Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4617

Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4259

Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4259

Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2014 08:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089


System errors:
=============
Error: (09/01/2014 10:46:24 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (09/01/2014 07:49:41 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (08/31/2014 10:36:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (08/31/2014 10:36:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/31/2014 10:36:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/30/2014 10:15:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.

Error: (08/30/2014 10:15:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/30/2014 10:15:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/29/2014 08:54:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (08/29/2014 08:40:43 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.


Microsoft Office Sessions:
=========================
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4617

Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4617

Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4259

Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4259

Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/01/2014 08:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3992.03 MB
Available physical RAM: 1962.03 MB
Total Pagefile: 7982.24 MB
Available Pagefile: 6042.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:429.43 GB) (Free:110.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:31.2 GB) (Free:24.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13B672CB)
Partition 1: (Active) - (Size=5.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=429.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=31.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

GMER hat hier leider nicht mehr reingepasst, deshalb als Anhang anbei.

Alt 02.09.2014, 07:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 02.09.2014, 09:46   #3
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Danke für die schnelle Hilfe!
Hier die neuen Logs:


Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
***** :: THINKTANK [administrator]

02.09.2014 08:46:26
mbar-log-2014-09-02 (08-46-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 316505
Time elapsed: 17 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\*****\AppData\Roaming\desktop.ini (Trojan.Agent) -> Delete on reboot. [c9d08247de9dd6600a7cbcf9ba47768a]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


TDSSKiller
Code:
ATTFilter
09:34:05.0211 0x00e4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:34:11.0957 0x00e4  ============================================================
09:34:11.0957 0x00e4  Current date / time: 2014/09/02 09:34:11.0957
09:34:11.0957 0x00e4  SystemInfo:
09:34:11.0957 0x00e4  
09:34:11.0957 0x00e4  OS Version: 6.1.7601 ServicePack: 1.0
09:34:11.0957 0x00e4  Product type: Workstation
09:34:11.0957 0x00e4  ComputerName: THINKTANK
09:34:11.0958 0x00e4  UserName: *****
09:34:11.0958 0x00e4  Windows directory: C:\Windows
09:34:11.0958 0x00e4  System windows directory: C:\Windows
09:34:11.0958 0x00e4  Running under WOW64
09:34:11.0958 0x00e4  Processor architecture: Intel x64
09:34:11.0958 0x00e4  Number of processors: 2
09:34:11.0958 0x00e4  Page size: 0x1000
09:34:11.0958 0x00e4  Boot type: Normal boot
09:34:11.0958 0x00e4  ============================================================
09:34:12.0080 0x00e4  KLMD registered as C:\Windows\system32\drivers\74257599.sys
09:34:12.0589 0x00e4  System UUID: {7800C98F-BA55-20A9-6FAE-B03C72683442}
09:34:13.0216 0x00e4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:34:13.0232 0x00e4  ============================================================
09:34:13.0232 0x00e4  \Device\Harddisk0\DR0:
09:34:13.0232 0x00e4  MBR partitions:
09:34:13.0232 0x00e4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA4351E
09:34:13.0232 0x00e4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA43D1E, BlocksNum 0x35ADE13B
09:34:13.0232 0x00e4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36521E59, BlocksNum 0x3E641D7
09:34:13.0232 0x00e4  ============================================================
09:34:13.0263 0x00e4  C: <-> \Device\Harddisk0\DR0\Partition2
09:34:13.0307 0x00e4  E: <-> \Device\Harddisk0\DR0\Partition3
09:34:13.0308 0x00e4  ============================================================
09:34:13.0308 0x00e4  Initialize success
09:34:13.0308 0x00e4  ============================================================
09:34:27.0655 0x1340  ============================================================
09:34:27.0655 0x1340  Scan started
09:34:27.0655 0x1340  Mode: Manual; SigCheck; TDLFS; 
09:34:27.0655 0x1340  ============================================================
09:34:27.0655 0x1340  KSN ping started
09:34:41.0446 0x1340  KSN ping finished: true
09:34:42.0707 0x1340  ================ Scan system memory ========================
09:34:42.0707 0x1340  System memory - ok
09:34:42.0717 0x1340  ================ Scan services =============================
09:34:42.0877 0x1340  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:34:43.0047 0x1340  1394ohci - ok
09:34:43.0077 0x1340  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:34:43.0107 0x1340  ACPI - ok
09:34:43.0117 0x1340  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:34:43.0227 0x1340  AcpiPmi - ok
09:34:43.0347 0x1340  [ 81FDE4250DA1720657A42C2020B1AA28, 0E35C692347A576B41ADC45D922AF6B9F0A7F857E94A50842873A55D21F4C9D0 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
09:34:43.0387 0x1340  AcPrfMgrSvc - ok
09:34:43.0447 0x1340  [ 01A8EAA10F8B827F59CF506A97EC37C0, 44351082300A5B3A90F742F5C39AFF219D5FCF2F94CA7785DB2762AEB854212E ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
09:34:43.0467 0x1340  AcSvc - ok
09:34:43.0567 0x1340  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:34:43.0597 0x1340  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
09:34:46.0077 0x1340  Detect skipped due to KSN trusted
09:34:46.0077 0x1340  Adobe LM Service - ok
09:34:46.0167 0x1340  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:34:46.0207 0x1340  AdobeARMservice - ok
09:34:46.0317 0x1340  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:34:46.0357 0x1340  AdobeFlashPlayerUpdateSvc - ok
09:34:46.0407 0x1340  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:34:46.0447 0x1340  adp94xx - ok
09:34:46.0487 0x1340  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:34:46.0507 0x1340  adpahci - ok
09:34:46.0527 0x1340  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:34:46.0537 0x1340  adpu320 - ok
09:34:46.0567 0x1340  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:34:46.0697 0x1340  AeLookupSvc - ok
09:34:46.0777 0x1340  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:34:46.0867 0x1340  AFD - ok
09:34:46.0897 0x1340  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:34:46.0917 0x1340  agp440 - ok
09:34:46.0947 0x1340  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:34:47.0017 0x1340  ALG - ok
09:34:47.0047 0x1340  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:34:47.0067 0x1340  aliide - ok
09:34:47.0097 0x1340  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:34:47.0107 0x1340  amdide - ok
09:34:47.0127 0x1340  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:34:47.0157 0x1340  AmdK8 - ok
09:34:47.0177 0x1340  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:34:47.0197 0x1340  AmdPPM - ok
09:34:47.0227 0x1340  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:34:47.0237 0x1340  amdsata - ok
09:34:47.0257 0x1340  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:34:47.0277 0x1340  amdsbs - ok
09:34:47.0287 0x1340  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:34:47.0307 0x1340  amdxata - ok
09:34:47.0347 0x1340  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:34:47.0507 0x1340  AppID - ok
09:34:47.0547 0x1340  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:34:47.0597 0x1340  AppIDSvc - ok
09:34:47.0647 0x1340  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:34:47.0737 0x1340  Appinfo - ok
09:34:47.0817 0x1340  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:34:47.0857 0x1340  Apple Mobile Device - ok
09:34:47.0887 0x1340  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:34:47.0927 0x1340  AppMgmt - ok
09:34:47.0997 0x1340  [ CF4AAEDE8E4747397E554024252C40F5, 3AC91BD286C51D3D05F01B8DEBCA417123A38751147B606F437D348A40FE2004 ] AQFileRestore   C:\Windows\system32\DRIVERS\AQFileRestore.sys
09:34:48.0037 0x1340  AQFileRestore - ok
09:34:48.0077 0x1340  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:34:48.0097 0x1340  arc - ok
09:34:48.0117 0x1340  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:34:48.0127 0x1340  arcsas - ok
09:34:48.0237 0x1340  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:34:48.0317 0x1340  aspnet_state - ok
09:34:48.0387 0x1340  [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
09:34:48.0427 0x1340  aswHwid - ok
09:34:48.0487 0x1340  [ ED5B09937D559FFA53FC988D20031E98, EC9E50C9BC2184AE93944EA3115A25BADF5FFB91D11776498EBC9A0D60029A84 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
09:34:48.0517 0x1340  aswMonFlt - ok
09:34:48.0537 0x1340  [ 33C77DCB0AEC76E26BD6352A1A5281BB, CEA7BB3407C1F900DE5CB09F42AF7734811F86B7DE0085FADC7AAE8178D59665 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
09:34:48.0547 0x1340  aswRdr - ok
09:34:48.0587 0x1340  [ BF5B9E9E97CED45208E498D9FA73688F, BCB2CC516EAD040573D80599C2306ECB26FCCB16A97B940327CD3A3CE9077877 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
09:34:48.0597 0x1340  aswRvrt - ok
09:34:48.0707 0x1340  [ F88CE00A7736C349ED1414D7ECDC9BED, 8C0783CE32968874065C2F46088B34F9C872F26C98AB8E8BA895D84CCB25E534 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
09:34:48.0757 0x1340  aswSnx - ok
09:34:48.0807 0x1340  [ 3AE912B08E2A1ABB2B63F3C56BED95C2, BE99BA3A74427444FEE5D47D70BDBA631DBBF50D80B0483C0675F87119926765 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
09:34:48.0827 0x1340  aswSP - ok
09:34:48.0877 0x1340  [ A7115ED31675BB823CFA9FE571C25676, DEEBB3920934DCDDD488DCFCB1E6F4C7EFDD3C79F31E41D59E292C3CF9400E95 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
09:34:48.0907 0x1340  aswStm - ok
09:34:48.0947 0x1340  [ 47CBD3F64E412FFAFD93404580A3C7B9, F9B02E232416BAFC21BCBCDC0A3D9E5E855BFAF11F29ED2C4C469692E6688278 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
09:34:48.0967 0x1340  aswVmm - ok
09:34:49.0007 0x1340  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:49.0057 0x1340  AsyncMac - ok
09:34:49.0087 0x1340  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:34:49.0097 0x1340  atapi - ok
09:34:49.0177 0x1340  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:34:49.0247 0x1340  AudioEndpointBuilder - ok
09:34:49.0267 0x1340  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:34:49.0317 0x1340  AudioSrv - ok
09:34:49.0397 0x1340  [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:34:49.0417 0x1340  avast! Antivirus - ok
09:34:49.0527 0x1340  [ 31D30350C785E48527C4A806F4C15C52, 98BCB249C8C369C538D8E3F0E3543CA91386936CF1B2D9FB7B468F912DC9161D ] AWRScheduler    C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
09:34:49.0557 0x1340  AWRScheduler - ok
09:34:49.0607 0x1340  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:34:49.0677 0x1340  AxInstSV - ok
09:34:49.0727 0x1340  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:34:49.0767 0x1340  b06bdrv - ok
09:34:49.0797 0x1340  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:34:49.0817 0x1340  b57nd60a - ok
09:34:49.0907 0x1340  [ 2ED050291BC1D7F9E322E328DB3AAECF, 906DB2E9A8020EDB33C9732C7BA2474D6600C9B14537AAD4EBFE924A7801794B ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:34:49.0937 0x1340  BBSvc - ok
09:34:50.0007 0x1340  [ 785DE7ABDA13309D6065305542829E76, 78F49A5349B66042836615EF99B4EB70FA708369D315D105513C04F33070D297 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:34:50.0037 0x1340  BBUpdate - ok
09:34:50.0077 0x1340  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:34:50.0137 0x1340  BDESVC - ok
09:34:50.0157 0x1340  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:34:50.0227 0x1340  Beep - ok
09:34:50.0317 0x1340  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:34:50.0389 0x1340  BFE - ok
09:34:50.0469 0x1340  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:34:50.0589 0x1340  BITS - ok
09:34:50.0619 0x1340  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:34:50.0649 0x1340  blbdrive - ok
09:34:50.0749 0x1340  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:34:50.0779 0x1340  Bonjour Service - ok
09:34:50.0809 0x1340  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:34:50.0839 0x1340  bowser - ok
09:34:50.0869 0x1340  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:34:50.0959 0x1340  BrFiltLo - ok
09:34:50.0989 0x1340  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:34:51.0029 0x1340  BrFiltUp - ok
09:34:51.0079 0x1340  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:34:51.0139 0x1340  Browser - ok
09:34:51.0169 0x1340  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:34:51.0249 0x1340  Brserid - ok
09:34:51.0269 0x1340  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:34:51.0299 0x1340  BrSerWdm - ok
09:34:51.0319 0x1340  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:34:51.0360 0x1340  BrUsbMdm - ok
09:34:51.0380 0x1340  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:34:51.0400 0x1340  BrUsbSer - ok
09:34:51.0440 0x1340  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
09:34:51.0550 0x1340  BthEnum - ok
09:34:51.0580 0x1340  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:34:51.0620 0x1340  BTHMODEM - ok
09:34:51.0640 0x1340  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:34:51.0680 0x1340  BthPan - ok
09:34:51.0720 0x1340  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
09:34:51.0770 0x1340  BTHPORT - ok
09:34:51.0810 0x1340  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:34:51.0860 0x1340  bthserv - ok
09:34:51.0890 0x1340  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
09:34:51.0920 0x1340  BTHUSB - ok
09:34:51.0970 0x1340  [ 32B94975BF6F101C27C43E90FF8ABBEB, B5475D9A705894CBFA583D6E9DAF969527A75800E98D0288182BAB2F10136642 ] busenum         C:\Windows\system32\DRIVERS\busenum.sys
09:34:52.0000 0x1340  busenum - ok
09:34:52.0060 0x1340  [ 9C4E50BEA239E2D45099EC919F779DB0, 4B2C557CE8B416A841A5399128AD5D53F369B18E47AC36951F7846C78F875FC7 ] CAXHWAZL        C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:34:52.0080 0x1340  CAXHWAZL - ok
09:34:52.0110 0x1340  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:34:52.0190 0x1340  cdfs - ok
09:34:52.0240 0x1340  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:34:52.0290 0x1340  cdrom - ok
09:34:52.0340 0x1340  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:34:52.0410 0x1340  CertPropSvc - ok
09:34:52.0430 0x1340  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:34:52.0460 0x1340  circlass - ok
09:34:52.0490 0x1340  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:34:52.0520 0x1340  CLFS - ok
09:34:52.0580 0x1340  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:34:52.0620 0x1340  clr_optimization_v2.0.50727_32 - ok
09:34:52.0660 0x1340  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:34:52.0690 0x1340  clr_optimization_v2.0.50727_64 - ok
09:34:52.0780 0x1340  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:34:52.0810 0x1340  clr_optimization_v4.0.30319_32 - ok
09:34:52.0840 0x1340  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:34:52.0960 0x1340  clr_optimization_v4.0.30319_64 - ok
09:34:53.0000 0x1340  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:34:53.0020 0x1340  CmBatt - ok
09:34:53.0040 0x1340  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:34:53.0050 0x1340  cmdide - ok
09:34:53.0100 0x1340  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:34:53.0140 0x1340  CNG - ok
09:34:53.0200 0x1340  [ D3C4F72E8F8DC523B02A0C313CEEEA99, 754A7A75EBD0D8C67C286984BE79120480F3DCCD5271228D5A5006ADE62F82D1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:34:53.0280 0x1340  CnxtHdAudService - ok
09:34:53.0310 0x1340  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:34:53.0330 0x1340  Compbatt - ok
09:34:53.0360 0x1340  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:34:53.0400 0x1340  CompositeBus - ok
09:34:53.0430 0x1340  COMSysApp - ok
09:34:53.0450 0x1340  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:34:53.0470 0x1340  crcdisk - ok
09:34:53.0530 0x1340  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:34:53.0580 0x1340  CryptSvc - ok
09:34:53.0640 0x1340  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:34:53.0730 0x1340  CSC - ok
09:34:53.0790 0x1340  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:34:53.0850 0x1340  CscService - ok
09:34:53.0910 0x1340  [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
09:34:53.0950 0x1340  dc3d - ok
09:34:54.0000 0x1340  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:34:54.0070 0x1340  DcomLaunch - ok
09:34:54.0110 0x1340  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:34:54.0160 0x1340  defragsvc - ok
09:34:54.0190 0x1340  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:34:54.0240 0x1340  DfsC - ok
09:34:54.0310 0x1340  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:34:54.0391 0x1340  Dhcp - ok
09:34:54.0431 0x1340  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:34:54.0521 0x1340  discache - ok
09:34:54.0561 0x1340  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:34:54.0571 0x1340  Disk - ok
09:34:54.0611 0x1340  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:34:54.0661 0x1340  Dnscache - ok
09:34:54.0701 0x1340  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:34:54.0751 0x1340  dot3svc - ok
09:34:54.0801 0x1340  [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
09:34:54.0821 0x1340  DozeSvc - ok
09:34:54.0861 0x1340  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:34:54.0911 0x1340  DPS - ok
09:34:54.0941 0x1340  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:34:54.0981 0x1340  drmkaud - ok
09:34:55.0081 0x1340  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:34:55.0111 0x1340  DXGKrnl - ok
09:34:55.0181 0x1340  [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
09:34:55.0201 0x1340  DzHDD64 - ok
09:34:55.0251 0x1340  [ 11D0ECA73AB25135F65656B93ADBCB3D, 65970D64DFB2272C36918D47B440ECDB45D99BAABB78651BF67D1BD0026A45CC ] e1yexpress      C:\Windows\system32\DRIVERS\e1y62x64.sys
09:34:55.0271 0x1340  e1yexpress - ok
09:34:55.0311 0x1340  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:34:55.0361 0x1340  EapHost - ok
09:34:55.0484 0x1340  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:34:55.0613 0x1340  ebdrv - ok
09:34:55.0653 0x1340  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:34:55.0733 0x1340  EFS - ok
09:34:55.0803 0x1340  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:34:55.0883 0x1340  ehRecvr - ok
09:34:55.0913 0x1340  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:34:55.0953 0x1340  ehSched - ok
09:34:56.0003 0x1340  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:34:56.0033 0x1340  elxstor - ok
09:34:56.0063 0x1340  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:34:56.0103 0x1340  ErrDev - ok
09:34:56.0153 0x1340  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:34:56.0203 0x1340  EventSystem - ok
09:34:56.0223 0x1340  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:34:56.0263 0x1340  exfat - ok
09:34:56.0283 0x1340  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:34:56.0333 0x1340  fastfat - ok
09:34:56.0423 0x1340  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:34:56.0483 0x1340  Fax - ok
09:34:56.0503 0x1340  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:34:56.0523 0x1340  fdc - ok
09:34:56.0553 0x1340  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:34:56.0603 0x1340  fdPHost - ok
09:34:56.0623 0x1340  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:34:56.0663 0x1340  FDResPub - ok
09:34:56.0683 0x1340  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:34:56.0693 0x1340  FileInfo - ok
09:34:56.0713 0x1340  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:34:56.0753 0x1340  Filetrace - ok
09:34:56.0773 0x1340  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:56.0793 0x1340  flpydisk - ok
09:34:56.0833 0x1340  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:34:56.0853 0x1340  FltMgr - ok
09:34:56.0923 0x1340  [ 813155B27B68DACCBAECCCEEA60BD8BF, 24BD34825B0D1A1DCB9BD1834733B21A8EB2DA49B9B31F8B1AFC1D71DC8CE823 ] FolderSize      C:\Program Files\FolderSize\FolderSizeSvc.exe
09:34:56.0933 0x1340  FolderSize - detected UnsignedFile.Multi.Generic ( 1 )
09:34:59.0393 0x1340  Detect skipped due to KSN trusted
09:34:59.0393 0x1340  FolderSize - ok
09:34:59.0493 0x1340  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:34:59.0563 0x1340  FontCache - ok
09:34:59.0623 0x1340  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:34:59.0663 0x1340  FontCache3.0.0.0 - ok
09:34:59.0689 0x1340  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:34:59.0702 0x1340  FsDepends - ok
09:34:59.0745 0x1340  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:34:59.0755 0x1340  Fs_Rec - ok
09:34:59.0805 0x1340  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:34:59.0845 0x1340  fvevol - ok
09:34:59.0865 0x1340  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:34:59.0885 0x1340  gagp30kx - ok
09:34:59.0915 0x1340  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:34:59.0925 0x1340  GEARAspiWDM - ok
09:35:00.0005 0x1340  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:35:00.0115 0x1340  gpsvc - ok
09:35:00.0185 0x1340  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:35:00.0205 0x1340  gusvc - ok
09:35:00.0225 0x1340  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:35:00.0265 0x1340  hcw85cir - ok
09:35:00.0315 0x1340  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:35:00.0375 0x1340  HdAudAddService - ok
09:35:00.0405 0x1340  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:35:00.0445 0x1340  HDAudBus - ok
09:35:00.0475 0x1340  [ 15C9789470B8855AC2F54FDF96802D13, 5375BBA13219456DA87023F206732BF76F934DC04C8E298C7C5E94944CC268D4 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
09:35:00.0485 0x1340  HECIx64 - ok
09:35:00.0505 0x1340  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:35:00.0535 0x1340  HidBatt - ok
09:35:00.0545 0x1340  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:35:00.0585 0x1340  HidBth - ok
09:35:00.0615 0x1340  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:35:00.0655 0x1340  HidIr - ok
09:35:00.0675 0x1340  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:35:00.0725 0x1340  hidserv - ok
09:35:00.0775 0x1340  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:35:00.0825 0x1340  HidUsb - ok
09:35:00.0865 0x1340  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:35:00.0935 0x1340  hkmsvc - ok
09:35:00.0985 0x1340  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:35:01.0025 0x1340  HomeGroupListener - ok
09:35:01.0065 0x1340  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:35:01.0095 0x1340  HomeGroupProvider - ok
09:35:01.0135 0x1340  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:35:01.0145 0x1340  HpSAMD - ok
09:35:01.0265 0x1340  [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
09:35:01.0315 0x1340  HsfXAudioService - ok
09:35:01.0385 0x1340  [ 5A518B63D408B2DBC1778788456E1A66, 177A11C53E9B00A166DB8942F43C0FB6F5699248D2D2D8061C5057CE4E882C3B ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:35:01.0435 0x1340  HSF_DPV - ok
09:35:01.0475 0x1340  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:35:01.0535 0x1340  HTCAND64 - ok
09:35:01.0585 0x1340  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:35:01.0655 0x1340  HTTP - ok
09:35:01.0695 0x1340  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:35:01.0715 0x1340  hwpolicy - ok
09:35:01.0745 0x1340  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:35:01.0765 0x1340  i8042prt - ok
09:35:01.0805 0x1340  [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:35:01.0825 0x1340  iaStor - ok
09:35:01.0885 0x1340  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:35:01.0925 0x1340  iaStorV - ok
09:35:01.0965 0x1340  [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:35:01.0985 0x1340  IBMPMDRV - ok
09:35:02.0015 0x1340  [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
09:35:02.0045 0x1340  IBMPMSVC - ok
09:35:02.0135 0x1340  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:35:02.0165 0x1340  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
09:35:04.0645 0x1340  Detect skipped due to KSN trusted
09:35:04.0645 0x1340  IDriverT - ok
09:35:04.0745 0x1340  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:35:04.0785 0x1340  idsvc - ok
09:35:04.0815 0x1340  IEEtwCollectorService - ok
09:35:05.0155 0x1340  [ 4EAA4261E1AD4B860657CADA790B9B38, BC4D7F207F1A7D67371169545D2C68D696EF69DF4C740F74D6ABFBE4B5CA48A6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:35:05.0679 0x1340  igfx - ok
09:35:05.0729 0x1340  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:35:05.0739 0x1340  iirsp - ok
09:35:05.0829 0x1340  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:35:05.0879 0x1340  IKEEXT - ok
09:35:05.0899 0x1340  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:35:05.0909 0x1340  intelide - ok
09:35:05.0939 0x1340  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:35:05.0969 0x1340  intelppm - ok
09:35:05.0999 0x1340  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:35:06.0049 0x1340  IPBusEnum - ok
09:35:06.0089 0x1340  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:06.0129 0x1340  IpFilterDriver - ok
09:35:06.0159 0x1340  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:35:06.0169 0x1340  IPMIDRV - ok
09:35:06.0199 0x1340  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:35:06.0249 0x1340  IPNAT - ok
09:35:06.0349 0x1340  [ 68A5EDD4843CF0033BAE537C9C495F69, 386C66A6562218D0F0A616D75457CDA4B82DB87DC3DA83935497819963DB6D86 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:35:06.0379 0x1340  iPod Service - ok
09:35:06.0409 0x1340  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:35:06.0449 0x1340  IRENUM - ok
09:35:06.0469 0x1340  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:35:06.0479 0x1340  isapnp - ok
09:35:06.0539 0x1340  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:35:06.0569 0x1340  iScsiPrt - ok
09:35:06.0599 0x1340  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:35:06.0609 0x1340  IviRegMgr - ok
09:35:06.0619 0x1340  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:06.0629 0x1340  kbdclass - ok
09:35:06.0659 0x1340  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:35:06.0689 0x1340  kbdhid - ok
09:35:06.0709 0x1340  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:35:06.0729 0x1340  KeyIso - ok
09:35:06.0769 0x1340  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:35:06.0779 0x1340  KSecDD - ok
09:35:06.0799 0x1340  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:35:06.0819 0x1340  KSecPkg - ok
09:35:06.0849 0x1340  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:35:06.0899 0x1340  ksthunk - ok
09:35:06.0959 0x1340  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:35:07.0059 0x1340  KtmRm - ok
09:35:07.0109 0x1340  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:35:07.0169 0x1340  LanmanServer - ok
09:35:07.0229 0x1340  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:35:07.0329 0x1340  LanmanWorkstation - ok
09:35:07.0409 0x1340  [ A4973DF3264791952D6D7AB56565DD55, 4A2666889AC619EB2F5FDC876001D9043F04D58372FDF72AE0C31F51B6CE61F8 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:35:07.0429 0x1340  LENOVO.CAMMUTE - ok
09:35:07.0459 0x1340  [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
09:35:07.0469 0x1340  lenovo.smi - ok
09:35:07.0479 0x1340  [ 05D72DE005BE625CE60CE3BE4FAB9714, D26226161C89F09EF8A2F3AFFD551C684696C4D73CAB7338162008EB0B480D85 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:35:07.0489 0x1340  LENOVO.TPKNRSVC - ok
09:35:07.0509 0x1340  [ F7DE50781DC4D162C1005EB30D98F931, CDD07CD2E300DCD818CF97AC05CAFD2BA5568CEA10622D69E156CFC936DD4769 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:35:07.0519 0x1340  Lenovo.VIRTSCRLSVC - ok
09:35:07.0549 0x1340  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:35:07.0599 0x1340  lltdio - ok
09:35:07.0639 0x1340  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:35:07.0709 0x1340  lltdsvc - ok
09:35:07.0719 0x1340  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:35:07.0769 0x1340  lmhosts - ok
09:35:07.0799 0x1340  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:35:07.0809 0x1340  LSI_FC - ok
09:35:07.0829 0x1340  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:35:07.0839 0x1340  LSI_SAS - ok
09:35:07.0859 0x1340  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:35:07.0869 0x1340  LSI_SAS2 - ok
09:35:07.0879 0x1340  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:35:07.0899 0x1340  LSI_SCSI - ok
09:35:07.0919 0x1340  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:35:07.0959 0x1340  luafv - ok
09:35:08.0029 0x1340  [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
09:35:08.0069 0x1340  LVRS64 - ok
09:35:08.0239 0x1340  [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
09:35:08.0379 0x1340  LVUVC64 - ok
09:35:08.0430 0x1340  [ B8EAC4507EB4655377B1E094FCE7F12E, FF094A752224F2A5F4866B56D84B80DB18467776645C01B4CADAB85C377B9EE8 ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
09:35:08.0440 0x1340  Macromedia Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
09:35:10.0890 0x1340  Detect skipped due to KSN trusted
09:35:10.0890 0x1340  Macromedia Licensing Service - ok
09:35:10.0940 0x1340  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:35:10.0970 0x1340  Mcx2Svc - ok
09:35:11.0010 0x1340  [ FC631425ED761EA1F24738AA15FF5A7D, CB8CE73E35B8C44B8F61EE2E72826225E60C1F6B40613727409F898A91D39AF0 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:35:11.0020 0x1340  mdmxsdk - ok
09:35:11.0040 0x1340  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:35:11.0060 0x1340  megasas - ok
09:35:11.0080 0x1340  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:35:11.0100 0x1340  MegaSR - ok
09:35:11.0130 0x1340  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:35:11.0170 0x1340  MMCSS - ok
09:35:11.0190 0x1340  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:35:11.0240 0x1340  Modem - ok
09:35:11.0280 0x1340  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:35:11.0300 0x1340  monitor - ok
09:35:11.0330 0x1340  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:35:11.0340 0x1340  mouclass - ok
09:35:11.0360 0x1340  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:35:11.0410 0x1340  mouhid - ok
09:35:11.0450 0x1340  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:35:11.0470 0x1340  mountmgr - ok
09:35:11.0590 0x1340  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:35:11.0620 0x1340  MozillaMaintenance - ok
09:35:11.0650 0x1340  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:35:11.0670 0x1340  mpio - ok
09:35:11.0690 0x1340  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:35:11.0730 0x1340  mpsdrv - ok
09:35:11.0810 0x1340  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:35:11.0890 0x1340  MpsSvc - ok
09:35:11.0940 0x1340  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:35:11.0990 0x1340  MRxDAV - ok
09:35:12.0030 0x1340  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:35:12.0070 0x1340  mrxsmb - ok
09:35:12.0110 0x1340  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:35:12.0140 0x1340  mrxsmb10 - ok
09:35:12.0150 0x1340  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:35:12.0190 0x1340  mrxsmb20 - ok
09:35:12.0220 0x1340  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:35:12.0230 0x1340  msahci - ok
09:35:12.0260 0x1340  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:35:12.0270 0x1340  msdsm - ok
09:35:12.0290 0x1340  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:35:12.0320 0x1340  MSDTC - ok
09:35:12.0360 0x1340  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:35:12.0420 0x1340  Msfs - ok
09:35:12.0430 0x1340  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:35:12.0470 0x1340  mshidkmdf - ok
09:35:12.0490 0x1340  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:35:12.0500 0x1340  msisadrv - ok
09:35:12.0540 0x1340  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:35:12.0590 0x1340  MSiSCSI - ok
09:35:12.0600 0x1340  msiserver - ok
09:35:12.0620 0x1340  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:35:12.0670 0x1340  MSKSSRV - ok
09:35:12.0680 0x1340  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:35:12.0720 0x1340  MSPCLOCK - ok
09:35:12.0730 0x1340  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:35:12.0780 0x1340  MSPQM - ok
09:35:12.0850 0x1340  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:35:12.0880 0x1340  MsRPC - ok
09:35:12.0910 0x1340  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:35:12.0920 0x1340  mssmbios - ok
09:35:12.0940 0x1340  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:35:12.0990 0x1340  MSTEE - ok
09:35:13.0000 0x1340  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:35:13.0020 0x1340  MTConfig - ok
09:35:13.0030 0x1340  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:35:13.0050 0x1340  Mup - ok
09:35:13.0090 0x1340  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:35:13.0150 0x1340  napagent - ok
09:35:13.0190 0x1340  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:35:13.0240 0x1340  NativeWifiP - ok
09:35:13.0330 0x1340  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:35:13.0370 0x1340  NDIS - ok
09:35:13.0380 0x1340  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:35:13.0430 0x1340  NdisCap - ok
09:35:13.0441 0x1340  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:35:13.0491 0x1340  NdisTapi - ok
09:35:13.0541 0x1340  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:35:13.0591 0x1340  Ndisuio - ok
09:35:13.0621 0x1340  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:35:13.0661 0x1340  NdisWan - ok
09:35:13.0691 0x1340  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:35:13.0761 0x1340  NDProxy - ok
09:35:13.0791 0x1340  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:35:13.0841 0x1340  NetBIOS - ok
09:35:13.0881 0x1340  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:35:13.0921 0x1340  NetBT - ok
09:35:13.0931 0x1340  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:35:13.0951 0x1340  Netlogon - ok
09:35:13.0991 0x1340  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:35:14.0041 0x1340  Netman - ok
09:35:14.0111 0x1340  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0171 0x1340  NetMsmqActivator - ok
09:35:14.0181 0x1340  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0191 0x1340  NetPipeActivator - ok
09:35:14.0221 0x1340  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:35:14.0281 0x1340  netprofm - ok
09:35:14.0301 0x1340  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0321 0x1340  NetTcpActivator - ok
09:35:14.0331 0x1340  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0341 0x1340  NetTcpPortSharing - ok
09:35:14.0551 0x1340  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
09:35:14.0741 0x1340  netw5v64 - ok
09:35:14.0781 0x1340  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:35:14.0791 0x1340  nfrd960 - ok
09:35:14.0841 0x1340  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:35:14.0881 0x1340  NlaSvc - ok
09:35:14.0901 0x1340  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:35:14.0941 0x1340  Npfs - ok
09:35:14.0961 0x1340  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:35:15.0001 0x1340  nsi - ok
09:35:15.0011 0x1340  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:35:15.0051 0x1340  nsiproxy - ok
09:35:15.0161 0x1340  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:35:15.0221 0x1340  Ntfs - ok
09:35:15.0271 0x1340  [ 96ACBF3DDC38A52FEE115F577F36568F, DB8CB01971208C8D7A306A5FEDA39A3802195123E6B801DFB905B0E1934D3C96 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
09:35:15.0301 0x1340  NuidFltr - ok
09:35:15.0321 0x1340  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:35:15.0371 0x1340  Null - ok
09:35:15.0411 0x1340  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:35:15.0431 0x1340  nvraid - ok
09:35:15.0461 0x1340  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:35:15.0481 0x1340  nvstor - ok
09:35:15.0511 0x1340  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:35:15.0521 0x1340  nv_agp - ok
09:35:15.0541 0x1340  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:35:15.0561 0x1340  ohci1394 - ok
09:35:15.0611 0x1340  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:15.0651 0x1340  ose - ok
09:35:15.0841 0x1340  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:35:15.0983 0x1340  osppsvc - ok
09:35:16.0033 0x1340  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:35:16.0073 0x1340  p2pimsvc - ok
09:35:16.0103 0x1340  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:35:16.0143 0x1340  p2psvc - ok
09:35:16.0183 0x1340  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:35:16.0193 0x1340  Parport - ok
09:35:16.0243 0x1340  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:35:16.0283 0x1340  partmgr - ok
09:35:16.0313 0x1340  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:35:16.0343 0x1340  PcaSvc - ok
09:35:16.0363 0x1340  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:35:16.0383 0x1340  pci - ok
09:35:16.0403 0x1340  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:35:16.0413 0x1340  pciide - ok
09:35:16.0423 0x1340  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:35:16.0443 0x1340  pcmcia - ok
09:35:16.0443 0x1340  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:35:16.0463 0x1340  pcw - ok
09:35:16.0493 0x1340  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:35:16.0563 0x1340  PEAUTH - ok
09:35:16.0623 0x1340  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:35:16.0703 0x1340  PeerDistSvc - ok
09:35:16.0723 0x1340  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:35:16.0753 0x1340  PerfHost - ok
09:35:16.0853 0x1340  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:35:16.0943 0x1340  pla - ok
09:35:17.0023 0x1340  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:35:17.0073 0x1340  PlugPlay - ok
09:35:17.0093 0x1340  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:35:17.0123 0x1340  PNRPAutoReg - ok
09:35:17.0143 0x1340  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:35:17.0173 0x1340  PNRPsvc - ok
09:35:17.0193 0x1340  [ 34A8FAE065249F85A67A3215FF5ECB34, 913297755C1046BA004E79660B7DA5BBE5E92B96AAA83D78AE3FF379371950D5 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
09:35:17.0213 0x1340  Point64 - ok
09:35:17.0273 0x1340  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:35:17.0343 0x1340  PolicyAgent - ok
09:35:17.0373 0x1340  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:35:17.0413 0x1340  Power - ok
09:35:17.0533 0x1340  [ DEED60F99C5B8E386D507860F600D509, 1662F4F7C2CB305C6794B0FF546550393DC7C7FCC709C2D342A7092B446830AA ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
09:35:17.0603 0x1340  Power Manager DBC Service - ok
09:35:17.0663 0x1340  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:35:17.0723 0x1340  PptpMiniport - ok
09:35:17.0753 0x1340  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:35:17.0773 0x1340  Processor - ok
09:35:17.0813 0x1340  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:35:17.0863 0x1340  ProfSvc - ok
09:35:17.0883 0x1340  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:35:17.0903 0x1340  ProtectedStorage - ok
09:35:17.0923 0x1340  [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
09:35:17.0933 0x1340  psadd - ok
09:35:17.0983 0x1340  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:35:18.0033 0x1340  Psched - ok
09:35:18.0073 0x1340  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
09:35:18.0083 0x1340  PSI - ok
09:35:18.0213 0x1340  [ 68DCE950DCD2ABBB82362D383EC5836E, 5A3E0ABE32BA53A0D719757222455BE9308844C4968CA27B178C86BCF6FDC4DC ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
09:35:18.0263 0x1340  PwmEWSvc - ok
09:35:18.0373 0x1340  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:35:18.0443 0x1340  ql2300 - ok
09:35:18.0473 0x1340  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:35:18.0493 0x1340  ql40xx - ok
09:35:18.0513 0x1340  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:35:18.0553 0x1340  QWAVE - ok
09:35:18.0573 0x1340  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:35:18.0603 0x1340  QWAVEdrv - ok
09:35:18.0613 0x1340  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:35:18.0663 0x1340  RasAcd - ok
09:35:18.0693 0x1340  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:35:18.0733 0x1340  RasAgileVpn - ok
09:35:18.0743 0x1340  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:35:18.0793 0x1340  RasAuto - ok
09:35:18.0823 0x1340  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:35:18.0873 0x1340  Rasl2tp - ok
09:35:18.0923 0x1340  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:35:18.0963 0x1340  RasMan - ok
09:35:18.0993 0x1340  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:35:19.0043 0x1340  RasPppoe - ok
09:35:19.0053 0x1340  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:35:19.0103 0x1340  RasSstp - ok
09:35:19.0163 0x1340  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:35:19.0235 0x1340  rdbss - ok
09:35:19.0255 0x1340  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:35:19.0285 0x1340  rdpbus - ok
09:35:19.0305 0x1340  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:35:19.0345 0x1340  RDPCDD - ok
09:35:19.0385 0x1340  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:35:19.0425 0x1340  RDPDR - ok
09:35:19.0455 0x1340  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:35:19.0495 0x1340  RDPENCDD - ok
09:35:19.0505 0x1340  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:35:19.0555 0x1340  RDPREFMP - ok
09:35:19.0615 0x1340  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:35:19.0675 0x1340  RdpVideoMiniport - ok
09:35:19.0725 0x1340  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:35:19.0805 0x1340  RDPWD - ok
09:35:19.0865 0x1340  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:35:19.0895 0x1340  rdyboost - ok
09:35:19.0925 0x1340  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:35:19.0965 0x1340  RemoteAccess - ok
09:35:19.0995 0x1340  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:35:20.0035 0x1340  RemoteRegistry - ok
09:35:20.0065 0x1340  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:35:20.0105 0x1340  RFCOMM - ok
09:35:20.0125 0x1340  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:35:20.0165 0x1340  RpcEptMapper - ok
09:35:20.0185 0x1340  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:35:20.0205 0x1340  RpcLocator - ok
09:35:20.0255 0x1340  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:35:20.0305 0x1340  RpcSs - ok
09:35:20.0315 0x1340  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:35:20.0365 0x1340  rspndr - ok
09:35:20.0425 0x1340  [ 0583056B3E41CD3011D1E4764BE7E2B5, D3F6ACA0B1B620A79E65246B2E5975F9C722BDD2D8E65827C20509416CD8F7ED ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
09:35:20.0465 0x1340  rtl8192se - ok
09:35:20.0515 0x1340  [ 301FBA4594FB5C0A469299A65106B4AA, 53683D49420B4647DBA63B1A6328511620DF615EAE6F42221A16AD3D3B77EE19 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
09:35:20.0555 0x1340  s1018bus - ok
09:35:20.0585 0x1340  [ D1D7C744F79710357E60FC04D125ED01, E7C10217323887E2605872720BB36BAB5CF3E24BDA1365F033A79EBB817A397B ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
09:35:20.0605 0x1340  s1018mdfl - ok
09:35:20.0615 0x1340  [ 7DBE12CCCD837D4266B2DDD80A329C09, 557873A5D508471108F1756FEE5D88F80702D7CA3D7684B61046C1C5A80E14D9 ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
09:35:20.0625 0x1340  s1018mdm - ok
09:35:20.0645 0x1340  [ 065FF5E62D2D18A6D93FD925546CD549, 18D38DA96C618B96BE715E2E3F17C15E80468879DB68E3AAB333E0CBB3822070 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
09:35:20.0665 0x1340  s1018mgmt - ok
09:35:20.0705 0x1340  [ 5101D815BDF0D667E3D5F0EA727CAAEE, 070BCE2EE15DD067E794BF80A79011B646775E55EE848614DFD45E405420AB0D ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
09:35:20.0725 0x1340  s1018nd5 - ok
09:35:20.0745 0x1340  [ 13F220C65B444AC9BDA49DACFC3230BB, 996B46949AEE14D1D43D9D68759CA0EBA7C43B83363E2F2C674A9A0A249C7881 ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
09:35:20.0755 0x1340  s1018obex - ok
09:35:20.0795 0x1340  [ CE7D8BCE80211D8A35F6BD7A87791860, 93A5DEB41B5AA3F706EB5F601BB3CFF45B51310BBB3D0320A91B4A2CF9560B6D ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
09:35:20.0825 0x1340  s1018unic - ok
09:35:20.0855 0x1340  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:35:20.0875 0x1340  s3cap - ok
09:35:20.0895 0x1340  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:35:20.0905 0x1340  SamSs - ok
09:35:20.0935 0x1340  SANDRA - ok
09:35:20.0945 0x1340  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:35:20.0965 0x1340  sbp2port - ok
09:35:20.0995 0x1340  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:35:21.0035 0x1340  SCardSvr - ok
09:35:21.0075 0x1340  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:35:21.0115 0x1340  scfilter - ok
09:35:21.0195 0x1340  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:35:21.0285 0x1340  Schedule - ok
09:35:21.0315 0x1340  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:35:21.0345 0x1340  SCPolicySvc - ok
09:35:21.0385 0x1340  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
09:35:21.0415 0x1340  sdbus - ok
09:35:21.0475 0x1340  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:35:21.0525 0x1340  SDRSVC - ok
09:35:21.0675 0x1340  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
09:35:21.0725 0x1340  SDScannerService - ok
09:35:21.0805 0x1340  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:35:21.0865 0x1340  SDUpdateService - ok
09:35:21.0905 0x1340  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:35:21.0915 0x1340  SDWSCService - ok
09:35:21.0955 0x1340  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:35:22.0005 0x1340  secdrv - ok
09:35:22.0035 0x1340  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:35:22.0075 0x1340  seclogon - ok
09:35:22.0185 0x1340  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:35:22.0235 0x1340  Secunia PSI Agent - ok
09:35:22.0285 0x1340  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
09:35:22.0305 0x1340  Secunia Update Agent - ok
09:35:22.0335 0x1340  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:35:22.0385 0x1340  SENS - ok
09:35:22.0405 0x1340  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:35:22.0475 0x1340  SensrSvc - ok
09:35:22.0505 0x1340  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:35:22.0525 0x1340  Serenum - ok
09:35:22.0545 0x1340  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:35:22.0565 0x1340  Serial - ok
09:35:22.0595 0x1340  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:35:22.0655 0x1340  sermouse - ok
09:35:22.0705 0x1340  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:35:22.0775 0x1340  SessionEnv - ok
09:35:22.0785 0x1340  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:35:22.0815 0x1340  sffdisk - ok
09:35:22.0835 0x1340  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:35:22.0865 0x1340  sffp_mmc - ok
09:35:22.0865 0x1340  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:35:22.0885 0x1340  sffp_sd - ok
09:35:22.0905 0x1340  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:35:22.0915 0x1340  sfloppy - ok
09:35:22.0955 0x1340  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:35:22.0995 0x1340  SharedAccess - ok
09:35:23.0015 0x1340  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:35:23.0065 0x1340  ShellHWDetection - ok
09:35:23.0115 0x1340  [ C3F190562FE82EFDA7CCEF305EBAD3E3, BE809035A9B11945B3BB630F73A7651BBD4D1EA2091060378BCF7AD20003BBE4 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
09:35:23.0135 0x1340  Shockprf - ok
09:35:23.0165 0x1340  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:35:23.0185 0x1340  SiSRaid2 - ok
09:35:23.0195 0x1340  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:35:23.0215 0x1340  SiSRaid4 - ok
09:35:23.0285 0x1340  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:35:23.0325 0x1340  SkypeUpdate - ok
09:35:23.0355 0x1340  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:35:23.0415 0x1340  Smb - ok
09:35:23.0455 0x1340  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:35:23.0485 0x1340  SNMPTRAP - ok
09:35:23.0505 0x1340  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:35:23.0525 0x1340  spldr - ok
09:35:23.0575 0x1340  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:35:23.0625 0x1340  Spooler - ok
09:35:23.0775 0x1340  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:35:23.0925 0x1340  sppsvc - ok
09:35:23.0955 0x1340  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:35:23.0995 0x1340  sppuinotify - ok
09:35:24.0115 0x1340  [ 4C33F139236FD9BD14A920F60C1CB072, 806650B2AE7DC299DEC49C519E2452427B819213F863BFCC4188EDF075EAAD2D ] sptd            C:\Windows\System32\Drivers\sptd.sys
09:35:24.0155 0x1340  sptd - ok
09:35:24.0195 0x1340  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:35:24.0245 0x1340  srv - ok
09:35:24.0285 0x1340  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:35:24.0325 0x1340  srv2 - ok
09:35:24.0375 0x1340  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:35:24.0435 0x1340  SrvHsfHDA - ok
09:35:24.0495 0x1340  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:35:24.0555 0x1340  SrvHsfV92 - ok
09:35:24.0595 0x1340  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:35:24.0625 0x1340  SrvHsfWinac - ok
09:35:24.0655 0x1340  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:35:24.0685 0x1340  srvnet - ok
09:35:24.0715 0x1340  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:35:24.0755 0x1340  SSDPSRV - ok
09:35:24.0775 0x1340  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:35:24.0825 0x1340  SstpSvc - ok
09:35:24.0915 0x1340  [ B1691AF4A072CB674D600DB16DD7308E, 214E35001E7BA10E8C329CE8904E900AA54F9B35C5329F2FF20E3156D6F21A8E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:35:24.0945 0x1340  StarWindServiceAE - detected UnsignedFile.Multi.Generic ( 1 )
09:35:27.0405 0x1340  Detect skipped due to KSN trusted
09:35:27.0405 0x1340  StarWindServiceAE - ok
09:35:27.0445 0x1340  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:35:27.0485 0x1340  stexstor - ok
09:35:27.0535 0x1340  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:35:27.0605 0x1340  stisvc - ok
09:35:27.0655 0x1340  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:35:27.0665 0x1340  storflt - ok
09:35:27.0695 0x1340  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
09:35:27.0725 0x1340  StorSvc - ok
09:35:27.0755 0x1340  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:35:27.0765 0x1340  storvsc - ok
09:35:27.0855 0x1340  [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
09:35:27.0885 0x1340  SUService - ok
09:35:27.0915 0x1340  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:35:27.0935 0x1340  swenum - ok
09:35:28.0035 0x1340  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:35:28.0075 0x1340  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
09:35:30.0537 0x1340  Detect skipped due to KSN trusted
09:35:30.0537 0x1340  SwitchBoard - ok
09:35:30.0607 0x1340  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:35:30.0677 0x1340  swprv - ok
09:35:30.0807 0x1340  [ 858000A67EA3E7C18933C80317DCC36F, AA5672F7E69476CD1B6B50D69B06B20709DC1063292E2E5E1DE6E0442EB9F839 ] SynoDrService   C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
09:35:30.0847 0x1340  SynoDrService - detected UnsignedFile.Multi.Generic ( 1 )
09:35:33.0317 0x1340  Detect skipped due to KSN trusted
09:35:33.0317 0x1340  SynoDrService - ok
09:35:33.0437 0x1340  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:35:33.0518 0x1340  SysMain - ok
09:35:33.0558 0x1340  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:35:33.0588 0x1340  TabletInputService - ok
09:35:33.0618 0x1340  [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
09:35:33.0628 0x1340  taphss - ok
09:35:33.0668 0x1340  [ BD06799129D17F9BE08E2F6C168BBCF0, B115A49B14E241B4CE03274878A7ACFA9004603A08BD265BD7F75424E5FBB8F4 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
09:35:33.0698 0x1340  taphss6 - ok
09:35:33.0728 0x1340  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:35:33.0798 0x1340  TapiSrv - ok
09:35:33.0818 0x1340  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:35:33.0858 0x1340  TBS - ok
09:35:33.0968 0x1340  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:35:34.0038 0x1340  Tcpip - ok
09:35:34.0088 0x1340  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:35:34.0148 0x1340  TCPIP6 - ok
09:35:34.0188 0x1340  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:35:34.0208 0x1340  tcpipreg - ok
09:35:34.0228 0x1340  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:35:34.0268 0x1340  TDPIPE - ok
09:35:34.0308 0x1340  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:35:34.0318 0x1340  TDTCP - ok
09:35:34.0368 0x1340  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:35:34.0458 0x1340  tdx - ok
09:35:34.0628 0x1340  [ 5E53CF8AD0FD33B35000C113656AB37B, D274DABC4DB03AC5B915F5111FF1218F4F2F9EC93B4A64E426BB7AD27A16C7A1 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:35:34.0698 0x1340  TeamViewer7 - ok
09:35:34.0738 0x1340  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:35:34.0758 0x1340  TermDD - ok
09:35:34.0828 0x1340  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
09:35:34.0888 0x1340  TermService - ok
09:35:34.0908 0x1340  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:35:34.0948 0x1340  Themes - ok
09:35:35.0028 0x1340  [ 39AC444E07FDBD8C2E8E291A65D515D3, 4BFAEF295168AF4A78D3DE456B3819368BF55302EB17E1DB5391BDABB0E577A4 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:35:35.0078 0x1340  ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic ( 1 )
09:35:37.0538 0x1340  Detect skipped due to KSN trusted
09:35:37.0538 0x1340  ThinkVantage Registry Monitor Service - ok
09:35:37.0618 0x1340  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:35:37.0688 0x1340  THREADORDER - ok
09:35:37.0768 0x1340  [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
09:35:37.0808 0x1340  TomTomHOMEService - ok
09:35:37.0848 0x1340  [ 40825EE87AC6291619977AF5244A902E, D69526861A1B0D3D4CC99C934E25EF42A7720227954B4B93D5183EDEE8ACA20A ] Tp4Track        C:\Windows\system32\DRIVERS\tp4track.sys
09:35:37.0858 0x1340  Tp4Track - ok
09:35:37.0908 0x1340  [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E, 6C22ED2FC9FF1EDFAFFA9C5F89A65D348B45F0087885401D056D6448F56F97AF ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
09:35:37.0938 0x1340  TPDIGIMN - ok
09:35:37.0978 0x1340  [ 88F81D810FF16AC65B02643DAF308D4F, FDD4AFD1836D2CB528F92A788CEEC0D7800CC18B861E7D7601DA69543F0AD315 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
09:35:37.0998 0x1340  TPHDEXLGSVC - ok
09:35:38.0028 0x1340  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
09:35:38.0058 0x1340  TPM - ok
09:35:38.0078 0x1340  [ 1DF6E6C026AD1D428687FE3B427A87BC, DA8F17A1030A0DEC81F5356B4DC99EC1F93FAD1292779191FDD53FEE530F9520 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
09:35:38.0088 0x1340  TPPWRIF - ok
09:35:38.0108 0x1340  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:35:38.0158 0x1340  TrkWks - ok
09:35:38.0228 0x1340  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:35:38.0298 0x1340  TrustedInstaller - ok
09:35:38.0338 0x1340  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:35:38.0368 0x1340  tssecsrv - ok
09:35:38.0398 0x1340  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:35:38.0458 0x1340  TsUsbFlt - ok
09:35:38.0518 0x1340  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:35:38.0598 0x1340  tunnel - ok
09:35:38.0688 0x1340  [ 4581A61AD590BC3CCDF2759D0BDD69FC, 1D48CC783CF6112B342C3C9A10A539C14FB1C22B5F019463DC22E60E88838023 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
09:35:38.0738 0x1340  TVT Backup Service - ok
09:35:38.0768 0x1340  [ FCFA0CFF6C50FF3A58A22A15EA2A9FE5, D9E9A2817FA1B672B0FB10892ADEF0EF634BC34AC08BE0B43A57D528E98938BF ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
09:35:38.0778 0x1340  TVTI2C - ok
09:35:38.0798 0x1340  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:35:38.0808 0x1340  uagp35 - ok
09:35:38.0868 0x1340  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:35:38.0928 0x1340  udfs - ok
09:35:38.0958 0x1340  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:35:38.0978 0x1340  UI0Detect - ok
09:35:38.0988 0x1340  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:35:38.0998 0x1340  uliagpkx - ok
09:35:39.0028 0x1340  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:35:39.0048 0x1340  umbus - ok
09:35:39.0078 0x1340  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:35:39.0108 0x1340  UmPass - ok
09:35:39.0148 0x1340  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:35:39.0198 0x1340  UmRdpService - ok
09:35:39.0308 0x1340  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:35:39.0328 0x1340  UMVPFSrv - ok
09:35:39.0368 0x1340  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:35:39.0428 0x1340  upnphost - ok
09:35:39.0468 0x1340  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
09:35:39.0498 0x1340  USBAAPL64 - ok
09:35:39.0558 0x1340  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:35:39.0578 0x1340  usbaudio - ok
09:35:39.0618 0x1340  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:35:39.0668 0x1340  usbccgp - ok
09:35:39.0698 0x1340  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:35:39.0738 0x1340  usbcir - ok
09:35:39.0828 0x1340  [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
09:35:39.0858 0x1340  UsbClientService - ok
09:35:39.0888 0x1340  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:35:39.0908 0x1340  usbehci - ok
09:35:39.0988 0x1340  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:35:40.0028 0x1340  usbhub - ok
09:35:40.0068 0x1340  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:35:40.0078 0x1340  usbohci - ok
09:35:40.0108 0x1340  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:35:40.0138 0x1340  usbprint - ok
09:35:40.0168 0x1340  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:35:40.0208 0x1340  USBSTOR - ok
09:35:40.0248 0x1340  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:35:40.0268 0x1340  usbuhci - ok
09:35:40.0328 0x1340  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:35:40.0368 0x1340  usbvideo - ok
09:35:40.0428 0x1340  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
09:35:40.0468 0x1340  usb_rndisx - ok
09:35:40.0508 0x1340  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:35:40.0568 0x1340  UxSms - ok
09:35:40.0588 0x1340  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:35:40.0608 0x1340  VaultSvc - ok
09:35:40.0638 0x1340  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:35:40.0648 0x1340  vdrvroot - ok
09:35:40.0708 0x1340  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:35:40.0768 0x1340  vds - ok
09:35:40.0788 0x1340  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:35:40.0808 0x1340  vga - ok
09:35:40.0818 0x1340  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:35:40.0868 0x1340  VgaSave - ok
09:35:40.0888 0x1340  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:35:40.0908 0x1340  vhdmp - ok
09:35:40.0938 0x1340  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:35:40.0948 0x1340  viaide - ok
09:35:40.0968 0x1340  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:35:40.0988 0x1340  vmbus - ok
09:35:40.0998 0x1340  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:35:41.0018 0x1340  VMBusHID - ok
09:35:41.0038 0x1340  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:35:41.0058 0x1340  volmgr - ok
09:35:41.0098 0x1340  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:35:41.0118 0x1340  volmgrx - ok
09:35:41.0138 0x1340  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:35:41.0158 0x1340  volsnap - ok
09:35:41.0198 0x1340  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:35:41.0208 0x1340  vsmraid - ok
09:35:41.0298 0x1340  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:35:41.0390 0x1340  VSS - ok
09:35:41.0410 0x1340  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:35:41.0430 0x1340  vwifibus - ok
09:35:41.0440 0x1340  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:35:41.0470 0x1340  vwififlt - ok
09:35:41.0500 0x1340  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:35:41.0530 0x1340  vwifimp - ok
09:35:41.0560 0x1340  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:35:41.0620 0x1340  W32Time - ok
09:35:41.0650 0x1340  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:35:41.0670 0x1340  WacomPen - ok
09:35:41.0720 0x1340  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:35:41.0800 0x1340  WANARP - ok
09:35:41.0800 0x1340  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:35:41.0840 0x1340  Wanarpv6 - ok
09:35:41.0930 0x1340  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:35:41.0990 0x1340  WatAdminSvc - ok
09:35:42.0090 0x1340  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:35:42.0170 0x1340  wbengine - ok
09:35:42.0200 0x1340  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:35:42.0240 0x1340  WbioSrvc - ok
09:35:42.0300 0x1340  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:35:42.0340 0x1340  wcncsvc - ok
09:35:42.0360 0x1340  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:35:42.0390 0x1340  WcsPlugInService - ok
09:35:42.0420 0x1340  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:35:42.0430 0x1340  Wd - ok
09:35:42.0490 0x1340  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:35:42.0520 0x1340  Wdf01000 - ok
09:35:42.0560 0x1340  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:35:42.0640 0x1340  WdiServiceHost - ok
09:35:42.0640 0x1340  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:35:42.0670 0x1340  WdiSystemHost - ok
09:35:42.0700 0x1340  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:35:42.0730 0x1340  WebClient - ok
09:35:42.0750 0x1340  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:35:42.0800 0x1340  Wecsvc - ok
09:35:42.0820 0x1340  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:35:42.0870 0x1340  wercplsupport - ok
09:35:42.0900 0x1340  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:35:42.0940 0x1340  WerSvc - ok
09:35:42.0960 0x1340  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:35:43.0000 0x1340  WfpLwf - ok
09:35:43.0010 0x1340  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:35:43.0030 0x1340  WIMMount - ok
09:35:43.0080 0x1340  [ 7387CE6730BAAB8254DA0CE3776A4B28, 75397B2965350A8BB571F2DDD61869FD9A92481E4777922FA11ADCAC03D652EB ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:35:43.0110 0x1340  winachsf - ok
09:35:43.0190 0x1340  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:35:43.0250 0x1340  Winmgmt - ok
09:35:43.0370 0x1340  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:35:43.0480 0x1340  WinRM - ok
09:35:43.0540 0x1340  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:35:43.0560 0x1340  WinUsb - ok
09:35:43.0630 0x1340  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:35:43.0680 0x1340  Wlansvc - ok
09:35:43.0700 0x1340  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:35:43.0720 0x1340  WmiAcpi - ok
09:35:43.0750 0x1340  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:35:43.0770 0x1340  wmiApSrv - ok
09:35:43.0800 0x1340  WMPNetworkSvc - ok
09:35:43.0810 0x1340  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:35:43.0850 0x1340  WPCSvc - ok
09:35:43.0880 0x1340  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:35:43.0920 0x1340  WPDBusEnum - ok
09:35:43.0950 0x1340  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:35:44.0010 0x1340  ws2ifsl - ok
09:35:44.0010 0x1340  WSearch - ok
09:35:44.0140 0x1340  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:35:44.0220 0x1340  wuauserv - ok
09:35:44.0250 0x1340  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:35:44.0330 0x1340  WudfPf - ok
09:35:44.0360 0x1340  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:35:44.0390 0x1340  WUDFRd - ok
09:35:44.0440 0x1340  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:35:44.0470 0x1340  wudfsvc - ok
09:35:44.0511 0x1340  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:35:44.0561 0x1340  WwanSvc - ok
09:35:44.0601 0x1340  [ 9907BC1CC78C37073AC78A4541710B61, 4340CCD4C23E94DEC970D36EEF0B4EEBAF1C2D41EB3302CFBF6BCD02482B399C ] XAudio          C:\Windows\system32\DRIVERS\XAudio64.sys
09:35:44.0611 0x1340  XAudio - ok
09:35:44.0631 0x1340  ================ Scan global ===============================
09:35:44.0651 0x1340  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:35:44.0711 0x1340  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:35:44.0741 0x1340  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:35:44.0761 0x1340  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:35:44.0791 0x1340  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:35:44.0801 0x1340  [ Global ] - ok
09:35:44.0801 0x1340  ================ Scan MBR ==================================
09:35:44.0811 0x1340  [ 70A8A069808E30A224B4CD20263DFFCC ] \Device\Harddisk0\DR0
09:35:45.0091 0x1340  \Device\Harddisk0\DR0 - ok
09:35:45.0091 0x1340  ================ Scan VBR ==================================
09:35:45.0101 0x1340  [ 17216C3CF48C815252C189093B8D1007 ] \Device\Harddisk0\DR0\Partition1
09:35:45.0101 0x1340  \Device\Harddisk0\DR0\Partition1 - ok
09:35:45.0111 0x1340  [ 53CD7C62F09EE9674E0D479A81B017C2 ] \Device\Harddisk0\DR0\Partition2
09:35:45.0111 0x1340  \Device\Harddisk0\DR0\Partition2 - ok
09:35:45.0121 0x1340  [ 029736F12C6F859E12613337DC06327D ] \Device\Harddisk0\DR0\Partition3
09:35:45.0121 0x1340  \Device\Harddisk0\DR0\Partition3 - ok
09:35:45.0121 0x1340  ================ Scan generic autorun ======================
09:35:45.0121 0x1340  TrackPointSrv - ok
09:35:45.0181 0x1340  [ 2508FA41A1B58C97D94FFF044111492F, 656AC5EC110C5F8CE68CE1962D6B2CBD47EE6CE20A181C88BB1E5481793F0578 ] C:\Windows\system32\TpShocks.exe
09:35:45.0211 0x1340  TpShocks - ok
09:35:45.0271 0x1340  [ B0C52A038B318257412437F99406D39F, 6ABCEB2AC7883CE97C24394A4F113DE13F717ED80B94FAEBCE8BE1A5FE3BD7D2 ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
09:35:45.0301 0x1340  AcWin7Hlpr - ok
09:35:45.0371 0x1340  [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
09:35:45.0401 0x1340  SmartAudio - ok
09:35:45.0481 0x1340  [ 4772BE01974A4978D508F0CD835BF8F2, E08CDDF671B1993A249D1B91251A8254229963A5B23B94976811DFA19F085EFA ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
09:35:45.0511 0x1340  LENOVO.TPKNRRES - ok
09:35:45.0591 0x1340  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
09:35:45.0631 0x1340  AdobeAAMUpdater-1.0 - ok
09:35:45.0671 0x1340  [ 50358FE4EE8F08B5F5785BA4D6747E69, BA45DDB6134AC5FE222A7F8D1B5F9B9E1AD3156195619A0D73BC57C291F50B4C ] C:\Windows\system32\igfxtray.exe
09:35:45.0691 0x1340  IgfxTray - ok
09:35:45.0701 0x1340  [ 3E7C1322633001E2140A0ACFC9E4397A, 35A23CA35A291695D36DF897E975F1923BDF5A668D298BAB18CF9A9A707919AE ] C:\Windows\system32\hkcmd.exe
09:35:45.0721 0x1340  HotKeysCmds - ok
09:35:45.0741 0x1340  [ 2A5AD11A7FBEC34B0D9F09B7157F516A, 80B569E2140DEF4F2919AA83B6757F026D8FA5E61D5050051BCB7FFB0604CE34 ] C:\Windows\system32\igfxpers.exe
09:35:45.0761 0x1340  Persistence - ok
09:35:45.0791 0x1340  Snipping Tool Plus - ok
09:35:45.0801 0x1340  PWMTRV - ok
09:35:45.0831 0x1340  [ 3B376496187AB240FAC6ECD7BD1251F6, 2E8C5EEAB01261301260FFE4FC82DAA69344D1FE538D60895AF22AEFECED5C89 ] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
09:35:45.0841 0x1340  Message Center Plus - ok
09:35:45.0941 0x1340  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:35:46.0001 0x1340  Sidebar - ok
09:35:46.0031 0x1340  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:35:46.0061 0x1340  mctadmin - ok
09:35:46.0101 0x1340  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:35:46.0141 0x1340  Sidebar - ok
09:35:46.0151 0x1340  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:35:46.0171 0x1340  mctadmin - ok
09:35:46.0533 0x1340  [ F67AC258A97573CD2901BC4FDB39F504, C7072F9C43DEA299EFBEE009D1ECD1225138FEC79CCB30077A00C59F5C65F903 ] C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
09:35:46.0903 0x1340  Data Replicator 3 - detected UnsignedFile.Multi.Generic ( 1 )
09:35:56.0999 0x1340  Data Replicator 3 ( UnsignedFile.Multi.Generic ) - warning
09:35:56.0999 0x1340  Force sending object to P2P due to detect: C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
09:36:00.0665 0x1340  Object send P2P result: true
09:36:03.0239 0x1340  [ 528C31AC57D7DC707DACD2F1EE28D4C6, 5B07E7228B8A4543C04CC7758A2B34C494C57E6C5CDABB251241EA2866382D8C ] C:\Program Files (x86)\Ditto\Ditto.exe
09:36:03.0286 0x1340  Ditto - detected UnsignedFile.Multi.Generic ( 1 )
09:36:05.0782 0x1340  Detect skipped due to KSN trusted
09:36:05.0782 0x1340  Ditto - ok
09:36:05.0922 0x1340  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
09:36:05.0953 0x1340  Google Update - ok
09:36:05.0953 0x1340  Waiting for KSN requests completion. In queue: 1
09:36:06.0967 0x1340  Waiting for KSN requests completion. In queue: 1
09:36:07.0981 0x1340  Waiting for KSN requests completion. In queue: 1
09:36:09.0073 0x1340  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe (  ), 0x41000 ( enabled : updated )
09:36:09.0104 0x1340  Win FW state via NFP2: enabled
09:36:11.0554 0x1340  ============================================================
09:36:11.0554 0x1340  Scan finished
09:36:11.0554 0x1340  ============================================================
09:36:11.0569 0x02d8  Detected object count: 1
09:36:11.0569 0x02d8  Actual detected object count: 1
09:36:53.0939 0x02d8  Data Replicator 3 ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:53.0939 0x02d8  Data Replicator 3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Der Data Replicator sollte eigentlich o.k. sein. Ist ein Tool von Synology zum Erstellen von Backups auf NAS...
__________________

Alt 02.09.2014, 20:27   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2014, 21:32   #5
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Combofix Logfile:

Code:
ATTFilter
ComboFix 14-08-31.01 - ***** 02.09.2014  21:04:18.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3992.1890 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\MLPS\apps\CBEd\CBE\ACTIVATION_104\_desktop.ini
c:\program files\MLPS\apps\CBEd\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\*****\g2mdlhlpx.exe
c:\users\Public\sdelevURL.tmp
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
E:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-02 bis 2014-09-02  ))))))))))))))))))))))))))))))
.
.
2014-09-02 19:14 . 2014-09-02 19:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-02 06:46 . 2014-09-02 08:09	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-02 06:46 . 2014-09-02 07:14	128728	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-02 06:42 . 2014-09-02 07:13	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-01 20:51 . 2014-09-01 20:53	--------	d-----w-	C:\FRST
2014-08-29 06:31 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-29 06:31 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-29 06:31 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-26 22:38 . 2014-08-26 22:38	--------	d-----w-	c:\users\*****\AppData\Roaming\MPEG Streamclip
2014-08-25 07:22 . 2014-08-25 07:22	--------	d-----w-	c:\program files\iPod
2014-08-25 07:22 . 2014-08-25 07:22	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 07:22 . 2014-08-25 07:22	--------	d-----w-	c:\program files\iTunes
2014-08-19 12:43 . 2014-08-19 14:05	--------	d-----w-	c:\programdata\HitmanPro
2014-08-19 03:50 . 2013-09-20 08:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2014-08-19 03:49 . 2014-08-19 03:59	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-16 11:52 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-16 11:52 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-16 11:52 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-16 11:52 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-16 11:52 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-16 11:52 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-16 11:50 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 11:50 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-12 17:12 . 2014-07-25 12:08	597504	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-08-12 17:11 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-12 17:11 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-08-08 19:11 . 2014-08-08 19:11	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-08-08 19:10 . 2014-08-08 19:10	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 17:20 . 2014-08-05 17:20	227728	----a-w-	c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2014-08-05 17:20 . 2014-08-05 17:20	227728	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 13:25 . 2011-04-04 14:01	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-07-31 09:04 . 2011-11-04 10:46	733184	----a-w-	c:\windows\system32\Snipping Tool Plus.exe
2014-07-08 22:41 . 2012-04-29 21:35	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 22:41 . 2011-05-20 11:21	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-10 07:47	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 07:47	646144	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 07:46	624128	----a-w-	c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 07:46	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 07:44	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 07:44	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 07:44	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Data Replicator 3"="c:\program files (x86)\Synology Data Replicator  3\Backup.exe" [2013-06-28 11590528]
"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2010-12-23 831488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-18 3890208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys;c:\windows\SYSNATIVE\DRIVERS\AQFileRestore.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AWRScheduler;Advanced Web Ranking Scheduler;c:\program files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe;c:\program files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys;c:\windows\SYSNATIVE\DRIVERS\tp4track.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:41]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 07:49]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 07:49]
.
2014-08-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2014-08-29 c:\windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
- c:\program files (x86)\Synology Data Replicator  3\Backup.exe [2013-06-28 09:35]
.
2014-09-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-26 22:25	290888	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-06 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-06 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-06 417560]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/adsense/?hl=de
FF - prefs.js: keyword.URL - www.google.com/search?q
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
HKLM-Run-TrackPointSrv - c:\program files (x86)\Lenovo\TrackPoint\tp4serv.exe
HKLM-Run-Snipping Tool Plus - c:\users\*****\Desktop\Snipping Tool Plus.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-02  21:23:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-02 19:23
.
Vor Suchlauf: 12 Verzeichnis(se), 118.530.822.144 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 118.338.711.552 Bytes frei
.
- - End Of File - - E9EB7AAA33B64BA195845B01982E4E4F
         
--- --- ---
70A8A069808E30A224B4CD20263DFFCC


Alt 03.09.2014, 15:03   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 7: FTP-Passwörter geknackt

Alt 03.09.2014, 17:32   #7
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Weiter geht's...

Malwarebytes Anti-Malware
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.09.2014
Suchlauf-Zeit: 15:42:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.03.04
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328814
Verstrichene Zeit: 15 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4095381569-4012469814-2939302448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [a59bb633215ac373d2065fd94cb860a0], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-4095381569-4012469814-2939302448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [211f5f8af8830432d1ccb160d033c53b], 

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4095381569-4012469814-2939302448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1T1U1L2W1TtGyEtF1W, In Quarantäne, [a59bb633215ac373d2065fd94cb860a0]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
PUP.Optional.OpenCandy, C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, In Quarantäne, [4ef26089d7a4d16577ffd63b3fc68878], 
PUP.Optional.OpenCandy, C:\Users\*****\Downloads\veetle-0.9.18.exe, In Quarantäne, [0f3126c37cffe2545a1c61b06d9844bc], 
PUP.Optional.Softonic, C:\Users\*****\Downloads\SoftonicDownloader_for_xenus-link-sleuth.exe, In Quarantäne, [08389a4fa7d42f07533055bd35ccac54], 
PUP.Optional.Conduit.A, C:\Users\*****\Downloads\HSS-2.04-install-anchorfree-244-ask4.exe, In Quarantäne, [c27ead3cd3a87cba0081ff555da4649c], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

AdwCleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 16:55:54
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - THINKTANK
# Gestartet von : C:\Users\*****\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freemind_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freemind_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");

-\\ Google Chrome v

[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4878 octets] - [03/09/2014 16:50:35]
AdwCleaner[R1].txt - [4938 octets] - [03/09/2014 16:55:05]
AdwCleaner[S0].txt - [4570 octets] - [03/09/2014 16:55:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4630 octets] ##########
         
--- --- ---

[/CODE]


Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by ***** on 03.09.2014 at 17:08:11,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4095381569-4012469814-2939302448-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D0687E1-170A-4BC6-9B30-C0E863DDAE84}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rd8c9pzz.default\prefs.js

user_pref("extensions.seoquake.disable-baidu", true);
user_pref("extensions.seoquake.params.0.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rd8c9pzz.default\minidumps [249 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2014 at 17:17:28,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ***** (administrator) on THINKTANK on 03-09-2014 17:20:07
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:50 - 2014-09-03 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:33 - 2014-09-03 16:46 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:39 - 2014-09-03 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-03 15:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 20:34 - 2014-09-02 21:23 - 00000000 ____D () C:\Qoobox
2014-09-02 20:28 - 2014-09-02 20:29 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:19 - 2014-09-02 18:20 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 14:10 - 2014-09-02 14:24 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:46 - 2014-09-03 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 08:46 - 2014-09-02 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 08:42 - 2014-09-02 09:30 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 08:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:08 - 2014-09-02 00:11 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 22:53 - 2014-09-01 23:17 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 22:51 - 2014-09-03 17:20 - 00026690 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-03 17:20 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 23:10 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:42 - 2014-08-19 14:43 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-11 21:50 - 2014-08-11 21:51 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 17:20 - 2014-09-01 22:51 - 00026690 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-03 17:20 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-03 17:20 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 17:04 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 17:04 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 16:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 16:56 - 2014-09-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:56 - 2011-04-07 11:13 - 00326354 _____ () C:\Windows\PFRO.log
2014-09-03 16:56 - 2011-03-30 10:32 - 02062651 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 16:56 - 2009-07-14 06:51 - 00232825 _____ () C:\Windows\setupact.log
2014-09-03 16:47 - 2014-09-02 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 16:46 - 2014-09-03 16:33 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 16:43 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-09-03 16:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 16:36 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-03 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-03 16:29 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-03 15:50 - 2013-10-07 11:26 - 00007602 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-09-03 15:48 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:40 - 2014-09-03 15:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 15:33 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-03 12:45 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-09-03 09:00 - 2012-01-13 10:40 - 00030274 _____ () C:\Windows\system32\lvcoinst.log
2014-09-03 09:00 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-03 09:00 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:38 - 2014-04-27 00:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 21:38 - 2013-12-29 13:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 21:38 - 2012-07-06 10:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 21:38 - 2012-04-24 14:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 21:38 - 2012-04-24 14:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:23 - 2014-09-02 20:34 - 00000000 ____D () C:\Qoobox
2014-09-02 21:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-02 21:21 - 2012-04-24 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-09-02 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:15 - 2009-07-14 04:34 - 83099648 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 21:13 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-02 20:29 - 2014-09-02 20:28 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-02 18:20 - 2014-09-02 18:19 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 15:16 - 2011-04-04 15:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-09-02 14:24 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 10:09 - 2014-09-02 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 09:30 - 2014-09-02 08:42 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:11 - 2014-09-02 00:08 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 23:17 - 2014-09-01 22:53 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 23:10 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:53 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 22:53 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 22:53 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 12:12 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-08-30 15:47 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:43 - 2014-08-19 14:42 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-11 21:51 - 2014-08-11 21:50 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:11 - 2013-10-16 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 21:10 - 2011-03-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Java

ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 16:14

==================== End Of Log ============================
         
--- --- ---

Alt 04.09.2014, 12:31   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.09.2014, 23:28   #9
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Die Frage, ob es noch Probleme gibt, kann ich nicht zweifelsfrei beantworten da ich bis jetzt noch nicht verstanden habe, wie bzw. warum per FTP Schadcode auf den Homepages verbreitet werden konnte. Geben die diversen Logfiles denn hier "Auskunft" bzw. kann man sagen, dass dafür ein bestimmter oder mehrere Trojaner dahinter stecken?

Hier jedenfalls die neuen Logs:


ESET Online Scanner
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=426cc19a128d544ea10f03aafabce21e
# engine=19998
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-04 04:01:45
# local_time=2014-09-04 06:01:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 121279 174266995 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34807 161476355 0 0
# scanned=550440
# found=19
# cleaned=0
# scan_time=16076
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=FF845FE37828470911D106733E222D071880F00B ft=1 fh=e038bfdb57a9e139 vn="Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK41XVJD\20140828105185[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5QWU3FE\WajamChecker[1].exe"
sh=5028FC8F8BD2CA286274254AA7EE66ED222AAFAA ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\themes\carrington-blog\theme.php"
sh=085DF67C30A3C682F7C5A29927F8F2555202ECA7 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\uploads\carrington-blog.zip"
sh=085DF67C30A3C682F7C5A29927F8F2555202ECA7 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\uploads\carrington-blog1.zip"
sh=085DF67C30A3C682F7C5A29927F8F2555202ECA7 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\uploads\carrington-blog2.zip"
sh=04EA5B356FCC949AD24B5058B7E9BCD14CBCA61D ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20140324_Redaxo_VERSEUCHT\rex\index.php"
sh=5AC22BDF2BB2EB21D833A7FEC4CA7A47D81529A5 ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20140324_Redaxo_VERSEUCHT\rex\redaxo\index.php"
sh=9B0548C3BD40BCB71F64332DA3D6EEF2539E1CEE ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\hoeferjungnitsch\index_120431.html"
sh=8C60E7EFBD55AEDAFF58BFE26EB41409D873599F ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\20140901_Logs\gantry_VIRUS_php_trojan_2.UNOFFICIAL_index.php"
sh=A3926785ED3AD71D0B818E7D700AB89F6A460E3B ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\20140901_Logs\VIRUS_php_trojan_03.UNOFFICIAL_index.php"
sh=9B787342B5163114C137203D5E466372E7441C7B ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\20140901_Logs\VIRUS_php_trojan_2.UNOFFICIAL_index.php"
sh=3779A8D5418B0CF7B378458BB4155FC14D4E540F ft=0 fh=0000000000000000 vn="PHP/Agent.NBF Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Homepage_20121001\joomla\images\post.php"
sh=3779A8D5418B0CF7B378458BB4155FC14D4E540F ft=0 fh=0000000000000000 vn="PHP/Agent.NBF Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Homepage_20121014_Virenfrei\joomla\images\post.php"
sh=3779A8D5418B0CF7B378458BB4155FC14D4E540F ft=0 fh=0000000000000000 vn="PHP/Agent.NBF Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Homepage_Jupgrade_20130305\jupgrade\images\post.php"
sh=02626CD30AD07B329B4DA263226113C356A08939 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBS Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Logs\logs\VIRUS_PHP.Shell-38_version.php"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=5DE4084222A4AF0D57FF89E0A8F32D7654EEA9F5 ft=1 fh=20b3f2bda540ff2c vn="Win32/TopMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\vshare-plugin.exe"
         

Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ***** (administrator) on THINKTANK on 04-09-2014 23:19:42
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(TweetAdder.com) C:\Program Files (x86)\TweetAdder4\TweetAdder4.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(IDM Computer Solutions, Inc.) C:\Program Files (x86)\UltraEdit-32\uedit32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:50 - 2014-09-03 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:33 - 2014-09-03 16:46 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:39 - 2014-09-03 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-03 15:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 20:34 - 2014-09-02 21:23 - 00000000 ____D () C:\Qoobox
2014-09-02 20:28 - 2014-09-02 20:29 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:19 - 2014-09-02 18:20 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 14:10 - 2014-09-02 14:24 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:46 - 2014-09-03 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 08:46 - 2014-09-02 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 08:42 - 2014-09-02 09:30 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 08:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:08 - 2014-09-02 00:11 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 22:53 - 2014-09-01 23:17 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 22:51 - 2014-09-04 23:20 - 00027714 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-04 23:19 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 23:10 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 23:20 - 2014-09-01 22:51 - 00027714 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-04 23:20 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-04 23:19 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-04 22:57 - 2011-03-30 10:32 - 01122265 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 22:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 22:31 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-04 13:24 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-04 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-09-04 09:33 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-04 09:25 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-04 09:00 - 2012-01-13 10:40 - 00030870 _____ () C:\Windows\system32\lvcoinst.log
2014-09-04 09:00 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-04 09:00 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-04 09:00 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-04 08:42 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-09-04 08:11 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 08:11 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 08:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 08:03 - 2009-07-14 06:51 - 00232937 _____ () C:\Windows\setupact.log
2014-09-03 19:30 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-03 19:30 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-03 19:30 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 17:32 - 2011-05-24 10:25 - 00000000 ____D () C:\Users\*****\Downloads\DesktopOK251_x64
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:56 - 2014-09-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:56 - 2011-04-07 11:13 - 00326354 _____ () C:\Windows\PFRO.log
2014-09-03 16:47 - 2014-09-02 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 16:46 - 2014-09-03 16:33 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 16:43 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-09-03 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-03 15:50 - 2013-10-07 11:26 - 00007602 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:40 - 2014-09-03 15:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 15:33 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:38 - 2014-04-27 00:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 21:38 - 2013-12-29 13:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 21:38 - 2012-07-06 10:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 21:38 - 2012-04-24 14:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 21:38 - 2012-04-24 14:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:23 - 2014-09-02 20:34 - 00000000 ____D () C:\Qoobox
2014-09-02 21:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-02 21:21 - 2012-04-24 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-09-02 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:15 - 2009-07-14 04:34 - 83099648 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 20:29 - 2014-09-02 20:28 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:20 - 2014-09-02 18:19 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 15:16 - 2011-04-04 15:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-09-02 14:24 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 10:09 - 2014-09-02 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 09:30 - 2014-09-02 08:42 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:11 - 2014-09-02 00:08 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 23:17 - 2014-09-01 22:53 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 23:10 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-08-30 15:47 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-25 06:53 - 2011-04-04 14:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:11 - 2013-10-16 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 21:10 - 2011-03-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Java

ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 16:14

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 05.09.2014, 21:06   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Schau mal in die ESET Funde, das sollte das schon erklären.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.09.2014, 00:11   #11
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



O.K.
Bei den meisten Funden handelt es sich "verseuchte" Versionen, die lokal abgespeichert wurden bevor ein Backup eingespielt wurde.... Klingt jetzt naiv, aber können diese Dateien trotzdem Schaden anrichten?

Hier das Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by ***** at 2014-09-06 00:00:13 Run:2
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@        
*****************

ZeroAccess: => Error: No automatic fix found for this entry.
C:\Users\*****\AppData\Local\fc25d5a8 => Moved successfully.
"C:\Users\*****\AppData\Local\fc25d5a8\@" => File/Directory not found.

==== End of Fixlog ====
         

Alt 06.09.2014, 19:58   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Wenn die nie wieder angefasst werden und nur da rumliegen, nein.

Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2014, 09:02   #13
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



O.K., Danke.
Aktuell keine Probleme wobei erst die Zeit zeigen wird, ob jetzt wieder "alles gut" ist, denn der unautorisierte Zugriff und das Aufspielen von Malware o.ä. kann ja zu jedem späteren Zeitpunkt erfolgen.... Die Passwörter werden jedenfalls jetzt noch einmal erneuert und dann bleibt zu hoffen, dass es sich wirklich erledigt hat.

Vielen Dank jedenfalls schon mal für die schnelle Hilfe!!!
Hast Du evtl. noch eine Empfehlung bzgl. Virenscanner & Co.? Avast o.k. oder darfs noch etwas mehr sein?

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by ***** (administrator) on THINKTANK on 08-09-2014 08:52:32
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(TweetAdder.com) C:\Program Files (x86)\TweetAdder4\TweetAdder4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-09-04 23:22 - 2014-09-04 23:22 - 00062432 _____ () C:\Users\*****\Desktop\20140904_FRST.TXT
2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:50 - 2014-09-03 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:33 - 2014-09-03 16:46 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:39 - 2014-09-03 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-03 15:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 20:34 - 2014-09-02 21:23 - 00000000 ____D () C:\Qoobox
2014-09-02 20:28 - 2014-09-02 20:29 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:19 - 2014-09-02 18:20 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 14:10 - 2014-09-02 14:24 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:46 - 2014-09-03 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 08:46 - 2014-09-02 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 08:42 - 2014-09-02 09:30 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 08:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:08 - 2014-09-02 00:11 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 22:53 - 2014-09-01 23:17 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 22:51 - 2014-09-08 08:52 - 00027678 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-08 08:52 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-08 08:52 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 23:10 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 08:53 - 2014-09-01 22:51 - 00027678 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-09-08 08:52 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-08 08:52 - 2014-09-01 22:50 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-08 08:52 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-08 08:50 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-08 08:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 08:29 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-08 08:27 - 2012-01-13 10:40 - 00032062 _____ () C:\Windows\system32\lvcoinst.log
2014-09-08 08:27 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-08 08:27 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-08 08:27 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-08 08:21 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-09-08 08:21 - 2011-03-30 10:32 - 01191825 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 08:20 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-09-08 08:13 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 08:13 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 08:11 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-08 08:11 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-08 08:11 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 08:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 08:03 - 2009-07-14 06:51 - 00233049 _____ () C:\Windows\setupact.log
2014-09-06 01:30 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-09-05 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-05 11:26 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-04 23:22 - 2014-09-04 23:22 - 00062432 _____ () C:\Users\*****\Desktop\20140904_FRST.TXT
2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-04 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-09-04 09:25 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-03 17:32 - 2011-05-24 10:25 - 00000000 ____D () C:\Users\*****\Downloads\DesktopOK251_x64
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:56 - 2014-09-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:56 - 2011-04-07 11:13 - 00326354 _____ () C:\Windows\PFRO.log
2014-09-03 16:47 - 2014-09-02 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 16:46 - 2014-09-03 16:33 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-03 15:50 - 2013-10-07 11:26 - 00007602 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:40 - 2014-09-03 15:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 15:33 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:38 - 2014-04-27 00:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 21:38 - 2013-12-29 13:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 21:38 - 2012-07-06 10:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 21:38 - 2012-04-24 14:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 21:38 - 2012-04-24 14:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:23 - 2014-09-02 20:34 - 00000000 ____D () C:\Qoobox
2014-09-02 21:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-02 21:21 - 2012-04-24 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-09-02 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:15 - 2009-07-14 04:34 - 83099648 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 20:29 - 2014-09-02 20:28 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:20 - 2014-09-02 18:19 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 15:16 - 2011-04-04 15:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-09-02 14:24 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 10:09 - 2014-09-02 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 09:30 - 2014-09-02 08:42 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:11 - 2014-09-02 00:08 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 23:17 - 2014-09-01 22:53 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 23:10 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-25 06:53 - 2011-04-04 14:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 16:14

==================== End Of Log ============================
         
--- --- ---

Alt 08.09.2014, 20:07   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Ich empfehle immer Emsisoft.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2014, 09:01   #15
Krawinkel
 
Windows 7: FTP-Passwörter geknackt - Standard

Windows 7: FTP-Passwörter geknackt



Erledigt!
Alles klar, vielen Dank für den tollen Support!
Spende ist unterwegs...

Antwort

Themen zu Windows 7: FTP-Passwörter geknackt
bingbar, canon, chromium, feedback, hotspot, js/trojandownloader.iframe.nke, php/agent.nbf, php/kryptik.ab, php/trojandownloader.agent.aj, php/webshell.nbs, pup.optional.conduit.a, pup.optional.installcore.a, pup.optional.opencandy, pup.optional.softonic, pup.optional.softonic.a, pwmtr64v.dll, refresh, required, safer networking, synology, trojan.agent, win32/adware.yontoo.b, win32/downware.l, win32/installmonetizer.bc, win32/topmedia.a, win32/wajam.f



Ähnliche Themen: Windows 7: FTP-Passwörter geknackt


  1. Foren bei Epic Games geknackt, Passwörter kopiert
    Nachrichten - 16.07.2015 (0)
  2. Passwörter und Accounts geknackt
    Log-Analyse und Auswertung - 18.05.2015 (1)
  3. Windows 7: email wurde geknackt, Rechner langsam, schlechter Seitenaufbau
    Plagegeister aller Art und deren Bekämpfung - 05.04.2015 (28)
  4. Windows 8.1: Profil, Lesezeichen, Passwörter verschwunden
    Log-Analyse und Auswertung - 19.08.2014 (5)
  5. AOL Account geknackt.
    Log-Analyse und Auswertung - 21.04.2014 (1)
  6. Passwörter von Adobe-Kunden geknackt
    Nachrichten - 05.11.2013 (0)
  7. beide ebay Passwörter die in meinem Firefox gespeichert waren wurden "geknackt"
    Log-Analyse und Auswertung - 27.10.2013 (12)
  8. Amazon-Konto geknackt
    Log-Analyse und Auswertung - 17.10.2013 (19)
  9. Windows 7: 2 Trojan.Dropper.Sp + E-mail und E-bay-Account geknackt + 2 Online-Banking-Accounts zumindest versucht
    Log-Analyse und Auswertung - 02.09.2013 (9)
  10. Android-App klaut Passwörter von Windows-Rechnern
    Nachrichten - 01.07.2013 (0)
  11. Web.de Postfach geknackt ?
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (8)
  12. Windows 8 speichert Passwörter in der Cloud
    Nachrichten - 16.12.2011 (0)
  13. [doppelt] MSN geknackt
    Mülltonne - 28.11.2011 (1)
  14. TR/Crypt.XPACK.Gen klaut Passwörter in C:\Windows\Temp\_avast04_
    Plagegeister aller Art und deren Bekämpfung - 07.09.2010 (24)
  15. iPhone 3GS geknackt
    Nachrichten - 05.07.2009 (0)
  16. LM für Windows ME nimmt nur 14 Stellige Passwörter an
    Alles rund um Windows - 10.03.2003 (0)
  17. Dumm gelaufen: Passwörter von Windows XP lassen sich kinderleicht austricksen
    Plagegeister aller Art und deren Bekämpfung - 17.02.2003 (2)

Zum Thema Windows 7: FTP-Passwörter geknackt - Hallo zusammen, nachdem ich mit den üblichen Bordmitteln (avast, Spybot S&D) nicht mehr weiterkomme, wende ich mich vertrauensvoll an diese tolle Institution... Ich betreibe einige kleine Websites (verschiedene Domains, verschiedene - Windows 7: FTP-Passwörter geknackt...
Archiv
Du betrachtest: Windows 7: FTP-Passwörter geknackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.