Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gefälschte Rechnung von 1&1 geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.11.2014, 11:33   #1
Ostseewind
 
Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Hallo,

habe aus Unachtsamkeit eine Rechnung im Mail Anhang geöffnet.

Hab danach den Rechner gescannt mit Emisoft, es wurde auch etwas gefunden, hab es dann mit Emisoft gelöscht.

Danach nochmal gescannt mir avast und Malwarebyte, es wurde nichts mehr gefunden.

Möchte gerne, um sicher zu gehen, hier die erfahrenen Helfer nach schauen lassen.

Rechner verhält sich vollkommen normal, keinerlei Auffälligkeiten.

Logs habe ich erstellt.

Scan Emisoft:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 18.11.2014 13:37:00
Benutzerkonto: Admin-PC\Admin

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	18.11.2014 14:27:10
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 41) -> [Subject: POSTA CERTIFICATA: foto][Date: Tue, 3 Jun 2014 21:07:24 +0200] -> (MIME part) -> (MIME part) -> postacert.eml -> [Subject: foto][Date: Tue, 3 Jun 2014 14:07:33 -0500] -> (MIME part) -> photo.zip -> photo.scr 	gefunden: Trojan.GenericKD.1703512 (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 59) -> [Subject: foto][Date: Tue, 8 Jul 2014 00:06:19 -0500] -> (MIME part) -> photo.zip -> photo.exe 	gefunden: Backdoor.Agent.ABPE (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 98) -> [Subject: foto][Date: Tue, 12 Aug 2014 12:23:33 -0500] -> (MIME part) -> photo.zip -> photo.scr 	gefunden: Trojan.Agent.BGEB (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam -> (message 104) -> [Subject: foto][Date: Wed, 20 Aug 2014 22:21:04 -0500] -> (MIME part) -> photo.zip -> photo.scr 	gefunden: Trojan.GenericKD.1815331 (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 61) -> [Subject: foto][Date: Tue, 8 Jul 2014 00:06:19 -0500] -> (MIME part) -> photo.zip -> photo.exe 	gefunden: Backdoor.Agent.ABPE (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 107) -> [Subject: foto][Date: Tue, 12 Aug 2014 12:23:33 -0500] -> (MIME part) -> photo.zip -> photo.scr 	gefunden: Trojan.Agent.BGEB (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 110) -> [Subject: foto][Date: Tue, 12 Aug 2014 12:23:33 -0500] -> (MIME part) -> photo.zip -> photo.scr 	gefunden: Trojan.Agent.BGEB (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash -> (message 115) -> [Subject: foto][Date: Wed, 20 Aug 2014 22:21:04 -0500] -> (MIME part) -> photo.zip -> photo.scr 	gefunden: Trojan.GenericKD.1815331 (B)

Gescannt	220010
Gefunden	8

Scan Ende:	18.11.2014 15:38:59
Scan Zeit:	1:11:49

C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Trash	Gelöscht Trojan.GenericKD.1815331 (B)
C:\Users\Admin\AppData\Roaming\Thunderbird\Profiles\jhsxvupx.default\ImapMail\imap.aol-1.com\Spam	Gelöscht Trojan.GenericKD.1815331 (B)

Gelöscht	2
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by Admin (administrator) on ADMIN-PC on 20-11-2014 12:06:56
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-12] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-01-20] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-03-13] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {15735cfd-2a55-11e2-8e70-e0ca94af79b9} - D:\SETUP.EXE
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {4f5e6cee-2b22-11e2-9d91-e0ca94af79b9} - D:\SETUP.EXE
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fc-hansa.de/
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
Hosts: 127.0.0.1	license.superantispyware.com
Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default
FF DefaultSearchEngine,S: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: hxxp://www.fc-hansa.de/
FF NetworkProxy: "no_proxies_on", "dynhost.inetcam.com,register.inetcam.com,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll No File
FF Plugin HKU\S-1-5-21-2527506857-1470243597-2188628-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\sgb-ii---gebe--ein---.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\suche-urteil-nach-begriff-auf-sozialgerichtsbarkeitde.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-07]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de_DE@dicts.j3e.de [2014-09-18]
FF Extension: Conduit Engine  - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\engine@conduit(2).com [2012-11-08]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-14]
FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-11-08]
FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2) [2012-11-08]
FF Extension: ColorfulTabs - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-09]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2012-11-08]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(3) [2012-11-08]
FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2012-11-08]
FF Extension: Metal Lion - Vista - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}(2) [2012-11-08]
FF Extension: Tab Preview - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2012-11-08]
FF Extension: InFormEnter - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2013-10-19]
FF Extension: Nautipolis for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}(2) [2012-11-08]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2012-11-08]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: ReminderFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2) [2012-11-08]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}(2) [2012-11-08]
FF Extension: SearchPreview - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-05-21]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-08]
FF Extension: Classic Theme Restorer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-30]
FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\personas@christopher.beard.xpi [2013-08-15]
FF Extension: FastestFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\smarterwiki@wikiatic.com.xpi [2012-11-08]
FF Extension: Screengrab  (fix version) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-10-01]
FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-11-12]
FF Extension: Download Status Bar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23]
FF Extension: Show MyIP - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-11-08]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-08]
FF Extension: FootieFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-11-08]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-08]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-15]
FF Extension: Tab Mix Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-11-08]
FF Extension: QuickStores-Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2014-11-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-02]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.fc-hansa.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Actual Date) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokomghjcfmiofmackdbpjleianepgih [2014-03-21]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Splendid) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-20]
CHR Extension: (TrafficLight) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-03-21]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Downloadr - Download Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2014-03-21]
CHR Extension: (avast! Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-20]
CHR Extension: (Search View\r\n) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfpkaleocohbmlifdhhmodcpmdhem [2014-03-20]
CHR Extension: (Wetter Weltweit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbmknmpendafnnkibphfmeeljfdomgk [2014-03-20]
CHR Extension: (Erfassen Webseite Screenshot - FireShot) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-03-21]
CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-21]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Clock & Stoppuhr) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenbafpkokgkppmcadhgjinfgapnjko [2014-03-20]
CHR Extension: (Google Calendar Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-12] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-14] (IObit)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-07] (Disc Soft Ltd)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [70256 2011-10-26] (Miray)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 12:04 - 2014-11-20 12:06 - 00029868 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-11-20 12:03 - 2014-11-20 12:07 - 00029844 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-11-20 12:02 - 2014-11-20 12:07 - 00000000 ____D () C:\FRST
2014-11-20 12:00 - 2014-11-20 12:00 - 02117120 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-11-20 03:56 - 2014-11-20 03:56 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-19 18:10 - 2014-11-19 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 17:39 - 2014-11-19 17:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-19 09:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 21:35 - 2014-11-20 10:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-18 21:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-18 21:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-18 21:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 12:42 - 2014-11-18 12:42 - 00000375 _____ () C:\Users\Admin\Documents\autoplay_repair.zip
2014-11-17 16:42 - 2014-11-17 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-15 18:19 - 2014-11-15 18:19 - 00079991 _____ () C:\Users\Admin\Documents\silverlight.diagcab
2014-11-14 21:43 - 2014-11-20 10:04 - 00831975 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 21:38 - 2014-11-20 09:58 - 00000896 _____ () C:\Windows\setupact.log
2014-11-14 21:38 - 2014-11-19 15:20 - 00003014 _____ () C:\Windows\PFRO.log
2014-11-14 21:38 - 2014-11-14 21:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 16:25 - 2014-11-14 16:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ABBYY
2014-11-14 16:01 - 2014-11-14 16:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-14 14:16 - 2014-11-14 14:16 - 00139996 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-11-14 14:14 - 2014-11-14 14:32 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-14 12:55 - 2014-11-14 12:55 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-14 12:49 - 2014-11-14 12:49 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin
2014-11-13 00:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 00:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 00:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 00:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 00:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 00:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 00:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 00:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 00:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 00:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 00:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 00:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 00:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 00:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 00:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 00:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 00:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 00:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 00:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 00:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 00:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 00:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 00:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 00:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 00:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 00:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 00:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 00:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 00:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 00:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 00:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 00:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 00:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 00:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 00:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 00:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 00:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 00:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 00:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 00:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 00:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 00:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 00:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 00:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 00:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 00:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 00:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 00:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 00:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 00:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 00:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 00:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 00:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 00:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 00:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 00:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 21:46 - 2014-11-14 15:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-11-12 21:45 - 2014-11-18 22:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader 2.0
2014-11-12 18:03 - 2014-11-12 18:03 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-12 15:40 - 2014-11-12 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-12 15:38 - 2014-11-12 15:37 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-12 15:37 - 2014-11-12 15:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-12 15:36 - 2014-11-12 15:36 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-12 10:05 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:05 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:05 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:05 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:05 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:05 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:05 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:05 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:05 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:04 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:04 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:04 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 01:19 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:19 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 01:19 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 01:19 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:19 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 01:19 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 01:19 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 01:18 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 01:18 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:18 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 01:18 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:18 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 01:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 01:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 01:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 17:54 - 2014-11-05 17:57 - 00000000 ____D () C:\Users\Admin\Documents\Energie sparen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 12:02 - 2012-11-08 23:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 12:00 - 2014-06-19 10:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-20 11:49 - 2013-05-15 11:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spamihilator
2014-11-20 11:47 - 2012-11-13 16:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TVgenial
2014-11-20 11:43 - 2012-11-09 02:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-11-20 11:35 - 2014-03-20 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 10:06 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 10:06 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 10:00 - 2013-04-02 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-20 10:00 - 2012-11-09 00:40 - 00000000 ____D () C:\Users\Admin\.rainlendar2
2014-11-20 09:59 - 2014-03-20 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 09:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 22:03 - 2014-03-13 20:07 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-11-19 19:40 - 2012-11-09 15:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-11-19 01:21 - 2011-02-14 13:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-11-19 01:21 - 2011-02-14 13:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-11-19 01:21 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 21:56 - 2014-01-09 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\entrusted
2014-11-18 21:34 - 2012-11-17 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-18 19:14 - 2012-11-08 23:15 - 00000000 ____D () C:\temp
2014-11-18 12:54 - 2012-11-11 00:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2014-11-17 20:24 - 2013-09-05 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\BOM
2014-11-17 16:17 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-17 10:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-16 22:32 - 2012-11-08 23:19 - 00000000 ____D () C:\Users\Admin\Documents\Urteile
2014-11-14 19:10 - 2012-12-09 19:20 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-11-14 16:01 - 2012-08-27 21:30 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-11-14 14:43 - 2013-08-21 08:12 - 00109672 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 14:41 - 2013-08-21 08:11 - 00419856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 14:40 - 2014-05-01 22:59 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-14 14:40 - 2012-11-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-11-14 14:34 - 2012-11-11 14:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-14 14:34 - 2012-08-27 21:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-14 14:21 - 2012-11-08 23:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-11-14 13:05 - 2012-08-28 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-14 12:51 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\IObit
2014-11-14 12:50 - 2013-09-23 10:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2014-11-14 12:49 - 2014-05-01 22:59 - 00001254 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-11-14 12:49 - 2014-05-01 22:59 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-14 12:47 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 8
2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Zeon
2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Nuance
2014-11-14 12:44 - 2012-08-27 21:28 - 00000000 ____D () C:\ProgramData\Temp
2014-11-14 12:23 - 2012-11-11 23:52 - 00000000 ____D () C:\ProgramData\RFA_Backups
2014-11-14 10:39 - 2014-02-23 15:53 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-11-14 10:39 - 2012-12-24 20:29 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-12 21:58 - 2012-11-09 00:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-12 20:30 - 2014-03-20 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 20:30 - 2014-03-20 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 18:03 - 2012-11-08 23:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:03 - 2012-11-08 23:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 18:03 - 2012-11-08 23:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 16:31 - 2014-04-14 22:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-12 15:37 - 2014-04-17 20:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-12 15:37 - 2013-12-18 08:37 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-12 15:36 - 2014-03-31 00:19 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-12 15:36 - 2013-04-02 12:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-12 14:25 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:21 - 2012-11-10 15:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 10:17 - 2013-08-13 23:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:09 - 2012-11-09 13:38 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:58 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\SG
2014-11-11 07:05 - 2012-11-08 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 00:48 - 2013-11-12 15:26 - 00000000 ____D () C:\Users\Admin\Documents\Microsoft Toolkit v 2.4 BETA 6
2014-11-07 08:05 - 2012-11-09 02:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-11-06 12:07 - 2012-11-09 02:32 - 00001157 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-11-06 12:07 - 2012-11-09 02:32 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 10:13 - 2012-11-11 02:40 - 00000000 ____D () C:\Program Files\BatteryBar
2014-10-31 19:28 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\Strom,Finanzen
2014-10-27 19:48 - 2012-11-08 23:17 - 00000000 ____D () C:\Users\Admin\Documents\JC Lübeck
2014-10-21 17:00 - 2012-11-20 00:42 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-10-21 11:02 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-21 00:44 - 2014-08-23 09:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-21 00:43 - 2013-06-28 22:34 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\proxy_vole7153334352871499948.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Admin\AppData\Local\Temp\{FCD06E32-7858-4358-AD18-1B914086B950}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 10:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Admin at 2014-11-20 12:07:46
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2020 Musterbriefe (HKLM-x32\...\2020 Musterbriefe) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Brother MFL-Pro Suite (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{4A3FCC59-5231-4634-882C-BF8B511392C5}) (Version: 0.9.5 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version:  - )
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Flatcast Viewer Plugin 5.3.0.784 (HKLM-x32\...\Flatcast Viewer 5.3_is1) (Version:  - 1 mal 1 Software GmbH)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GIANTS Editor 4.1.7 (HKLM-x32\...\giants_editor_4.1.7_is1) (Version: 4.1.7 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HDClone 4.1 Professional Edition (HKLM-x32\...\HDClone.Professional.4.1.1.1031-{67D3C96E-256B-4739-A8E2-452E354256AB}) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.30 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry First Aid (HKLM\...\Registry First Aid_is1) (Version: 8.0.1 - RoseCitySoftware)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Spamihilator 1.5.0 (64-Bit) (HKLM\...\{A0D450C6-07C4-40C7-8D2B-840565E91987}) (Version: 1.5.0 - Michel Krämer)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{DBE4B37E-4FF1-47AB-964E-DEF9AE2BE945}) (Version: 9.0 - Star Finanz GmbH)
Steganos Live Encryption Engine 17 (HKLM-x32\...\{C2490885-D566-405F-889B-670C6CF0F7F2}) (Version: 17.4.1 - Steganos Software GmbH)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
TVgenial 4.10 (HKLM-x32\...\TVgenial) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Care 365 version 2.13 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.13 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2527506857-1470243597-2188628-1000_Classes\CLSID\{BABBB895-2A46-9F8D-0675-47C14CD8DC6B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-11-2014 15:14:54 IObit Uninstaller restore point
14-11-2014 15:15:31 Removed ABBYY PDF Transformer+.
14-11-2014 15:21:41 Installed MSXML 6.0 Parser
14-11-2014 15:22:18 Installed ABBYY PDF Transformer+.
14-11-2014 16:12:47 IObit Uninstaller restore point
14-11-2014 20:32:37 Removed Microsoft Silverlight
15-11-2014 16:58:45 Removed Microsoft Silverlight
18-11-2014 09:41:45 Windows Update
18-11-2014 11:52:29 18.11.2014
19-11-2014 10:49:37 Windows Update
20-11-2014 03:21:53 IObit Uninstaller restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-11-21 13:25 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	license.superantispyware.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DA7F2DC-FD24-4FDC-8EFD-204F450B8B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {1EE66555-4CF6-4A6C-8FE1-205ADB9FA24B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {35040037-69DE-4DA4-B70A-3AC945807111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {573394D3-D980-4441-9FB2-512267D5D98E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {7E5D6BE3-0DBF-4103-B670-FA04DF7DEA6A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {929A3209-33CA-4821-9200-550C9E3E0AA4} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe [2012-12-06] (WiseCleaner.com)
Task: {96C1FA8A-105E-4A2F-ACA6-96D0E88E272B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AFD00B44-D5F7-41C1-9477-E5B496010B55} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-30] (TuneUp Software)
Task: {CE9B0183-44B2-4378-B09C-A19A8851D0CD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {D687F713-EC7E-4CA3-AFEE-52C8C2CFB1C7} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {DF6CBB72-ADF5-4B57-AA51-92D5990F899B} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {E8896730-5B41-4DCE-AD4A-15C5E403889C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {EF8F8D2E-9EE5-4E90-806E-45E21BE6A4F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {F252A6B8-7F16-47BA-85A2-AA12DB8D2902} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {F72513FD-847C-4B08-93CC-B72240896256} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Registry First Aid auto.job => C:\Program Files\RFA 8\reg1aid64.exe
Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-08 23:13 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00323584 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00073728 _____ () C:\Program Files\Spamihilator\zlib1.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00380928 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2013-08-30 08:51 - 2013-08-30 08:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-06-19 10:48 - 2014-10-06 16:53 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-11-19 22:17 - 2014-11-19 22:17 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll
2014-11-20 10:00 - 2014-11-20 10:00 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112000\algo.dll
2014-07-31 12:41 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll
2014-11-12 15:37 - 2014-11-12 15:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AEC0AC81

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2527506857-1470243597-2188628-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2527506857-1470243597-2188628-500 - Administrator - Disabled)
Gast (S-1-5-21-2527506857-1470243597-2188628-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2527506857-1470243597-2188628-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 09:59:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 04:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 04:10:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm trupd.exe, Version 1.3.8.1102 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1598

Startzeit: 01d0046f6514b256

Endzeit: 14

Anwendungspfad: C:\Program Files (x86)\Trojan Remover\trupd.exe

Berichts-ID: b2d7e20e-7062-11e4-924c-e0ca94af79b9

Error: (11/19/2014 07:40:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: a2start.exe, Version: 9.0.0.4570, Zeitstempel: 0x543c0095
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037017
ID des fehlerhaften Prozesses: 0x7b8
Startzeit der fehlerhaften Anwendung: 0xa2start.exe0
Pfad der fehlerhaften Anwendung: a2start.exe1
Pfad des fehlerhaften Moduls: a2start.exe2
Berichtskennung: a2start.exe3

Error: (11/19/2014 06:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 05:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 05:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 03:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 09:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.8.4.0, Zeitstempel: 0x51352df8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00042016
ID des fehlerhaften Prozesses: 0xae0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3


System errors:
=============
Error: (11/19/2014 10:48:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (11/19/2014 02:52:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/19/2014 02:52:16 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1352

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/19/2014 02:52:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/18/2014 08:48:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Unterstützung für Bluetooth-Funktionen" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 9.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/18/2014 08:48:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PowerSavingUtilityService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (11/20/2014 09:59:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 04:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 04:10:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: trupd.exe1.3.8.1102159801d0046f6514b25614C:\Program Files (x86)\Trojan Remover\trupd.exeb2d7e20e-7062-11e4-924c-e0ca94af79b9

Error: (11/19/2014 07:40:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: a2start.exe9.0.0.4570543c0095KERNELBASE.dll6.1.7601.1840953159a86c0000005000370177b801d0041d58d3a8c3C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exeC:\Windows\syswow64\KERNELBASE.dll8816ba89-701b-11e4-924c-e0ca94af79b9

Error: (11/19/2014 06:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 05:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 05:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 03:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 09:22:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecQtCore4.dll4.8.4.051352df8c000000500042016ae001d0036f24bdc185C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \QtCore4.dllf96a8491-6f65-11e4-8ec2-e0ca94af79b9


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1796.4 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4922.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:378.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A79E64B7)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Geändert von Ostseewind (20.11.2014 um 11:43 Uhr)

Alt 20.11.2014, 12:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



hi,

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 20.11.2014, 12:25   #3
Ostseewind
 
Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Hallo @schrauber,

vielen Dank für Deine schnelle Antwort.

Hier die Log (1 Thread found)

Code:
ATTFilter
13:18:35.0109 0x0a94  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
13:18:39.0040 0x0a94  ============================================================
13:18:39.0040 0x0a94  Current date / time: 2014/11/20 13:18:39.0040
13:18:39.0040 0x0a94  SystemInfo:
13:18:39.0040 0x0a94  
13:18:39.0040 0x0a94  OS Version: 6.1.7601 ServicePack: 1.0
13:18:39.0040 0x0a94  Product type: Workstation
13:18:39.0040 0x0a94  ComputerName: ADMIN-PC
13:18:39.0040 0x0a94  UserName: Admin
13:18:39.0040 0x0a94  Windows directory: C:\Windows
13:18:39.0040 0x0a94  System windows directory: C:\Windows
13:18:39.0040 0x0a94  Running under WOW64
13:18:39.0040 0x0a94  Processor architecture: Intel x64
13:18:39.0040 0x0a94  Number of processors: 2
13:18:39.0040 0x0a94  Page size: 0x1000
13:18:39.0040 0x0a94  Boot type: Normal boot
13:18:39.0040 0x0a94  ============================================================
13:18:40.0881 0x0a94  KLMD registered as C:\Windows\system32\drivers\83917054.sys
13:18:41.0630 0x0a94  System UUID: {E06ACBA1-7FD4-40CF-2B3C-926229A8CFC7}
13:18:43.0237 0x0a94  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:43.0252 0x0a94  ============================================================
13:18:43.0252 0x0a94  \Device\Harddisk0\DR0:
13:18:43.0252 0x0a94  MBR partitions:
13:18:43.0252 0x0a94  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401000, BlocksNum 0x39F84830
13:18:43.0252 0x0a94  ============================================================
13:18:43.0533 0x0a94  C: <-> \Device\Harddisk0\DR0\Partition1
13:18:43.0533 0x0a94  ============================================================
13:18:43.0533 0x0a94  Initialize success
13:18:43.0533 0x0a94  ============================================================
13:19:28.0683 0x178c  ============================================================
13:19:28.0683 0x178c  Scan started
13:19:28.0683 0x178c  Mode: Manual; SigCheck; TDLFS; 
13:19:28.0683 0x178c  ============================================================
13:19:28.0683 0x178c  KSN ping started
13:19:43.0179 0x178c  KSN ping finished: true
13:19:44.0408 0x178c  ================ Scan system memory ========================
13:19:44.0408 0x178c  System memory - ok
13:19:44.0409 0x178c  ================ Scan services =============================
13:19:44.0928 0x178c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:19:46.0150 0x178c  1394ohci - ok
13:19:46.0299 0x178c  [ 73C035299E3044636104CA7A7634A6AC, ED1D4904E2D1D1C72ED9697297AE1B64860098BA2F6F63F7A1426413007DF138 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
13:19:46.0720 0x178c  a2acc - ok
13:19:47.0142 0x178c  [ 5E65B8C0E1AAE00E749BA4AC3B88E854, D641DDD1B14AED7FD1FB8D2B27BAC80548DF6D89A44FD57244FBAFC6F448BA37 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
13:19:47.0474 0x178c  a2AntiMalware - ok
13:19:47.0566 0x178c  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9, CBAD45B3FFFD30C34AF918009F699B65F89043D0799FC25D2472381912F86F93 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
13:19:47.0694 0x178c  A2DDA - ok
13:19:47.0826 0x178c  [ 05936579605018BD2BC528FF2C1AD95F, 763C2E76F9078F6A74D5BCCB4DD8A10C82AEB9C9F5A45C3706A587FA2D03E7D3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
13:19:47.0927 0x178c  a2injectiondriver - ok
13:19:47.0972 0x178c  [ B1AB7116D14667A2238DAEFE20B7F4D0, DC8A9093A6F759657C3354931A462FCCAF3533A907FB7152380EB2E9B4AD3BF8 ] a2util          C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
13:19:48.0047 0x178c  a2util - ok
13:19:48.0138 0x178c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:19:48.0269 0x178c  ACPI - ok
13:19:48.0325 0x178c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:19:48.0564 0x178c  AcpiPmi - ok
13:19:48.0781 0x178c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:19:49.0035 0x178c  AdobeARMservice - ok
13:19:49.0286 0x178c  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:49.0378 0x178c  AdobeFlashPlayerUpdateSvc - ok
13:19:49.0459 0x178c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:19:49.0568 0x178c  adp94xx - ok
13:19:49.0626 0x178c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:19:49.0814 0x178c  adpahci - ok
13:19:49.0879 0x178c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:19:50.0088 0x178c  adpu320 - ok
13:19:50.0119 0x178c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:19:50.0780 0x178c  AeLookupSvc - ok
13:19:50.0977 0x178c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:19:51.0218 0x178c  AFD - ok
13:19:51.0268 0x178c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:19:51.0382 0x178c  agp440 - ok
13:19:51.0419 0x178c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:19:51.0529 0x178c  ALG - ok
13:19:51.0591 0x178c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:19:51.0735 0x178c  aliide - ok
13:19:51.0833 0x178c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:19:51.0897 0x178c  amdide - ok
13:19:51.0941 0x178c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:19:52.0155 0x178c  AmdK8 - ok
13:19:52.0255 0x178c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:19:52.0366 0x178c  AmdPPM - ok
13:19:52.0436 0x178c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:19:52.0550 0x178c  amdsata - ok
13:19:52.0639 0x178c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:19:52.0885 0x178c  amdsbs - ok
13:19:52.0934 0x178c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:19:53.0030 0x178c  amdxata - ok
13:19:53.0147 0x178c  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
13:19:53.0363 0x178c  AppID - ok
13:19:53.0445 0x178c  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:19:53.0636 0x178c  AppIDSvc - ok
13:19:53.0811 0x178c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:19:53.0976 0x178c  Appinfo - ok
13:19:54.0031 0x178c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:19:54.0163 0x178c  arc - ok
13:19:54.0210 0x178c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:19:54.0320 0x178c  arcsas - ok
13:19:54.0514 0x178c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:19:54.0620 0x178c  aspnet_state - ok
13:19:54.0744 0x178c  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:19:54.0832 0x178c  aswHwid - ok
13:19:54.0892 0x178c  [ EAFC6970073525E98D4D0E2B56741227, 361A4FEE9DAA30780C9C144A7285ACC23DDB6FD2DF80DBC19CFA138E6C5BEAE5 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
13:19:54.0972 0x178c  aswKbd - ok
13:19:55.0144 0x178c  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:19:55.0247 0x178c  aswMonFlt - ok
13:19:55.0349 0x178c  [ 8025E7521EB601207627E8B4722ACE19, E4DB4CD0BAF7F1CDF71F5C01CF44654C415AEE7FB24235D9396EDC2B4D81AD5E ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
13:19:55.0439 0x178c  aswNdisFlt - ok
13:19:55.0530 0x178c  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:19:55.0617 0x178c  aswRdr - ok
13:19:55.0814 0x178c  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:19:55.0893 0x178c  aswRvrt - ok
13:19:56.0202 0x178c  [ 655D6F1B8722091427FB18663A546E2C, 92074D308C9CF1752C49CAA47ED16FB327366174A1AFBE2CAEBFD23021EC830C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:19:56.0436 0x178c  aswSnx - ok
13:19:56.0595 0x178c  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:19:56.0761 0x178c  aswSP - ok
13:19:56.0837 0x178c  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:19:56.0916 0x178c  aswStm - ok
13:19:56.0966 0x178c  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:19:57.0056 0x178c  aswVmm - ok
13:19:57.0085 0x178c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:57.0199 0x178c  AsyncMac - ok
13:19:57.0250 0x178c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:19:57.0309 0x178c  atapi - ok
13:19:57.0436 0x178c  [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
13:19:57.0655 0x0928  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
13:19:57.0691 0x178c  athr - ok
13:19:57.0914 0x178c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:58.0130 0x178c  AudioEndpointBuilder - ok
13:19:58.0204 0x178c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:19:58.0276 0x178c  AudioSrv - ok
13:19:58.0403 0x178c  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:19:58.0576 0x178c  avast! Antivirus - ok
13:19:58.0665 0x178c  [ D25195B0A2075862E988B85161DF07FD, 4CF120D958EBD5F9F1785B5576F5E37A7F508E5694C43E8336310F2B7A278A77 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
13:19:58.0778 0x178c  avast! Firewall - ok
13:19:58.0857 0x178c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:19:59.0129 0x178c  AxInstSV - ok
13:19:59.0237 0x178c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:19:59.0393 0x178c  b06bdrv - ok
13:19:59.0445 0x178c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:19:59.0545 0x178c  b57nd60a - ok
13:19:59.0587 0x178c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:19:59.0741 0x178c  BDESVC - ok
13:19:59.0797 0x178c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:20:00.0003 0x178c  Beep - ok
13:20:00.0115 0x178c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:20:00.0305 0x178c  BFE - ok
13:20:00.0451 0x178c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:20:00.0636 0x0928  Object send P2P result: true
13:20:01.0391 0x178c  BITS - ok
13:20:01.0446 0x178c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:20:01.0556 0x178c  blbdrive - ok
13:20:01.0610 0x178c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:20:01.0715 0x178c  bowser - ok
13:20:01.0744 0x178c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:20:01.0823 0x178c  BrFiltLo - ok
13:20:01.0837 0x178c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:20:01.0904 0x178c  BrFiltUp - ok
13:20:01.0944 0x178c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:20:02.0023 0x178c  Browser - ok
13:20:02.0101 0x178c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:20:02.0308 0x178c  Brserid - ok
13:20:02.0326 0x178c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:20:02.0425 0x178c  BrSerWdm - ok
13:20:02.0475 0x178c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:20:02.0583 0x178c  BrUsbMdm - ok
13:20:02.0609 0x178c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:20:02.0691 0x178c  BrUsbSer - ok
13:20:02.0805 0x178c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:20:02.0932 0x178c  BthEnum - ok
13:20:02.0968 0x178c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:20:03.0069 0x178c  BTHMODEM - ok
13:20:03.0108 0x178c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:20:03.0202 0x178c  BthPan - ok
13:20:03.0275 0x178c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:20:03.0470 0x178c  BTHPORT - ok
13:20:03.0535 0x178c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:20:03.0646 0x178c  bthserv - ok
13:20:03.0674 0x178c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:20:03.0794 0x178c  BTHUSB - ok
13:20:03.0828 0x178c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:20:03.0931 0x178c  cdfs - ok
13:20:04.0024 0x178c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:20:04.0124 0x178c  cdrom - ok
13:20:04.0197 0x178c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:20:04.0323 0x178c  CertPropSvc - ok
13:20:04.0366 0x178c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:20:04.0502 0x178c  circlass - ok
13:20:04.0611 0x178c  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
13:20:04.0693 0x178c  cleanhlp - ok
13:20:04.0738 0x178c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:20:04.0843 0x178c  CLFS - ok
13:20:05.0061 0x178c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:20:05.0224 0x178c  clr_optimization_v2.0.50727_32 - ok
13:20:05.0380 0x178c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:20:05.0438 0x178c  clr_optimization_v2.0.50727_64 - ok
13:20:05.0655 0x178c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:20:05.0858 0x178c  clr_optimization_v4.0.30319_32 - ok
13:20:05.0907 0x178c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:20:06.0028 0x178c  clr_optimization_v4.0.30319_64 - ok
13:20:06.0062 0x178c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:20:06.0115 0x178c  CmBatt - ok
13:20:06.0136 0x178c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:20:06.0195 0x178c  cmdide - ok
13:20:06.0316 0x178c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:20:06.0429 0x178c  CNG - ok
13:20:06.0448 0x178c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:20:06.0553 0x178c  Compbatt - ok
13:20:06.0609 0x178c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:20:06.0708 0x178c  CompositeBus - ok
13:20:06.0732 0x178c  COMSysApp - ok
13:20:06.0867 0x178c  [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
13:20:06.0928 0x178c  cpudrv64 - ok
13:20:06.0972 0x178c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:20:07.0059 0x178c  crcdisk - ok
13:20:07.0125 0x178c  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:20:07.0258 0x178c  CryptSvc - ok
13:20:07.0356 0x178c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:20:07.0503 0x178c  DcomLaunch - ok
13:20:07.0578 0x178c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:20:07.0736 0x178c  defragsvc - ok
13:20:07.0840 0x178c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:20:07.0934 0x178c  DfsC - ok
13:20:07.0989 0x178c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:20:08.0149 0x178c  Dhcp - ok
13:20:08.0185 0x178c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:20:08.0292 0x178c  discache - ok
13:20:08.0325 0x178c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:20:08.0380 0x178c  Disk - ok
13:20:08.0417 0x178c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:20:08.0578 0x178c  Dnscache - ok
13:20:08.0632 0x178c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:20:08.0770 0x178c  dot3svc - ok
13:20:08.0829 0x178c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:20:08.0938 0x178c  DPS - ok
13:20:08.0983 0x178c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:20:09.0129 0x178c  drmkaud - ok
13:20:09.0229 0x178c  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:20:09.0325 0x178c  dtsoftbus01 - ok
13:20:09.0400 0x178c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:20:09.0478 0x178c  DXGKrnl - ok
13:20:09.0520 0x178c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:20:09.0664 0x178c  EapHost - ok
13:20:09.0921 0x178c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:20:10.0129 0x178c  ebdrv - ok
13:20:10.0261 0x178c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:20:10.0378 0x178c  EFS - ok
13:20:10.0530 0x178c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:20:10.0770 0x178c  ehRecvr - ok
13:20:10.0848 0x178c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:20:10.0953 0x178c  ehSched - ok
13:20:11.0017 0x178c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:20:11.0120 0x178c  elxstor - ok
13:20:11.0155 0x178c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:20:11.0235 0x178c  ErrDev - ok
13:20:11.0300 0x178c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:20:11.0431 0x178c  EventSystem - ok
13:20:11.0506 0x178c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:20:11.0609 0x178c  exfat - ok
13:20:11.0635 0x178c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:20:11.0743 0x178c  fastfat - ok
13:20:11.0867 0x178c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:20:12.0057 0x178c  Fax - ok
13:20:12.0071 0x178c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:20:12.0172 0x178c  fdc - ok
13:20:12.0224 0x178c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:20:12.0324 0x178c  fdPHost - ok
13:20:12.0335 0x178c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:20:12.0441 0x178c  FDResPub - ok
13:20:12.0467 0x178c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:20:12.0507 0x178c  FileInfo - ok
13:20:12.0526 0x178c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:20:12.0674 0x178c  Filetrace - ok
13:20:12.0710 0x178c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:20:12.0780 0x178c  flpydisk - ok
13:20:12.0868 0x178c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:20:12.0935 0x178c  FltMgr - ok
13:20:13.0049 0x178c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:20:13.0296 0x178c  FontCache - ok
13:20:13.0351 0x178c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:20:13.0387 0x178c  FontCache3.0.0.0 - ok
13:20:13.0418 0x178c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:20:13.0481 0x178c  FsDepends - ok
13:20:13.0499 0x178c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:20:13.0558 0x178c  Fs_Rec - ok
13:20:13.0587 0x178c  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3, 28D37F07A58D5AFA48A18BB4A780A36A3F8D49E94DE8CA5071071CCF16C0C090 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
13:20:13.0655 0x178c  FUJ02B1 - ok
13:20:13.0683 0x178c  [ 7135030CBF87D724B6037BB023923730, 1F6D9A7D7033226507DEDD53CB686C0F3CDC15FD7E77DBC5263256E8EB541E4E ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
13:20:13.0820 0x178c  FUJ02E3 - ok
13:20:13.0895 0x178c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:20:13.0978 0x178c  fvevol - ok
13:20:14.0017 0x178c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:20:14.0077 0x178c  gagp30kx - ok
13:20:14.0142 0x178c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:20:14.0276 0x178c  gpsvc - ok
13:20:14.0448 0x178c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:20:14.0572 0x178c  gupdate - ok
13:20:14.0632 0x178c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:20:14.0673 0x178c  gupdatem - ok
13:20:14.0812 0x178c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:20:14.0956 0x178c  gusvc - ok
13:20:15.0052 0x178c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:20:15.0346 0x178c  hcw85cir - ok
13:20:15.0389 0x178c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:20:15.0552 0x178c  HdAudAddService - ok
13:20:15.0585 0x178c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:20:15.0654 0x178c  HDAudBus - ok
13:20:15.0725 0x178c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
13:20:15.0887 0x178c  HECIx64 - ok
13:20:15.0914 0x178c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:20:16.0004 0x178c  HidBatt - ok
13:20:16.0048 0x178c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:20:16.0147 0x178c  HidBth - ok
13:20:16.0191 0x178c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:20:16.0292 0x178c  HidIr - ok
13:20:16.0323 0x178c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:20:16.0433 0x178c  hidserv - ok
13:20:16.0499 0x178c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:20:16.0564 0x178c  HidUsb - ok
13:20:16.0593 0x178c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:20:16.0698 0x178c  hkmsvc - ok
13:20:16.0778 0x178c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:20:16.0937 0x178c  HomeGroupListener - ok
13:20:16.0977 0x178c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:20:17.0107 0x178c  HomeGroupProvider - ok
13:20:17.0128 0x178c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:20:17.0183 0x178c  HpSAMD - ok
13:20:17.0270 0x178c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:20:17.0412 0x178c  HTTP - ok
13:20:17.0423 0x178c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:20:17.0495 0x178c  hwpolicy - ok
13:20:17.0540 0x178c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:20:17.0618 0x178c  i8042prt - ok
13:20:17.0727 0x178c  [ 2064090C9FAAD92C090D77E50E735B2E, 802BF10AF2F4B5DC93926C34DB2782DA6FD7243766D583E85603879483A592D2 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:20:17.0782 0x178c  iaStor - ok
13:20:17.0904 0x178c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:20:18.0032 0x178c  iaStorV - ok
13:20:18.0146 0x178c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:20:18.0274 0x178c  idsvc - ok
13:20:18.0343 0x178c  IEEtwCollectorService - ok
13:20:19.0000 0x178c  [ C458A0B66D11CBABD113EAC828276A8C, FF31B49BAF36358A16FA5478036C6431DE877BA30D6F6DF85FD0A2FA6E6CB0E1 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:20:19.0938 0x178c  igfx - ok
13:20:19.0974 0x178c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:20:20.0056 0x178c  iirsp - ok
13:20:20.0190 0x178c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:20:20.0321 0x178c  IKEEXT - ok
13:20:20.0361 0x178c  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
13:20:20.0505 0x178c  Impcd - ok
13:20:20.0696 0x178c  [ 42943BB3AB7A405B30EFF7C8283CC129, B914B5610565B794BE28664DE605C5726A0587F15034A026509885771C63B0D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:20:20.0868 0x178c  IntcAzAudAddService - ok
13:20:20.0943 0x178c  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:20:21.0094 0x178c  IntcDAud - ok
13:20:21.0123 0x178c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:20:21.0197 0x178c  intelide - ok
13:20:21.0255 0x178c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:20:21.0359 0x178c  intelppm - ok
13:20:21.0392 0x178c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:20:21.0710 0x178c  IPBusEnum - ok
13:20:21.0762 0x178c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:20:21.0906 0x178c  IpFilterDriver - ok
13:20:21.0951 0x178c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:20:22.0096 0x178c  iphlpsvc - ok
13:20:22.0120 0x178c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:20:22.0215 0x178c  IPMIDRV - ok
13:20:22.0240 0x178c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:20:22.0342 0x178c  IPNAT - ok
13:20:22.0382 0x178c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:20:22.0486 0x178c  IRENUM - ok
13:20:22.0504 0x178c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:20:22.0567 0x178c  isapnp - ok
13:20:22.0602 0x178c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:20:22.0676 0x178c  iScsiPrt - ok
13:20:22.0731 0x178c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:20:22.0790 0x178c  kbdclass - ok
13:20:22.0813 0x178c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:20:22.0881 0x178c  kbdhid - ok
13:20:22.0896 0x178c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:20:22.0942 0x178c  KeyIso - ok
13:20:22.0987 0x178c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:20:23.0088 0x178c  KSecDD - ok
13:20:23.0152 0x178c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:20:23.0209 0x178c  KSecPkg - ok
13:20:23.0245 0x178c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:20:23.0334 0x178c  ksthunk - ok
13:20:23.0400 0x178c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:20:23.0561 0x178c  KtmRm - ok
13:20:23.0684 0x178c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:20:23.0857 0x178c  LanmanServer - ok
13:20:23.0957 0x178c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:20:24.0103 0x178c  LanmanWorkstation - ok
13:20:24.0347 0x178c  [ 1C42FC4A8E42A7D0E24FE0DE55EA3595, 4712D4ED302BE876F267562EBECA29939E5C61C94EBFCC36E02A1726676805D5 ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
13:20:24.0908 0x178c  LiveUpdateSvc - ok
13:20:24.0971 0x178c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:20:25.0088 0x178c  lltdio - ok
13:20:25.0116 0x178c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:20:25.0282 0x178c  lltdsvc - ok
13:20:25.0305 0x178c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:20:25.0462 0x178c  lmhosts - ok
13:20:25.0576 0x178c  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:20:25.0779 0x178c  LMS - detected UnsignedFile.Multi.Generic ( 1 )
13:20:29.0177 0x178c  Detect skipped due to KSN trusted
13:20:29.0177 0x178c  LMS - ok
13:20:29.0258 0x178c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:20:29.0319 0x178c  LSI_FC - ok
13:20:29.0337 0x178c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:20:29.0434 0x178c  LSI_SAS - ok
13:20:29.0461 0x178c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:20:29.0525 0x178c  LSI_SAS2 - ok
13:20:29.0576 0x178c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:20:29.0654 0x178c  LSI_SCSI - ok
13:20:29.0694 0x178c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:20:29.0849 0x178c  luafv - ok
13:20:29.0918 0x178c  [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:20:29.0976 0x178c  MBAMProtector - ok
13:20:30.0189 0x178c  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
13:20:30.0456 0x178c  MBAMScheduler - ok
13:20:30.0634 0x178c  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
13:20:30.0733 0x178c  MBAMService - ok
13:20:30.0852 0x178c  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:20:30.0903 0x178c  MBAMSwissArmy - ok
13:20:30.0950 0x178c  [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:20:31.0022 0x178c  MBAMWebAccessControl - ok
13:20:31.0055 0x178c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:20:31.0120 0x178c  Mcx2Svc - ok
13:20:31.0138 0x178c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:20:31.0215 0x178c  megasas - ok
13:20:31.0291 0x178c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:20:31.0449 0x178c  MegaSR - ok
13:20:31.0619 0x178c  Microsoft SharePoint Workspace Audit Service - ok
13:20:31.0684 0x178c  [ 17879746E9B82965ABD908E20422EAEC, F646F240EFF3CCB3C3BD4CD5A804E719242EB3F659E01623422EFD9018782314 ] MirayVirtualDisk C:\Windows\system32\DRIVERS\mvd.sys
13:20:31.0769 0x178c  MirayVirtualDisk - ok
13:20:31.0796 0x178c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:20:31.0934 0x178c  MMCSS - ok
13:20:31.0955 0x178c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:20:32.0066 0x178c  Modem - ok
13:20:32.0108 0x178c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:20:32.0180 0x178c  monitor - ok
13:20:32.0208 0x178c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:20:32.0251 0x178c  mouclass - ok
13:20:32.0289 0x178c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:20:32.0362 0x178c  mouhid - ok
13:20:32.0394 0x178c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:20:32.0456 0x178c  mountmgr - ok
13:20:32.0534 0x178c  [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:20:32.0612 0x178c  MozillaMaintenance - ok
13:20:32.0659 0x178c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:20:32.0893 0x178c  mpio - ok
13:20:33.0033 0x178c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:20:33.0142 0x178c  mpsdrv - ok
13:20:33.0220 0x178c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:20:33.0423 0x178c  MpsSvc - ok
13:20:33.0486 0x178c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:20:33.0548 0x178c  MRxDAV - ok
13:20:33.0595 0x178c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:20:33.0735 0x178c  mrxsmb - ok
13:20:33.0813 0x178c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:20:33.0891 0x178c  mrxsmb10 - ok
13:20:33.0907 0x178c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:20:33.0969 0x178c  mrxsmb20 - ok
13:20:34.0000 0x178c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:20:34.0047 0x178c  msahci - ok
13:20:34.0094 0x178c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:20:34.0156 0x178c  msdsm - ok
13:20:34.0188 0x178c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:20:34.0297 0x178c  MSDTC - ok
13:20:34.0344 0x178c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:20:34.0578 0x178c  Msfs - ok
13:20:34.0609 0x178c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:20:34.0718 0x178c  mshidkmdf - ok
13:20:34.0765 0x178c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:20:34.0812 0x178c  msisadrv - ok
13:20:34.0858 0x178c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:20:34.0952 0x178c  MSiSCSI - ok
13:20:34.0968 0x178c  msiserver - ok
13:20:35.0014 0x178c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:20:35.0124 0x178c  MSKSSRV - ok
13:20:35.0155 0x178c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:20:35.0248 0x178c  MSPCLOCK - ok
13:20:35.0280 0x178c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:20:35.0389 0x178c  MSPQM - ok
13:20:35.0467 0x178c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:20:35.0576 0x178c  MsRPC - ok
13:20:35.0623 0x178c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:20:35.0670 0x178c  mssmbios - ok
13:20:35.0701 0x178c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:20:35.0794 0x178c  MSTEE - ok
13:20:35.0810 0x178c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:20:35.0950 0x178c  MTConfig - ok
13:20:35.0982 0x178c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:20:36.0044 0x178c  Mup - ok
13:20:36.0106 0x178c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:20:36.0262 0x178c  napagent - ok
13:20:36.0340 0x178c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:20:36.0450 0x178c  NativeWifiP - ok
13:20:36.0590 0x178c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:20:36.0746 0x178c  NDIS - ok
13:20:36.0793 0x178c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:20:36.0886 0x178c  NdisCap - ok
13:20:36.0964 0x178c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:37.0089 0x178c  NdisTapi - ok
13:20:37.0136 0x178c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:37.0308 0x178c  Ndisuio - ok
13:20:37.0339 0x178c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:37.0635 0x178c  NdisWan - ok
13:20:37.0666 0x178c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:20:37.0776 0x178c  NDProxy - ok
13:20:37.0807 0x178c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:20:37.0932 0x178c  NetBIOS - ok
13:20:37.0994 0x178c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:20:38.0197 0x178c  NetBT - ok
13:20:38.0244 0x178c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:20:38.0290 0x178c  Netlogon - ok
13:20:38.0353 0x178c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:20:38.0493 0x178c  Netman - ok
13:20:38.0556 0x178c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:20:38.0634 0x178c  NetMsmqActivator - ok
13:20:38.0696 0x178c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:20:38.0743 0x178c  NetPipeActivator - ok
13:20:38.0883 0x178c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:20:39.0117 0x178c  netprofm - ok
13:20:39.0164 0x178c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:20:39.0211 0x178c  NetTcpActivator - ok
13:20:39.0211 0x178c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:20:39.0273 0x178c  NetTcpPortSharing - ok
13:20:39.0304 0x178c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:20:39.0351 0x178c  nfrd960 - ok
13:20:39.0429 0x178c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:20:39.0538 0x178c  NlaSvc - ok
13:20:39.0632 0x178c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:20:39.0710 0x178c  Npfs - ok
13:20:39.0741 0x178c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:20:39.0897 0x178c  nsi - ok
13:20:39.0928 0x178c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:20:40.0038 0x178c  nsiproxy - ok
13:20:40.0178 0x178c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:20:40.0350 0x178c  Ntfs - ok
13:20:40.0365 0x178c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:20:40.0552 0x178c  Null - ok
13:20:40.0568 0x178c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:20:40.0630 0x178c  nvraid - ok
13:20:40.0662 0x178c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:20:40.0724 0x178c  nvstor - ok
13:20:40.0771 0x178c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:20:40.0833 0x178c  nv_agp - ok
13:20:40.0880 0x178c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:20:40.0958 0x178c  ohci1394 - ok
13:20:41.0067 0x178c  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:41.0145 0x178c  ose64 - ok
13:20:41.0660 0x178c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:20:42.0003 0x178c  osppsvc - ok
13:20:42.0066 0x178c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:20:42.0237 0x178c  p2pimsvc - ok
13:20:42.0284 0x178c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:20:42.0393 0x178c  p2psvc - ok
13:20:42.0424 0x178c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:20:42.0502 0x178c  Parport - ok
13:20:42.0534 0x178c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:20:42.0612 0x178c  partmgr - ok
13:20:42.0658 0x178c  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:20:42.0830 0x178c  PcaSvc - ok
13:20:42.0892 0x178c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:20:42.0955 0x178c  pci - ok
13:20:42.0986 0x178c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:20:43.0033 0x178c  pciide - ok
13:20:43.0080 0x178c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:20:43.0142 0x178c  pcmcia - ok
13:20:43.0189 0x178c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:20:43.0251 0x178c  pcw - ok
13:20:43.0329 0x178c  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:20:43.0438 0x178c  PEAUTH - ok
13:20:43.0626 0x178c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:20:43.0719 0x178c  PerfHost - ok
13:20:43.0797 0x178c  [ C0F1CFCEE7E8AFF3AE0A7F54A7D3D6BE, 683CE2CC459448F2388DD9A9400D021A5ADD2149AA26245910C36D6417FB0D65 ] PFNService      C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
13:20:43.0875 0x178c  PFNService - detected UnsignedFile.Multi.Generic ( 1 )
13:20:53.0984 0x178c  PFNService ( UnsignedFile.Multi.Generic ) - warning
13:20:59.0319 0x178c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:20:59.0506 0x178c  pla - ok
13:20:59.0584 0x178c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:20:59.0740 0x178c  PlugPlay - ok
13:20:59.0787 0x178c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:20:59.0834 0x178c  PNRPAutoReg - ok
13:20:59.0881 0x178c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:20:59.0943 0x178c  PNRPsvc - ok
13:21:00.0006 0x178c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:21:00.0162 0x178c  PolicyAgent - ok
13:21:00.0193 0x178c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:21:00.0318 0x178c  Power - ok
13:21:00.0396 0x178c  [ 843BA5F09A391D52AC1F8486C5FC3D4F, 55952EB06CA88955F8A33856E161D808918B05B143287E267EB69963238F1B98 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
13:21:00.0458 0x178c  PowerSavingUtilityService - ok
13:21:00.0505 0x178c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:21:00.0661 0x178c  PptpMiniport - ok
13:21:00.0692 0x178c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:21:00.0801 0x178c  Processor - ok
13:21:00.0864 0x178c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:21:01.0035 0x178c  ProfSvc - ok
13:21:01.0051 0x178c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:21:01.0129 0x178c  ProtectedStorage - ok
13:21:01.0176 0x178c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:21:01.0316 0x178c  Psched - ok
13:21:01.0597 0x178c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:21:01.0831 0x178c  ql2300 - ok
13:21:01.0862 0x178c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:21:01.0924 0x178c  ql40xx - ok
13:21:01.0987 0x178c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:21:02.0096 0x178c  QWAVE - ok
13:21:02.0127 0x178c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:21:02.0221 0x178c  QWAVEdrv - ok
13:21:02.0252 0x178c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:21:02.0346 0x178c  RasAcd - ok
13:21:02.0408 0x178c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:02.0533 0x178c  RasAgileVpn - ok
13:21:02.0595 0x178c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:21:02.0704 0x178c  RasAuto - ok
13:21:02.0751 0x178c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:02.0860 0x178c  Rasl2tp - ok
13:21:02.0938 0x178c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:21:03.0157 0x178c  RasMan - ok
13:21:03.0188 0x178c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:03.0313 0x178c  RasPppoe - ok
13:21:03.0360 0x178c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:21:03.0516 0x178c  RasSstp - ok
13:21:03.0594 0x178c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:21:03.0812 0x178c  rdbss - ok
13:21:03.0843 0x178c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:21:03.0937 0x178c  rdpbus - ok
13:21:04.0015 0x178c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:04.0140 0x178c  RDPCDD - ok
13:21:04.0171 0x178c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:21:04.0249 0x178c  RDPENCDD - ok
13:21:04.0280 0x178c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:21:04.0374 0x178c  RDPREFMP - ok
13:21:04.0498 0x178c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:21:04.0701 0x178c  RdpVideoMiniport - ok
13:21:04.0795 0x178c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:21:04.0920 0x178c  RDPWD - ok
13:21:04.0982 0x178c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:21:05.0044 0x178c  rdyboost - ok
13:21:05.0091 0x178c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:21:05.0169 0x178c  RemoteAccess - ok
13:21:05.0216 0x178c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:21:05.0310 0x178c  RemoteRegistry - ok
13:21:05.0356 0x178c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:21:05.0450 0x178c  RFCOMM - ok
13:21:05.0481 0x178c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:21:05.0575 0x178c  RpcEptMapper - ok
13:21:05.0590 0x178c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:21:05.0684 0x178c  RpcLocator - ok
13:21:05.0778 0x178c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:21:05.0871 0x178c  RpcSs - ok
13:21:05.0934 0x178c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:21:06.0090 0x178c  rspndr - ok
13:21:06.0121 0x178c  RSUSBSTOR - ok
13:21:06.0214 0x178c  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:21:06.0402 0x178c  RTL8167 - ok
13:21:06.0464 0x178c  RtsUIR - ok
13:21:06.0495 0x178c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:21:06.0542 0x178c  SamSs - ok
13:21:06.0573 0x178c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:21:06.0636 0x178c  sbp2port - ok
13:21:06.0682 0x178c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:21:06.0792 0x178c  SCardSvr - ok
13:21:06.0838 0x178c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:21:06.0979 0x178c  scfilter - ok
13:21:07.0119 0x178c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:21:07.0338 0x178c  Schedule - ok
13:21:07.0384 0x178c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:21:07.0462 0x178c  SCPolicySvc - ok
13:21:07.0556 0x178c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:21:07.0696 0x178c  SDRSVC - ok
13:21:07.0743 0x178c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:21:07.0915 0x178c  secdrv - ok
13:21:07.0946 0x178c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:21:08.0102 0x178c  seclogon - ok
13:21:08.0133 0x178c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:21:08.0274 0x178c  SENS - ok
13:21:08.0352 0x178c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:21:08.0492 0x178c  SensrSvc - ok
13:21:08.0508 0x178c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:21:08.0601 0x178c  Serenum - ok
13:21:08.0648 0x178c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:21:08.0726 0x178c  Serial - ok
13:21:08.0773 0x178c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:21:08.0866 0x178c  sermouse - ok
13:21:08.0944 0x178c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:21:09.0054 0x178c  SessionEnv - ok
13:21:09.0085 0x178c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:21:09.0178 0x178c  sffdisk - ok
13:21:09.0241 0x178c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:21:09.0319 0x178c  sffp_mmc - ok
13:21:09.0350 0x178c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:21:09.0397 0x178c  sffp_sd - ok
13:21:09.0428 0x178c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:21:09.0506 0x178c  sfloppy - ok
13:21:09.0568 0x178c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:21:09.0693 0x178c  SharedAccess - ok
13:21:09.0756 0x178c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:21:09.0896 0x178c  ShellHWDetection - ok
13:21:09.0927 0x178c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:21:09.0958 0x178c  SiSRaid2 - ok
13:21:09.0990 0x178c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:21:10.0036 0x178c  SiSRaid4 - ok
13:21:10.0099 0x178c  [ 544788D536087DAF32B846F10D8392F5, D38C18ED147BE4BC7CE5DB50DA1DEEEBD192E1D615B2A3F3B5957A1421B9A2C2 ] SLEE_17_DRIVER  C:\Windows\Sleen1764.sys
13:21:10.0161 0x178c  SLEE_17_DRIVER - ok
13:21:10.0224 0x178c  [ A42C09C8E60FCDCCE04B722FDD4E8694, 306EB16AFF135760BAEABE42B06F809DFA0949BC6076477F0340C90A219DACCA ] SLEE_18_DRIVER  C:\Windows\Sleen1864.sys
13:21:10.0270 0x178c  SLEE_18_DRIVER - ok
13:21:10.0302 0x178c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:21:10.0380 0x178c  Smb - ok
13:21:10.0411 0x178c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:21:10.0489 0x178c  SNMPTRAP - ok
13:21:10.0520 0x178c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:21:10.0582 0x178c  spldr - ok
13:21:10.0676 0x178c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:21:10.0785 0x178c  Spooler - ok
13:21:10.0988 0x178c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:21:11.0316 0x178c  sppsvc - ok
13:21:11.0347 0x178c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:21:11.0456 0x178c  sppuinotify - ok
13:21:11.0503 0x178c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:21:11.0596 0x178c  srv - ok
13:21:11.0643 0x178c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:21:11.0752 0x178c  srv2 - ok
13:21:11.0784 0x178c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:21:11.0862 0x178c  srvnet - ok
13:21:11.0908 0x178c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:21:12.0064 0x178c  SSDPSRV - ok
13:21:12.0111 0x178c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:21:12.0236 0x178c  SstpSvc - ok
13:21:12.0392 0x178c  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
13:21:12.0517 0x178c  StarMoney 9.0 OnlineUpdate - ok
13:21:12.0564 0x178c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:21:12.0626 0x178c  stexstor - ok
13:21:12.0688 0x178c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:21:12.0813 0x178c  stisvc - ok
13:21:12.0829 0x178c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:21:12.0876 0x178c  swenum - ok
13:21:12.0938 0x178c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:21:13.0110 0x178c  swprv - ok
13:21:13.0172 0x178c  [ 2F827BB08CC7F1A17DF2EAD7B424D731, A4F58318A3439A734425C95A2ABC6D7A8B816BD8563DF272EBB5B7420A7D99BE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:21:13.0250 0x178c  SynTP - ok
13:21:13.0359 0x178c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:21:13.0562 0x178c  SysMain - ok
13:21:13.0609 0x178c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:21:13.0656 0x178c  TabletInputService - ok
13:21:13.0749 0x178c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:21:13.0874 0x178c  TapiSrv - ok
13:21:13.0921 0x178c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:21:14.0014 0x178c  TBS - ok
13:21:14.0217 0x178c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:21:14.0420 0x178c  Tcpip - ok
13:21:14.0560 0x178c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:21:14.0685 0x178c  TCPIP6 - ok
13:21:14.0732 0x178c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:21:14.0794 0x178c  tcpipreg - ok
13:21:14.0826 0x178c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:21:14.0935 0x178c  TDPIPE - ok
13:21:14.0997 0x178c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:21:15.0044 0x178c  TDTCP - ok
13:21:15.0075 0x178c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:21:15.0200 0x178c  tdx - ok
13:21:15.0559 0x178c  [ 5CEF407E235885DB5421DF79C843F2DF, B85D7C8A137B15BDF14DB9588CEDB09C67B0C7965F8E79121E2BA7796B16777C ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
13:21:15.0918 0x178c  TeamViewer9 - ok
13:21:15.0964 0x178c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:21:15.0996 0x178c  TermDD - ok
13:21:16.0120 0x178c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:21:16.0308 0x178c  TermService - ok
13:21:16.0339 0x178c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:21:16.0417 0x178c  Themes - ok
13:21:16.0448 0x178c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:21:16.0542 0x178c  THREADORDER - ok
13:21:16.0588 0x178c  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:21:16.0744 0x178c  TPM - ok
13:21:16.0776 0x178c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:21:16.0854 0x178c  TrkWks - ok
13:21:16.0900 0x178c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:21:17.0025 0x178c  TrustedInstaller - ok
13:21:17.0103 0x178c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:17.0181 0x178c  tssecsrv - ok
13:21:17.0228 0x178c  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:21:17.0306 0x178c  TsUsbFlt - ok
13:21:17.0353 0x178c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:21:17.0400 0x178c  TsUsbGD - ok
13:21:17.0571 0x178c  [ 63369F518E7EF571033DA16DCCA4B2A1, 52A7F4FF59C3EA6092ECF7F1E54D2FB5C3285FE0C3107BD8E78625AF9AE2EB76 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
13:21:17.0852 0x178c  TuneUp.UtilitiesSvc - ok
13:21:17.0977 0x178c  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
13:21:18.0024 0x178c  TuneUpUtilitiesDrv - ok
13:21:18.0055 0x178c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:21:18.0164 0x178c  tunnel - ok
13:21:18.0226 0x178c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:21:18.0258 0x178c  uagp35 - ok
13:21:18.0351 0x178c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:21:18.0570 0x178c  udfs - ok
13:21:18.0663 0x178c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:21:18.0741 0x178c  UI0Detect - ok
13:21:18.0772 0x178c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:21:18.0835 0x178c  uliagpkx - ok
13:21:18.0866 0x178c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:21:18.0928 0x178c  umbus - ok
13:21:18.0960 0x178c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:21:19.0038 0x178c  UmPass - ok
13:21:19.0116 0x178c  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
13:21:19.0162 0x178c  UnlockerDriver5 - ok
13:21:19.0240 0x178c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:21:19.0365 0x178c  upnphost - ok
13:21:19.0396 0x178c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:19.0506 0x178c  usbccgp - ok
13:21:19.0537 0x178c  USBCCID - ok
13:21:19.0568 0x178c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:21:19.0646 0x178c  usbcir - ok
13:21:19.0693 0x178c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:21:19.0740 0x178c  usbehci - ok
13:21:19.0802 0x178c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:21:19.0896 0x178c  usbhub - ok
13:21:19.0927 0x178c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:21:19.0974 0x178c  usbohci - ok
13:21:20.0067 0x178c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:21:20.0145 0x178c  usbprint - ok
13:21:20.0208 0x178c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:21:20.0364 0x178c  usbscan - ok
13:21:20.0395 0x178c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:20.0504 0x178c  USBSTOR - ok
13:21:20.0535 0x178c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:21:20.0598 0x178c  usbuhci - ok
13:21:20.0660 0x178c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:21:20.0754 0x178c  usbvideo - ok
13:21:20.0785 0x178c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:21:20.0910 0x178c  UxSms - ok
13:21:20.0941 0x178c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:21:21.0003 0x178c  VaultSvc - ok
13:21:21.0066 0x178c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:21:21.0159 0x178c  vdrvroot - ok
13:21:21.0222 0x178c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:21:21.0346 0x178c  vds - ok
13:21:21.0456 0x178c  [ D9656445499625B0ED88C0B203F3C16F, D8F9BD924A7200A09C2866C9FB39FE000CCC9F96DA4336903A5EDFF1D33E6627 ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
13:21:21.0502 0x178c  VFPRadioSupportService - ok
13:21:21.0549 0x178c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:21.0596 0x178c  vga - ok
13:21:21.0612 0x178c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:21:21.0705 0x178c  VgaSave - ok
13:21:21.0768 0x178c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:21:21.0830 0x178c  vhdmp - ok
13:21:21.0877 0x178c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:21:21.0939 0x178c  viaide - ok
13:21:21.0986 0x178c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:21:22.0048 0x178c  volmgr - ok
13:21:22.0158 0x178c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:21:22.0220 0x178c  volmgrx - ok
13:21:22.0267 0x178c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:21:22.0329 0x178c  volsnap - ok
13:21:22.0360 0x178c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:21:22.0423 0x178c  vsmraid - ok
13:21:22.0516 0x178c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:21:22.0719 0x178c  VSS - ok
13:21:22.0766 0x178c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:21:22.0844 0x178c  vwifibus - ok
13:21:22.0875 0x178c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:21:22.0969 0x178c  vwififlt - ok
13:21:23.0047 0x178c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:21:23.0203 0x178c  W32Time - ok
13:21:23.0250 0x178c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:21:23.0328 0x178c  WacomPen - ok
13:21:23.0390 0x178c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:21:23.0468 0x178c  WANARP - ok
13:21:23.0484 0x178c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:21:23.0562 0x178c  Wanarpv6 - ok
13:21:23.0780 0x178c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:21:24.0014 0x178c  wbengine - ok
13:21:24.0061 0x178c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:21:24.0170 0x178c  WbioSrvc - ok
13:21:24.0232 0x178c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:21:24.0326 0x178c  wcncsvc - ok
13:21:24.0388 0x178c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:21:24.0498 0x178c  WcsPlugInService - ok
13:21:24.0529 0x178c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:21:24.0591 0x178c  Wd - ok
13:21:24.0654 0x178c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:21:24.0763 0x178c  Wdf01000 - ok
13:21:24.0841 0x178c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:21:25.0090 0x178c  WdiServiceHost - ok
13:21:25.0122 0x178c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:21:25.0168 0x178c  WdiSystemHost - ok
13:21:25.0215 0x178c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:21:25.0356 0x178c  WebClient - ok
13:21:25.0402 0x178c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:21:25.0496 0x178c  Wecsvc - ok
13:21:25.0543 0x178c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:21:25.0636 0x178c  wercplsupport - ok
13:21:25.0668 0x178c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:21:25.0761 0x178c  WerSvc - ok
13:21:25.0808 0x178c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:21:25.0886 0x178c  WfpLwf - ok
13:21:25.0917 0x178c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:21:25.0964 0x178c  WIMMount - ok
13:21:26.0011 0x178c  WinDefend - ok
13:21:26.0058 0x178c  WinHttpAutoProxySvc - ok
13:21:26.0151 0x178c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:21:26.0276 0x178c  Winmgmt - ok
13:21:26.0416 0x178c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:21:26.0619 0x178c  WinRM - ok
13:21:26.0775 0x178c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:21:26.0916 0x178c  Wlansvc - ok
13:21:26.0947 0x178c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:21:27.0040 0x178c  WmiAcpi - ok
13:21:27.0119 0x178c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:21:27.0197 0x178c  wmiApSrv - ok
13:21:27.0243 0x178c  WMPNetworkSvc - ok
13:21:27.0290 0x178c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:21:27.0399 0x178c  WPCSvc - ok
13:21:27.0431 0x178c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:21:27.0493 0x178c  WPDBusEnum - ok
13:21:27.0540 0x178c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:21:27.0633 0x178c  ws2ifsl - ok
13:21:27.0680 0x178c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:21:27.0821 0x178c  wscsvc - ok
13:21:27.0836 0x178c  WSearch - ok
13:21:28.0101 0x178c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:21:28.0335 0x178c  wuauserv - ok
13:21:28.0382 0x178c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:21:28.0460 0x178c  WudfPf - ok
13:21:28.0538 0x178c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:28.0647 0x178c  WUDFRd - ok
13:21:28.0694 0x178c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:21:28.0772 0x178c  wudfsvc - ok
13:21:28.0819 0x178c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:21:28.0928 0x178c  WwanSvc - ok
13:21:28.0991 0x178c  ================ Scan global ===============================
13:21:29.0022 0x178c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:21:29.0069 0x178c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:21:29.0100 0x178c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:21:29.0115 0x178c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:21:29.0178 0x178c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:21:29.0193 0x178c  [ Global ] - ok
13:21:29.0193 0x178c  ================ Scan MBR ==================================
13:21:29.0209 0x178c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:29.0958 0x178c  \Device\Harddisk0\DR0 - ok
13:21:29.0958 0x178c  ================ Scan VBR ==================================
13:21:29.0973 0x178c  [ 7F0044B5CD1B3D702D8B4C642F1C1233 ] \Device\Harddisk0\DR0\Partition1
13:21:29.0989 0x178c  \Device\Harddisk0\DR0\Partition1 - ok
13:21:29.0989 0x178c  ================ Scan generic autorun ======================
13:21:29.0989 0x178c  SynTPEnh - ok
13:21:30.0036 0x178c  [ A93F6D00702900137E4C97C17B01A600, 2B27AEA5D911FD377E948B932D04FCF486931AF397B979416CFE49E38D77E002 ] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
13:21:30.0098 0x178c  FDM7 - ok
13:21:30.0145 0x178c  [ 7F432A24FE9B5FA7747ADCDA4BCEFA94, 5314833A654AF8D881F4C8740681741C93DED169102834FF35E70FDAAC3CE09B ] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
13:21:30.0207 0x178c  LoadFujitsuQuickTouch - ok
13:21:30.0223 0x178c  [ DF808A60C0D1CDE231AFC90C53A80B9E, 5A8DA6DE5D16EC69EFDEAC2AFBF474E6476B4AB8177764F6411A3B068187FC4F ] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
13:21:30.0270 0x178c  LoadBtnHnd - ok
13:21:30.0878 0x178c  [ 0D7CF635D9888072015EBE3B232DFB99, 25F8BB678DA47D4C7D002964597A04EE651E1492C43C217E3987FBC8DA66FDE6 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:21:31.0409 0x178c  RtHDVCpl - ok
13:21:31.0455 0x178c  [ E0EE92CF36B7C48213C3ECC36F97D2D1, 904AA7E8854B086AA44F7BF7965D8FFF0A2A6D261562E693511F87ADABCD3208 ] C:\Windows\system32\igfxtray.exe
13:21:31.0518 0x178c  IgfxTray - ok
13:21:31.0580 0x178c  [ B27C78752257743BAA321E4471A56C14, 2EAB7469B53BD2464937BAAB9DB8F0A6D3A4E83B38C44B49D2AD4966405B1EFE ] C:\Windows\system32\hkcmd.exe
13:21:31.0705 0x178c  HotKeysCmds - ok
13:21:31.0814 0x178c  [ 16849A62DB279CDB891E7D51F9CD097F, D5338FC161049A1CE8BB0B16D66752DDD34D87E98A07E7F72CFB87545DAB2EDE ] C:\Windows\system32\igfxpers.exe
13:21:31.0908 0x178c  Persistence - ok
13:21:31.0970 0x178c  [ 7BB22EED9CFBBADFBC5E27BF8965D10A, 20500B93160ADEB03BDED363589938981D7A144D522C647295E754DD5A7D6D2D ] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
13:21:32.0048 0x178c  LoadFUJ02E3 - ok
13:21:32.0157 0x178c  [ 30DBD9CB0156FBC5EE9D76E32FCE769D, 861C38DB1F685DDA8F8CC28B0C97F147B2C89599147857A441122DCDC5104AE6 ] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
13:21:32.0220 0x178c  IndicatorUtility - ok
13:21:32.0313 0x178c  [ 7A2609473880AE403631D81F3FB9A212, B35453B465706900915030205A5D0DF59B5B3B02A2C973C96B567C5ADDA6D4EF ] C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
13:21:32.0407 0x178c  DeskUpdateNotifier - ok
13:21:32.0485 0x178c  [ 0D916CEB96006EE9FFE670DB3FFEAA73, A1E3C3475E8C507BC6D26A85919EAD8447233C04030A06AAFA68D9EA4C607A1E ] C:\Program Files (x86)\ClocX\ClocX.exe
13:21:32.0594 0x178c  ClocX - detected UnsignedFile.Multi.Generic ( 1 )
13:21:36.0042 0x178c  Detect skipped due to KSN trusted
13:21:36.0042 0x178c  ClocX - ok
13:21:36.0369 0x178c  [ 07AF92553C94A548C38BE54B6A668318, C43269A6F2B7F95290D4ABF9EFDA8E2631408671A7A6E01A06DD90E503467C36 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:21:36.0713 0x178c  AvastUI.exe - ok
13:21:37.0040 0x178c  [ F7F0714EF964652CAF1CA177722AC6DD, 06C8F8AC796F218473BA002A21AD947B13BE5E235CBAC684B209FA6E8C2DC2DE ] c:\program files (x86)\emsisoft anti-malware\a2guard.exe
13:21:37.0383 0x178c  emsisoft anti-malware - ok
13:21:37.0430 0x178c  Sidebar - ok
13:21:37.0477 0x178c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:21:37.0586 0x178c  mctadmin - ok
13:21:37.0586 0x178c  Sidebar - ok
13:21:37.0602 0x178c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:21:37.0664 0x178c  mctadmin - ok
13:21:37.0976 0x178c  [ FC09DC4DB1DB48AAC94D2B42E6BDD27D, 419319D1759ED0E3E915C4973855895D8F2400A78A7BD8432F90C8E5774CE736 ] C:\Program Files\Rainlendar2\Rainlendar2.exe
13:21:38.0288 0x178c  Rainlendar2 - ok
13:21:38.0351 0x178c  [ EB00A4E988042F2CB4855ED1ABB5B5BA, 2865C4D027DE4D835273798B0897F929B118DDE20D94C4B433BD1370BEA140D8 ] C:\Program Files\BatteryBar\ShowBatteryBar.exe
13:21:38.0491 0x178c  ShowBatteryBar - detected UnsignedFile.Multi.Generic ( 1 )
13:21:41.0970 0x178c  Detect skipped due to KSN trusted
13:21:41.0970 0x178c  ShowBatteryBar - ok
13:21:42.0344 0x178c  [ D2DB27182DABB702260922BB42FA3326, 3F2F446582DF841BB656F346C9491BED7AF9D555538A80E80F0DA979A07EE071 ] C:\Program Files\CCleaner\CCleaner64.exe
13:21:42.0734 0x178c  CCleaner Monitoring - ok
13:21:42.0750 0x178c  Waiting for KSN requests completion. In queue: 6
13:21:43.0764 0x178c  Waiting for KSN requests completion. In queue: 6
13:21:44.0778 0x178c  Waiting for KSN requests completion. In queue: 1
13:21:45.0792 0x178c  Waiting for KSN requests completion. In queue: 1
13:21:47.0165 0x178c  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe ( 9.0.0.4570 ), 0x41000 ( enabled : updated )
13:21:47.0180 0x178c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
13:21:47.0180 0x178c  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41010 ( enabled )
13:21:50.0066 0x178c  ============================================================
13:21:50.0066 0x178c  Scan finished
13:21:50.0066 0x178c  ============================================================
13:21:50.0066 0x1764  Detected object count: 1
13:21:50.0066 0x1764  Actual detected object count: 1
13:22:01.0532 0x1764  PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:01.0532 0x1764  PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 20.11.2014, 18:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Unkritisch. TFC gemacht?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.11.2014, 19:42   #5
Ostseewind
 
Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Hallo @schrauber,

TFC hatte ich gemacht, 89MB gelöscht.

Hier die mbam log, nichts gefunden.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.11.2014
Suchlauf-Zeit: 19:27:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2014.11.18.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357510
Verstrichene Zeit: 19 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Adw log

Code:
ATTFilter
# AdwCleaner v4.101 - Bericht erstellt am 20/11/2014 um 19:55:08
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Desktop\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 de)


-\\ Google Chrome v39.0.2171.65


*************************

AdwCleaner[R0].txt - [1577 octets] - [20/11/2014 19:52:18]
AdwCleaner[S0].txt - [1494 octets] - [20/11/2014 19:55:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1554 octets] ##########
         
JRT log

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Admin on 20.11.2014 at 20:02:47,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{04C9098C-A137-41F5-A5E8-AF3DAAA75393}
Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{88DB7499-FEF4-4FE9-A73E-CA2B0220CF8C}



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de"
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\4x5ne04o.default\extensions\engine@conduit(2).com
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\4x5ne04o.default\extensions\{ef522540-89f5-46b9-b6fe-1829e2b572c6}
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\4x5ne04o.default\prefs.js

user_pref("extensions.iobitascsurfingprotection@iobit.com.install-event-fired", true);
user_pref("extensions.smarterwiki.add_related_searches", false);
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\4x5ne04o.default\minidumps [161 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.11.2014 at 20:24:52,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by Admin (administrator) on ADMIN-PC on 20-11-2014 20:36:23
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin &  (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-12] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-01-20] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-03-13] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {15735cfd-2a55-11e2-8e70-e0ca94af79b9} - D:\SETUP.EXE
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {4f5e6cee-2b22-11e2-9d91-e0ca94af79b9} - D:\SETUP.EXE
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-01-20] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-03-13] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {15735cfd-2a55-11e2-8e70-e0ca94af79b9} - D:\SETUP.EXE
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4f5e6cee-2b22-11e2-9d91-e0ca94af79b9} - D:\SETUP.EXE
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fc-hansa.de/
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fc-hansa.de/
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts
HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
Hosts: 127.0.0.1	license.superantispyware.com
Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default
FF DefaultSearchEngine,S: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: hxxp://www.fc-hansa.de/
FF NetworkProxy: "no_proxies_on", "dynhost.inetcam.com,register.inetcam.com,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll No File
FF Plugin HKU\S-1-5-21-2527506857-1470243597-2188628-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin HKU\S-1-5-21-2527506857-1470243597-2188628-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\sgb-ii---gebe--ein---.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\suche-urteil-nach-begriff-auf-sozialgerichtsbarkeitde.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-07]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de_DE@dicts.j3e.de [2014-09-18]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-14]
FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-11-08]
FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2) [2012-11-08]
FF Extension: ColorfulTabs - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-09]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2012-11-08]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(3) [2012-11-08]
FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2012-11-08]
FF Extension: Metal Lion - Vista - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}(2) [2012-11-08]
FF Extension: Tab Preview - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2012-11-08]
FF Extension: InFormEnter - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2013-10-19]
FF Extension: Nautipolis for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}(2) [2012-11-08]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2012-11-08]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: ReminderFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2) [2012-11-08]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}(2) [2012-11-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-08]
FF Extension: Classic Theme Restorer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-30]
FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\personas@christopher.beard.xpi [2013-08-15]
FF Extension: FastestFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\smarterwiki@wikiatic.com.xpi [2012-11-08]
FF Extension: Screengrab  (fix version) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-10-01]
FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-11-12]
FF Extension: Download Status Bar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23]
FF Extension: Show MyIP - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-11-08]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-08]
FF Extension: FootieFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-11-08]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-08]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-15]
FF Extension: Tab Mix Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-11-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-02]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.fc-hansa.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Actual Date) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokomghjcfmiofmackdbpjleianepgih [2014-03-21]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Splendid) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-20]
CHR Extension: (TrafficLight) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-03-21]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Downloadr - Download Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2014-03-21]
CHR Extension: (avast! Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-20]
CHR Extension: (Search View\r\n) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfpkaleocohbmlifdhhmodcpmdhem [2014-03-20]
CHR Extension: (Wetter Weltweit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbmknmpendafnnkibphfmeeljfdomgk [2014-03-20]
CHR Extension: (Erfassen Webseite Screenshot - FireShot) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-03-21]
CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-21]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Clock & Stoppuhr) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenbafpkokgkppmcadhgjinfgapnjko [2014-03-20]
CHR Extension: (Google Calendar Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-12] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-14] (IObit)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-07] (Disc Soft Ltd)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [70256 2011-10-26] (Miray)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 20:36 - 2014-11-20 20:37 - 00032097 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-11-20 19:52 - 2014-11-20 19:55 - 00000000 ____D () C:\AdwCleaner
2014-11-20 19:51 - 2014-11-20 19:51 - 02140160 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.101.exe
2014-11-20 12:02 - 2014-11-20 20:36 - 00000000 ____D () C:\FRST
2014-11-20 12:00 - 2014-11-20 12:00 - 02117120 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-11-20 03:56 - 2014-11-20 03:56 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-19 18:10 - 2014-11-19 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 09:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 21:35 - 2014-11-20 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-18 21:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-18 21:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-18 21:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 12:42 - 2014-11-18 12:42 - 00000375 _____ () C:\Users\Admin\Documents\autoplay_repair.zip
2014-11-17 16:42 - 2014-11-17 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-15 18:19 - 2014-11-15 18:19 - 00079991 _____ () C:\Users\Admin\Documents\silverlight.diagcab
2014-11-14 21:43 - 2014-11-20 20:02 - 00843718 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 21:38 - 2014-11-20 19:56 - 00003332 _____ () C:\Windows\PFRO.log
2014-11-14 21:38 - 2014-11-20 19:56 - 00001008 _____ () C:\Windows\setupact.log
2014-11-14 21:38 - 2014-11-14 21:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 16:25 - 2014-11-14 16:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ABBYY
2014-11-14 16:01 - 2014-11-14 16:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-14 14:16 - 2014-11-14 14:16 - 00139996 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-11-14 14:14 - 2014-11-14 14:32 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-14 12:55 - 2014-11-14 12:55 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-14 12:49 - 2014-11-14 12:49 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin
2014-11-13 00:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 00:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 00:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 00:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 00:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 00:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 00:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 00:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 00:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 00:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 00:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 00:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 00:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 00:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 00:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 00:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 00:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 00:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 00:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 00:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 00:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 00:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 00:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 00:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 00:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 00:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 00:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 00:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 00:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 00:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 00:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 00:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 00:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 00:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 00:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 00:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 00:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 00:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 00:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 00:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 00:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 00:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 00:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 00:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 00:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 00:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 00:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 00:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 00:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 00:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 00:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 00:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 00:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 00:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 00:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 00:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 21:46 - 2014-11-14 15:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-11-12 21:45 - 2014-11-18 22:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader 2.0
2014-11-12 18:03 - 2014-11-12 18:03 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-12 15:40 - 2014-11-12 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-12 15:38 - 2014-11-12 15:37 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-12 15:37 - 2014-11-12 15:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-12 15:36 - 2014-11-12 15:36 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-12 10:05 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:05 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:05 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:05 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:05 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:05 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:05 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:05 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:05 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:04 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:04 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:04 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 01:19 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:19 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 01:19 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 01:19 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:19 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 01:19 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 01:19 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 01:18 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 01:18 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:18 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 01:18 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:18 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 01:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 01:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 01:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 17:54 - 2014-11-05 17:57 - 00000000 ____D () C:\Users\Admin\Documents\Energie sparen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 20:35 - 2014-03-20 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 20:35 - 2014-03-20 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 20:26 - 2014-06-19 10:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-20 20:04 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 20:04 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 20:02 - 2012-11-08 23:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 19:58 - 2013-05-15 11:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spamihilator
2014-11-20 19:58 - 2013-04-02 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-20 19:58 - 2012-11-09 00:40 - 00000000 ____D () C:\Users\Admin\.rainlendar2
2014-11-20 19:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 18:27 - 2012-11-13 16:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TVgenial
2014-11-20 11:43 - 2012-11-09 02:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-11-19 22:03 - 2014-03-13 20:07 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-11-19 19:40 - 2012-11-09 15:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-11-19 01:21 - 2011-02-14 13:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-11-19 01:21 - 2011-02-14 13:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-11-19 01:21 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 21:56 - 2014-01-09 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\entrusted
2014-11-18 21:34 - 2012-11-17 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-18 19:14 - 2012-11-08 23:15 - 00000000 ____D () C:\temp
2014-11-18 12:54 - 2012-11-11 00:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2014-11-17 20:24 - 2013-09-05 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\BOM
2014-11-17 16:17 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-17 10:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-16 22:32 - 2012-11-08 23:19 - 00000000 ____D () C:\Users\Admin\Documents\Urteile
2014-11-14 19:10 - 2012-12-09 19:20 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-11-14 16:01 - 2012-08-27 21:30 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-11-14 14:43 - 2013-08-21 08:12 - 00109672 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 14:41 - 2013-08-21 08:11 - 00419856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 14:40 - 2014-05-01 22:59 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-14 14:40 - 2012-11-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-11-14 14:34 - 2012-11-11 14:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-14 14:34 - 2012-08-27 21:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-14 14:21 - 2012-11-08 23:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-11-14 13:05 - 2012-08-28 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-14 12:51 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\IObit
2014-11-14 12:50 - 2013-09-23 10:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2014-11-14 12:49 - 2014-05-01 22:59 - 00001254 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-11-14 12:49 - 2014-05-01 22:59 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-14 12:47 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 8
2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Zeon
2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Nuance
2014-11-14 12:44 - 2012-08-27 21:28 - 00000000 ____D () C:\ProgramData\Temp
2014-11-14 12:23 - 2012-11-11 23:52 - 00000000 ____D () C:\ProgramData\RFA_Backups
2014-11-14 10:39 - 2014-02-23 15:53 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-11-14 10:39 - 2012-12-24 20:29 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-12 21:58 - 2012-11-09 00:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-12 20:30 - 2014-03-20 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 20:30 - 2014-03-20 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 18:03 - 2012-11-08 23:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:03 - 2012-11-08 23:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 18:03 - 2012-11-08 23:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 16:31 - 2014-04-14 22:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-12 15:37 - 2014-04-17 20:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-12 15:37 - 2013-12-18 08:37 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-12 15:36 - 2014-03-31 00:19 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-12 15:36 - 2013-04-02 12:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-12 14:25 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:21 - 2012-11-10 15:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 10:17 - 2013-08-13 23:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:09 - 2012-11-09 13:38 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:58 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\SG
2014-11-11 07:05 - 2012-11-08 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 00:48 - 2013-11-12 15:26 - 00000000 ____D () C:\Users\Admin\Documents\Microsoft Toolkit v 2.4 BETA 6
2014-11-07 08:05 - 2012-11-09 02:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-11-06 12:07 - 2012-11-09 02:32 - 00001157 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-11-06 12:07 - 2012-11-09 02:32 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 10:13 - 2012-11-11 02:40 - 00000000 ____D () C:\Program Files\BatteryBar
2014-10-31 19:28 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\Strom,Finanzen
2014-10-27 19:48 - 2012-11-08 23:17 - 00000000 ____D () C:\Users\Admin\Documents\JC Lübeck
2014-10-21 17:00 - 2012-11-20 00:42 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-10-21 11:02 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-21 00:44 - 2014-08-23 09:26 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-21 00:43 - 2013-06-28 22:34 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 10:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---
[/CODE]

Addition log

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Admin at 2014-11-20 20:38:15
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2020 Musterbriefe (HKLM-x32\...\2020 Musterbriefe) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Brother MFL-Pro Suite (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{4A3FCC59-5231-4634-882C-BF8B511392C5}) (Version: 0.9.5 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version:  - )
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Flatcast Viewer Plugin 5.3.0.784 (HKLM-x32\...\Flatcast Viewer 5.3_is1) (Version:  - 1 mal 1 Software GmbH)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GIANTS Editor 4.1.7 (HKLM-x32\...\giants_editor_4.1.7_is1) (Version: 4.1.7 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HDClone 4.1 Professional Edition (HKLM-x32\...\HDClone.Professional.4.1.1.1031-{67D3C96E-256B-4739-A8E2-452E354256AB}) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.30 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry First Aid (HKLM\...\Registry First Aid_is1) (Version: 8.0.1 - RoseCitySoftware)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Spamihilator 1.5.0 (64-Bit) (HKLM\...\{A0D450C6-07C4-40C7-8D2B-840565E91987}) (Version: 1.5.0 - Michel Krämer)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{DBE4B37E-4FF1-47AB-964E-DEF9AE2BE945}) (Version: 9.0 - Star Finanz GmbH)
Steganos Live Encryption Engine 17 (HKLM-x32\...\{C2490885-D566-405F-889B-670C6CF0F7F2}) (Version: 17.4.1 - Steganos Software GmbH)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
TVgenial 4.10 (HKLM-x32\...\TVgenial) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Care 365 version 2.13 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.13 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2527506857-1470243597-2188628-1000_Classes\CLSID\{BABBB895-2A46-9F8D-0675-47C14CD8DC6B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-11-2014 15:14:54 IObit Uninstaller restore point
14-11-2014 15:15:31 Removed ABBYY PDF Transformer+.
14-11-2014 15:21:41 Installed MSXML 6.0 Parser
14-11-2014 15:22:18 Installed ABBYY PDF Transformer+.
14-11-2014 16:12:47 IObit Uninstaller restore point
14-11-2014 20:32:37 Removed Microsoft Silverlight
15-11-2014 16:58:45 Removed Microsoft Silverlight
18-11-2014 09:41:45 Windows Update
18-11-2014 11:52:29 18.11.2014
19-11-2014 10:49:37 Windows Update
20-11-2014 03:21:53 IObit Uninstaller restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-11-21 13:25 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	license.superantispyware.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DA7F2DC-FD24-4FDC-8EFD-204F450B8B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {1EE66555-4CF6-4A6C-8FE1-205ADB9FA24B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {35040037-69DE-4DA4-B70A-3AC945807111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {573394D3-D980-4441-9FB2-512267D5D98E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {7E5D6BE3-0DBF-4103-B670-FA04DF7DEA6A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {929A3209-33CA-4821-9200-550C9E3E0AA4} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe [2012-12-06] (WiseCleaner.com)
Task: {96C1FA8A-105E-4A2F-ACA6-96D0E88E272B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AFD00B44-D5F7-41C1-9477-E5B496010B55} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-30] (TuneUp Software)
Task: {CE9B0183-44B2-4378-B09C-A19A8851D0CD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {D687F713-EC7E-4CA3-AFEE-52C8C2CFB1C7} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {DF6CBB72-ADF5-4B57-AA51-92D5990F899B} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {E8896730-5B41-4DCE-AD4A-15C5E403889C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {EF8F8D2E-9EE5-4E90-806E-45E21BE6A4F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {F252A6B8-7F16-47BA-85A2-AA12DB8D2902} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {F72513FD-847C-4B08-93CC-B72240896256} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Registry First Aid auto.job => C:\Program Files\RFA 8\reg1aid64.exe
Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

==================== Loaded Modules (whitelisted) =============

2012-11-08 23:13 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-08-30 08:51 - 2013-08-30 08:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00323584 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00073728 _____ () C:\Program Files\Spamihilator\zlib1.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00380928 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-10-29 16:45 - 2012-10-29 16:45 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 2012\ShellExtension.dll
2014-06-19 10:48 - 2014-10-06 16:53 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-11-20 10:00 - 2014-11-20 10:00 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112000\algo.dll
2014-07-31 12:41 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll
2014-11-12 15:37 - 2014-11-12 15:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AEC0AC81

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2527506857-1470243597-2188628-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2527506857-1470243597-2188628-500 - Administrator - Disabled)
Gast (S-1-5-21-2527506857-1470243597-2188628-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2527506857-1470243597-2188628-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 52%
Total physical RAM: 3892.55 MB
Available physical RAM: 1858.75 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4992.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:378.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A79E64B7)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 21.11.2014, 16:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Gefälschte Rechnung von 1&1 geöffnet

Alt 21.11.2014, 18:57   #7
Ostseewind
 
Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Hallo @schrauber,

Eset log, 1 Found

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8045f242292e524fb6913a93f9d8b5ba
# engine=21206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-21 06:30:08
# local_time=2014-11-21 07:30:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 83 42620 181018698 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 84872 168224458 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 9919 217836896 0 0
# scanned=164770
# found=1
# cleaned=0
# scan_time=6138
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware   
avast! Antivirus        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities 2014   
 Java version out of Date! 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
 Mozilla Thunderbird (31.2.0) 
 Google Chrome (38.0.2125.111) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (Dictionaries...) 
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2guard.exe   
 StarMoney 9.0 S-Edition ouservice StarMoneyOnlineUpdate.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Admin (administrator) on ADMIN-PC on 21-11-2014 19:42:51
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [270336 2007-07-26] (BonSoft)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-13] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-01-20] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-03-13] ()
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {15735cfd-2a55-11e2-8e70-e0ca94af79b9} - D:\SETUP.EXE
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\...\MountPoints2: {4f5e6cee-2b22-11e2-9d91-e0ca94af79b9} - D:\SETUP.EXE
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fc-hansa.de/
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts
HKU\S-1-5-21-2527506857-1470243597-2188628-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2527506857-1470243597-2188628-1000 -> No Name - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
Hosts: 127.0.0.1	license.superantispyware.com
Tcpip\Parameters: [DhcpNameServer] 83.169.185.225 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default
FF DefaultSearchEngine,S: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: hxxp://www.fc-hansa.de/
FF NetworkProxy: "no_proxies_on", "dynhost.inetcam.com,register.inetcam.com,*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll No File
FF Plugin HKU\S-1-5-21-2527506857-1470243597-2188628-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\sgb-ii---gebe--ein---.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\searchplugins\suche-urteil-nach-begriff-auf-sozialgerichtsbarkeitde.xml
FF Extension: German Dictionary - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-07]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\de_DE@dicts.j3e.de [2014-09-18]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-14]
FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-11-08]
FF Extension: Forecastfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(2) [2012-11-08]
FF Extension: ColorfulTabs - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-11-09]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2012-11-08]
FF Extension: FireShot - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(3) [2012-11-08]
FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2) [2012-11-08]
FF Extension: Metal Lion - Vista - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}(2) [2012-11-08]
FF Extension: Tab Preview - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2012-11-08]
FF Extension: InFormEnter - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2013-10-19]
FF Extension: Nautipolis for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}(2) [2012-11-08]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2012-11-08]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: ReminderFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2) [2012-11-08]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}(2) [2012-11-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-11-08]
FF Extension: Classic Theme Restorer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-30]
FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\personas@christopher.beard.xpi [2013-08-15]
FF Extension: FastestFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\smarterwiki@wikiatic.com.xpi [2012-11-08]
FF Extension: Screengrab  (fix version) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-10-01]
FF Extension: Flagfox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-11-12]
FF Extension: Download Status Bar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23]
FF Extension: Show MyIP - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}.xpi [2012-11-08]
FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-08]
FF Extension: FootieFox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012-11-08]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-08]
FF Extension: BetterPrivacy - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-08-15]
FF Extension: Tab Mix Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4x5ne04o.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-11-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-02]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.fc-hansa.de/", "hxxp://www.google.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-20]
CHR Extension: (Actual Date) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokomghjcfmiofmackdbpjleianepgih [2014-03-21]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (Splendid) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-20]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-20]
CHR Extension: (TrafficLight) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-03-21]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-20]
CHR Extension: (Downloadr - Download Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjihnjejboipjmadkpmknccijhibnpfe [2014-03-21]
CHR Extension: (avast! Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-20]
CHR Extension: (Search View\r\n) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfpkaleocohbmlifdhhmodcpmdhem [2014-03-20]
CHR Extension: (Wetter Weltweit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbmknmpendafnnkibphfmeeljfdomgk [2014-03-20]
CHR Extension: (Erfassen Webseite Screenshot - FireShot) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-03-21]
CHR Extension: (FastestFox – Schneller browsen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-03-21]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (Clock & Stoppuhr) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenbafpkokgkppmcadhgjinfgapnjko [2014-03-20]
CHR Extension: (Google Calendar Checker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2014-03-20]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-13] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-12] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-14] (IObit)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-07] (Disc Soft Ltd)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MirayVirtualDisk; C:\Windows\System32\DRIVERS\mvd.sys [70256 2011-10-26] (Miray)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 19:42 - 2014-11-21 19:43 - 00029039 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-11-21 19:42 - 2014-11-21 19:42 - 00001361 _____ () C:\Users\Admin\Desktop\checkup.txt
2014-11-21 19:37 - 2014-11-21 19:37 - 00854414 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2014-11-21 17:29 - 2014-11-21 17:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-21 17:22 - 2014-11-21 17:22 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2014-11-20 12:02 - 2014-11-21 19:43 - 00000000 ____D () C:\FRST
2014-11-20 12:00 - 2014-11-21 19:42 - 02117632 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-11-20 03:56 - 2014-11-20 03:56 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-19 18:10 - 2014-11-19 18:10 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 09:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 09:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 09:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 09:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 21:35 - 2014-11-21 14:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-18 21:34 - 2014-11-18 21:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-18 21:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-18 21:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-18 21:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-18 12:42 - 2014-11-18 12:42 - 00000375 _____ () C:\Users\Admin\Documents\autoplay_repair.zip
2014-11-17 16:42 - 2014-11-17 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-17 16:41 - 2014-11-17 16:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-15 18:19 - 2014-11-15 18:19 - 00079991 _____ () C:\Users\Admin\Documents\silverlight.diagcab
2014-11-14 21:43 - 2014-11-21 19:07 - 00902862 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 21:38 - 2014-11-21 14:42 - 00001232 _____ () C:\Windows\setupact.log
2014-11-14 21:38 - 2014-11-20 19:56 - 00003332 _____ () C:\Windows\PFRO.log
2014-11-14 21:38 - 2014-11-14 21:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 16:25 - 2014-11-14 16:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ABBYY
2014-11-14 16:01 - 2014-11-14 16:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-14 14:16 - 2014-11-14 14:16 - 00139996 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-11-14 14:14 - 2014-11-14 14:32 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-14 12:55 - 2014-11-14 12:55 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-11-14 12:51 - 2014-11-14 12:51 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-14 12:49 - 2014-11-14 12:49 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Admin
2014-11-13 00:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 00:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 00:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 00:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 00:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 00:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 00:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 00:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 00:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 00:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 00:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 00:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 00:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 00:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 00:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 00:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 00:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 00:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 00:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 00:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 00:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 00:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 00:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 00:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 00:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 00:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 00:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 00:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 00:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 00:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 00:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 00:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 00:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 00:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 00:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 00:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 00:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 00:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 00:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 00:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 00:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 00:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 00:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 00:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 00:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 00:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 00:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 00:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 00:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 00:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 00:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 00:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 00:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 00:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 00:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 00:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 21:46 - 2014-11-14 15:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-11-12 21:45 - 2014-11-21 17:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\JDownloader 2.0
2014-11-12 18:03 - 2014-11-12 18:03 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-12 15:40 - 2014-11-12 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-12 15:38 - 2014-11-12 15:37 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-12 15:37 - 2014-11-12 15:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-12 15:36 - 2014-11-12 15:36 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-12 10:05 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:05 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:05 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:05 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:05 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:05 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:05 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:05 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:05 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:04 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:04 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:04 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 01:19 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 01:19 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:19 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:19 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 01:19 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 01:19 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:19 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 01:19 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 01:19 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 01:18 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 01:18 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:18 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 01:18 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:18 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 01:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 01:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 01:18 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 01:18 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 01:18 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 17:54 - 2014-11-05 17:57 - 00000000 ____D () C:\Users\Admin\Documents\Energie sparen

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 19:35 - 2014-03-20 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 19:02 - 2012-11-08 23:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 19:00 - 2012-12-09 19:20 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2014-11-21 18:46 - 2014-06-19 10:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-21 17:27 - 2011-02-14 13:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-11-21 17:27 - 2011-02-14 13:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-11-21 17:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 16:09 - 2013-05-15 11:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spamihilator
2014-11-21 14:50 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 14:50 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 14:44 - 2012-11-09 00:40 - 00000000 ____D () C:\Users\Admin\.rainlendar2
2014-11-21 14:42 - 2014-03-20 12:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 14:42 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-21 14:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 12:31 - 2013-04-02 12:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-21 08:55 - 2012-11-13 16:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TVgenial
2014-11-21 08:50 - 2012-11-09 02:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-11-19 22:03 - 2014-03-13 20:07 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 S-Edition
2014-11-19 19:40 - 2012-11-09 15:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-11-18 21:56 - 2014-01-09 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\entrusted
2014-11-18 21:34 - 2012-11-17 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-18 19:14 - 2012-11-08 23:15 - 00000000 ____D () C:\temp
2014-11-18 12:54 - 2012-11-11 00:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2014-11-17 20:24 - 2013-09-05 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\BOM
2014-11-17 16:17 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-17 10:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-16 22:32 - 2012-11-08 23:19 - 00000000 ____D () C:\Users\Admin\Documents\Urteile
2014-11-14 16:01 - 2012-08-27 21:30 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-11-14 14:43 - 2013-08-21 08:12 - 00109672 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 14:41 - 2013-08-21 08:11 - 00419856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 14:40 - 2014-05-01 22:59 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-14 14:40 - 2012-11-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Nuance
2014-11-14 14:34 - 2012-11-11 14:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-14 14:34 - 2012-08-27 21:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-14 14:21 - 2012-11-08 23:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-11-14 13:05 - 2012-08-28 06:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-14 12:51 - 2014-05-01 22:59 - 00000000 ____D () C:\ProgramData\IObit
2014-11-14 12:50 - 2013-09-23 10:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2014-11-14 12:49 - 2014-05-01 22:59 - 00001254 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-11-14 12:49 - 2014-05-01 22:59 - 00001230 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-14 12:47 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 8
2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Zeon
2014-11-14 12:45 - 2012-11-09 20:04 - 00000000 ____D () C:\ProgramData\Nuance
2014-11-14 12:44 - 2012-08-27 21:28 - 00000000 ____D () C:\ProgramData\Temp
2014-11-14 12:23 - 2012-11-11 23:52 - 00000000 ____D () C:\ProgramData\RFA_Backups
2014-11-14 10:39 - 2014-02-23 15:53 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-11-14 10:39 - 2012-12-24 20:29 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-12 21:58 - 2012-11-09 00:21 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-12 20:30 - 2014-03-20 12:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 20:30 - 2014-03-20 12:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 18:03 - 2012-11-08 23:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 18:03 - 2012-11-08 23:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 18:03 - 2012-11-08 23:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 16:31 - 2014-04-14 22:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-12 15:37 - 2014-04-17 20:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-12 15:37 - 2013-12-18 08:37 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-12 15:37 - 2013-04-02 12:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-12 15:36 - 2014-03-31 00:19 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-12 15:36 - 2013-04-02 12:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-12 14:25 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:21 - 2012-11-10 15:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 10:17 - 2013-08-13 23:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:09 - 2012-11-09 13:38 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:58 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\SG
2014-11-11 07:05 - 2012-11-08 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 00:48 - 2013-11-12 15:26 - 00000000 ____D () C:\Users\Admin\Documents\Microsoft Toolkit v 2.4 BETA 6
2014-11-07 08:05 - 2012-11-09 02:32 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-11-06 12:07 - 2012-11-09 02:32 - 00001157 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-11-06 12:07 - 2012-11-09 02:32 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 10:13 - 2012-11-11 02:40 - 00000000 ____D () C:\Program Files\BatteryBar
2014-10-31 19:28 - 2012-11-08 23:18 - 00000000 ____D () C:\Users\Admin\Documents\Strom,Finanzen
2014-10-27 19:48 - 2012-11-08 23:17 - 00000000 ____D () C:\Users\Admin\Documents\JC Lübeck

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\proxy_vole8171031936177747910.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-17 10:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---
[/CODE]


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Admin at 2014-11-21 19:44:15
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2020 Musterbriefe (HKLM-x32\...\2020 Musterbriefe) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (HKLM-x32\...\{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}) (Version: 7.11.13 - AGEIA Technologies, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Brother MFL-Pro Suite (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.00 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{4A3FCC59-5231-4634-882C-BF8B511392C5}) (Version: 0.9.5 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
ClocX (1.5b2) (HKLM-x32\...\ClocX) (Version:  - )
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
concept/design Video Jukebox (HKLM-x32\...\{37569A10-CB38-4615-8B32-0BF9FF5D887D}_is1) (Version: 1.3.0.0 - concept/design GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0335 - Disc Soft Ltd)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
Flatcast Viewer Plugin 5.3.0.784 (HKLM-x32\...\Flatcast Viewer 5.3_is1) (Version:  - 1 mal 1 Software GmbH)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
GIANTS Editor 4.1.7 (HKLM-x32\...\giants_editor_4.1.7_is1) (Version: 4.1.7 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}) (Version: 7.0.1.8244 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HDClone 4.1 Professional Edition (HKLM-x32\...\HDClone.Professional.4.1.1.1031-{67D3C96E-256B-4739-A8E2-452E354256AB}) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.30 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
POIbase 1.071 (HKLM-x32\...\POIbase_is1) (Version:  - POIbase)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Registry First Aid (HKLM\...\Registry First Aid_is1) (Version: 8.0.1 - RoseCitySoftware)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Spamihilator 1.5.0 (64-Bit) (HKLM\...\{A0D450C6-07C4-40C7-8D2B-840565E91987}) (Version: 1.5.0 - Michel Krämer)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney 9.0 S-Edition (HKLM-x32\...\{DBE4B37E-4FF1-47AB-964E-DEF9AE2BE945}) (Version: 9.0 - Star Finanz GmbH)
Steganos Live Encryption Engine 17 (HKLM-x32\...\{C2490885-D566-405F-889B-670C6CF0F7F2}) (Version: 17.4.1 - Steganos Software GmbH)
Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0.5 - Steganos Software GmbH)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2013.181 - TuneUp Software) Hidden
TVgenial 4.10 (HKLM-x32\...\TVgenial) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1420 - 1&1 Mail & Media GmbH)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Care 365 version 2.13 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.13 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2527506857-1470243597-2188628-1000_Classes\CLSID\{BABBB895-2A46-9F8D-0675-47C14CD8DC6B}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-11-2014 15:14:54 IObit Uninstaller restore point
14-11-2014 15:15:31 Removed ABBYY PDF Transformer+.
14-11-2014 15:21:41 Installed MSXML 6.0 Parser
14-11-2014 15:22:18 Installed ABBYY PDF Transformer+.
14-11-2014 16:12:47 IObit Uninstaller restore point
14-11-2014 20:32:37 Removed Microsoft Silverlight
15-11-2014 16:58:45 Removed Microsoft Silverlight
18-11-2014 09:41:45 Windows Update
18-11-2014 11:52:29 18.11.2014
19-11-2014 10:49:37 Windows Update
20-11-2014 03:21:53 IObit Uninstaller restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-11-21 13:25 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	license.superantispyware.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DA7F2DC-FD24-4FDC-8EFD-204F450B8B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {1EE66555-4CF6-4A6C-8FE1-205ADB9FA24B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {35040037-69DE-4DA4-B70A-3AC945807111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {573394D3-D980-4441-9FB2-512267D5D98E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-20] (Google Inc.)
Task: {7E5D6BE3-0DBF-4103-B670-FA04DF7DEA6A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {929A3209-33CA-4821-9200-550C9E3E0AA4} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe [2012-12-06] (WiseCleaner.com)
Task: {96C1FA8A-105E-4A2F-ACA6-96D0E88E272B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AFD00B44-D5F7-41C1-9477-E5B496010B55} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-30] (TuneUp Software)
Task: {CE9B0183-44B2-4378-B09C-A19A8851D0CD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {D687F713-EC7E-4CA3-AFEE-52C8C2CFB1C7} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-14] (IObit)
Task: {DF6CBB72-ADF5-4B57-AA51-92D5990F899B} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {E8896730-5B41-4DCE-AD4A-15C5E403889C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {EF8F8D2E-9EE5-4E90-806E-45E21BE6A4F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {F252A6B8-7F16-47BA-85A2-AA12DB8D2902} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {F72513FD-847C-4B08-93CC-B72240896256} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Registry First Aid auto.job => C:\Program Files\RFA 8\reg1aid64.exe
Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-10-29 16:45 - 2012-10-29 16:45 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 2012\ShellExtension.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-11-08 23:13 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-08-30 08:51 - 2013-08-30 08:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00323584 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-01-20 08:48 - 2014-01-20 08:48 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-01-04 18:35 - 2014-01-04 18:35 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00073728 _____ () C:\Program Files\Spamihilator\zlib1.dll
2013-05-15 11:51 - 2013-05-15 11:51 - 00380928 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2014-06-19 10:48 - 2014-10-06 16:53 - 00775400 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-11-21 12:32 - 2014-11-21 12:32 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14112100\algo.dll
2014-07-31 12:41 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 S-Edition\ouservice\PATCHW32.dll
2014-11-12 15:37 - 2014-11-12 15:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-10 17:27 - 2014-11-10 17:27 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AEC0AC81

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53671882.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78539563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2527506857-1470243597-2188628-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2527506857-1470243597-2188628-500 - Administrator - Disabled)
Gast (S-1-5-21-2527506857-1470243597-2188628-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2527506857-1470243597-2188628-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 07:35:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/21/2014 05:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/21/2014 05:29:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/21/2014 05:24:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/21/2014 05:22:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/21/2014 05:22:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/21/2014 02:43:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 00:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 07:41:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/21/2014 02:43:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (11/21/2014 07:35:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/21/2014 05:29:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe

Error: (11/21/2014 05:29:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe

Error: (11/21/2014 05:24:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe

Error: (11/21/2014 05:22:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe

Error: (11/21/2014 05:22:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Admin\Desktop\esetsmartinstaller_deu.exe

Error: (11/21/2014 02:43:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 00:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 07:41:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 55%
Total physical RAM: 3892.55 MB
Available physical RAM: 1733.44 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4729.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:376.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A79E64B7)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 22.11.2014, 12:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Java updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.11.2014, 17:45   #9
Ostseewind
 
Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Hallo @schrauber,

ich bedanke mich vielmals für Deine kompetente Hilfe.

Deine Hinweise werde ich auf alle Fälle beachten.

Geändert von Ostseewind (22.11.2014 um 18:44 Uhr)

Alt 23.11.2014, 13:46   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Gefälschte Rechnung von 1&1 geöffnet - Standard

Gefälschte Rechnung von 1&1 geöffnet



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Gefälschte Rechnung von 1&1 geöffnet
adobe, adware, antivirus, autokms, avast, browser, converter, defender, device driver, explorer, firefox, firefox 33.1, flash player, gefälschte rechnung von 1&1 geöffnet, home, homepage, installation, mozilla, object, realtek, registry, security, services.exe, software, starmoney, svchost.exe, system, trojan, vista, windows



Ähnliche Themen: Gefälschte Rechnung von 1&1 geöffnet


  1. gefälschte Rechnung von Vodaphone mit falschem Link zur angeblichen .pdf-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (9)
  2. Gefälschte Telekom Email geöffnet
    Plagegeister aller Art und deren Bekämpfung - 28.11.2014 (7)
  3. RG_502648127.zip. Auf Mac soeben 1und1 gefälschte Rechnung geöffnet und zip geladen - was nun?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2014 (3)
  4. gefälschte Vodafone-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (11)
  5. Gefälschte Telekom Rechnung (E-Mail) geöffnet
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (3)
  6. RG_502648127.zip. Auf Mac soeben 1und1 gefälschte Rechnung geöffnet und zip geladen - was nun?
    Log-Analyse und Auswertung - 20.11.2014 (5)
  7. Gefälschte Rechnung geöffnet (rtf Datei)
    Log-Analyse und Auswertung - 07.08.2014 (5)
  8. A1 rtf Rechnung in Word geöffnet
    Plagegeister aller Art und deren Bekämpfung - 11.07.2014 (3)
  9. Windows 7: gefälschte Paypal Rechnung geöffnet.
    Log-Analyse und Auswertung - 07.07.2014 (9)
  10. Gefälschte Rechnung Betrugs Email ! Wer kann helfen :( RECHNUNGSSTELLE
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (10)
  11. Gefälschte Telekom Rechnung erhalten und auf Download Link geklickt - wahrscheinlich Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (14)
  12. Gefälschte und Telekom-Email und Link unachtsam geöffnet - Trojaner o.ä. eingefangen?
    Log-Analyse und Auswertung - 30.01.2014 (21)
  13. Windows 8.1 - Gefälschte Telefonrechnung geöffnet - Trojaner?
    Log-Analyse und Auswertung - 24.01.2014 (7)
  14. gefälschte Telekom Email geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (1)
  15. Gefälschte Groupon Email mit Zip Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (13)
  16. Gefälschte Vodafone Rechnung geöffnet, bin ich jetzt mit duqu Virus infiziert???
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (12)
  17. Spam-Mails: gefälschte Rechnung-Online / T-Com
    Plagegeister aller Art und deren Bekämpfung - 15.11.2004 (1)

Zum Thema Gefälschte Rechnung von 1&1 geöffnet - Hallo, habe aus Unachtsamkeit eine Rechnung im Mail Anhang geöffnet. Hab danach den Rechner gescannt mit Emisoft, es wurde auch etwas gefunden, hab es dann mit Emisoft gelöscht. Danach nochmal - Gefälschte Rechnung von 1&1 geöffnet...
Archiv
Du betrachtest: Gefälschte Rechnung von 1&1 geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.