Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Gdata Fund : Zugriff verweigert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 09.01.2015, 14:02   #1
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Hallo,

ich habe beim heutigen Virenscan folgendes Ergebnis erhalten:

Code:
ATTFilter
Virenprüfung mit G DATA INTERNET SECURITY
Version 25.0.2.3 (26.09.2014)
Virensignaturen vom 09.01.2015
Startzeit: 09.01.2015 13:23:56
Engine(s): Engine A (AVA 24.5982), Engine B (GD 25.4464)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 09.01.2015 13:27:24
    198999 Dateien überprüft
    0 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden


Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\CSC\v2.0.6\temp\ea-{e470ab33-8674-11e0-824d-adb55d1d1283}
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9717db30490bcae53bf67b633d15899_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\Syscache.hve
C:\System Volume Information\Syscache.hve.LOG1
C:\System Volume Information\Syscache.hve.LOG2
C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog
C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog
C:\Users\User\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow
         
Was kann muss ich wegen der Daten mit Zugriffsverweigerung tun?

Alt 09.01.2015, 14:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.01.2015, 14:42   #3
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 14:20:14
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
() C:\Windows\DAODx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVK.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByBzz0A0AyCtAyCtGyB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0E0BtC0AzzzyyEyEtBtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0CyB0EtDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q&cr=1895202918&ir=
SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByBzz0A0AyCtAyCtGyB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0E0BtC0AzzzyyEyEtBtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0CyB0EtDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q&cr=1895202918&ir=
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Tcpip\..\Interfaces\{1F8D4A49-6648-458B-8414-890EAE2121DC}: [NameServer] 217.0.43.17 217.0.43.49

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\ixquick-https---deutsch.xml
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Cliqz Beta - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\cliqz@cliqz.com.xpi [2014-09-09]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2014-11-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-10] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 14:20 - 2015-01-09 14:20 - 00013254 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-09 14:19 - 2015-01-09 14:20 - 00000000 ____D () C:\FRST
2015-01-09 14:19 - 2015-01-09 14:19 - 02124288 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-09 13:57 - 2015-01-09 13:57 - 00000000 ____D () C:\Users\User\Documents\Gdata
2015-01-09 13:01 - 2015-01-09 14:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 13:01 - 2015-01-09 13:01 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 13:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 12:50 - 2015-01-09 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-08 20:44 - 2015-01-08 20:44 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-08 20:44 - 2015-01-08 20:44 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-08 20:42 - 2015-01-09 12:59 - 00000000 ___DC () C:\Program Files (x86)\NCH Software
2015-01-08 20:42 - 2015-01-08 20:42 - 01581592 _____ (NCH Software) C:\Users\User\Downloads\Kamera.exe
2015-01-02 12:45 - 2015-01-02 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-02 12:35 - 2015-01-02 12:35 - 00000000 ____D () C:\ProgramData\Nikon
2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\Users\User\Downloads\Nikon 1
2014-12-31 13:34 - 2014-12-31 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-31 13:33 - 2014-12-31 13:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-31 13:32 - 2014-12-31 13:33 - 00000000 ___DC () C:\Program Files\Common Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00002057 _____ () C:\Users\Public\Desktop\ViewNX 2.lnk
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\ProgramData\Organic
2014-12-31 13:32 - 2014-12-31 13:32 - 00000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-12-31 13:32 - 2014-12-31 13:32 - 00000012 ___RH () C:\ProgramData\Pianos and Keyboards
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ___DC () C:\Program Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-12-31 13:31 - 2014-12-31 13:34 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-12-31 13:31 - 2014-12-31 13:31 - 00002176 _____ () C:\Users\Public\Desktop\Short Movie Creator.lnk
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature Sounds
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Multipressor
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Organs
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Noise Gate
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Pipe Organ
2014-12-31 13:31 - 2014-12-31 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Short Movie Creator
2014-12-31 13:30 - 2014-12-31 13:34 - 00000000 ___DC () C:\Program Files (x86)\Nikon
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Ultima_T15
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\EnterNHelp
2014-12-31 13:30 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Piano Hard
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Percussion Kit
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\NetServices
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\ProgramData\Overdrive
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeu.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Robot
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Plants
2014-12-31 13:29 - 2014-12-31 13:29 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 13:28 - 2014-12-31 13:28 - 00001853 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ___DC () C:\Program Files (x86)\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-31 13:27 - 2014-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2014-12-18 09:50 - 2014-12-18 11:42 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:50 - 2014-12-18 11:42 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 10:08 - 2014-12-15 10:08 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2014-12-15 10:07 - 2014-12-15 10:07 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-12-15 10:02 - 2014-12-15 10:02 - 01177424 _____ () C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe
2014-12-12 03:15 - 2014-12-12 03:15 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:01 - 2014-12-12 03:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:01 - 2014-12-12 03:01 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 15:30 - 2014-12-12 03:04 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 15:30 - 2014-12-12 03:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 13:54 - 2014-03-22 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 13:23 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 13:23 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 13:22 - 2009-07-14 18:58 - 09451486 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 13:22 - 2009-07-14 18:58 - 02876944 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 13:22 - 2009-07-14 06:13 - 00006536 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 13:19 - 2011-05-25 03:18 - 01234731 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 13:15 - 2014-11-17 16:59 - 00008124 _____ () C:\Windows\PFRO.log
2015-01-09 13:15 - 2014-10-13 14:27 - 00011580 _____ () C:\Windows\setupact.log
2015-01-09 13:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\systweak
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\systweak
2015-01-09 13:14 - 2014-03-24 10:51 - 00000000 ___DC () C:\Program Files (x86)\SearchProtect
2015-01-09 13:14 - 2014-03-14 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\systweak
2015-01-09 13:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-09 12:49 - 2014-09-22 23:57 - 00000000 ____D () C:\Users\User\Downloads\Antivirentools
2015-01-08 23:28 - 2014-03-30 16:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-08 23:05 - 2014-03-27 20:02 - 00000000 ___DC () C:\Program Files (x86)\StarMoney 9.0
2015-01-02 12:45 - 2014-03-30 16:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-02 12:44 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-12-31 14:08 - 2014-03-14 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-31 13:34 - 2011-05-25 03:25 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 13:31 - 2003-03-18 19:05 - 00106496 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2014-12-16 08:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:15 - 2014-04-24 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:04 - 2014-03-21 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 03:04 - 2013-07-15 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2013-07-14 16:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 15:23 - 2014-08-25 17:14 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-11 15:23 - 2014-03-22 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 15:22 - 2014-03-22 08:18 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 15:22 - 2014-03-22 08:18 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:26 - 2014-03-19 20:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\tmd_34011268.exe
C:\Users\User\AppData\Local\Temp\tmd_34013928.exe
C:\Users\User\AppData\Local\Temp\tmd_34018826.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:03

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by User at 2015-01-09 14:20:45
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Any Video Converter 5.7.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Short Movie Creator (HKLM-x32\...\{B2817391-97C2-4A88-A952-14920594BD62}) (Version: 1.3.0 - Nikon)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{A0989FD5-B866-4217-8F08-4846AC5BE4B0}) (Version: 9.0 - Star Finanz GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\{BAD965D8-EAB0-4177-A728-1541797CEF9F}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D8C8CE6-8760-4682-AD17-3757F00381D3} - System32\Tasks\{E5377033-A609-4846-97DB-DAC41DA52E9C} => pcalua.exe -a "C:\Users\User\Desktop\Virenscanner (bitte installieren!)\GDATA 2014 Internet Security Vollversion - Installation starten.exe" -d "C:\Users\User\Desktop\Virenscanner (bitte installieren!)"
Task: {21B1F005-8405-484C-A734-BAFA294ED322} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {51F24C46-BA26-4763-B4A6-0D39005F59C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {59B101E8-CE48-48E3-9C6B-DB33772F8576} - System32\Tasks\{E7067897-0BAC-4CB2-9F86-A61330EBD0E0} => pcalua.exe -a "C:\Users\User\Downloads\Treiber und Software\delinf_10190 Treiberdeinstallation.EXE" -d "C:\Users\User\Downloads\Treiber und Software"
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION
Task: {AF61CFDD-CF2F-488A-9B81-E9566839249B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D62BEAE9-2F3F-41B5-BD9B-37072200D163} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D98416E4-07C5-465B-B7D5-848EA11C4AC4} - System32\Tasks\Install_SSD => C:\Users\Default\AppData\Roaming\systweak\ssd\SSDPTstub.exe
Task: {F854F29A-68FD-4D79-8F65-534FB2BC8428} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-03-30 07:32 - 2009-03-30 07:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____C () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2006-09-19 08:07 - 2006-09-19 08:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2014-03-27 20:21 - 2007-05-31 07:38 - 00167936 ____C () C:\Windows\SysWOW64\SerialXP.dll
2014-08-04 13:53 - 2011-01-13 10:44 - 00232800 ____C () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-12-09 19:19 - 2014-12-09 19:19 - 03758192 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3928150652-2756980015-3035233101-500 - Administrator - Disabled)
Gast (S-1-5-21-3928150652-2756980015-3035233101-501 - Limited - Disabled)
User (S-1-5-21-3928150652-2756980015-3035233101-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 01:25:56 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (01/09/2015 01:22:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/09/2015 01:22:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/09/2015 01:22:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/09/2015 01:10:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/09/2015 01:10:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/09/2015 01:10:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/09/2015 10:53:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/09/2015 10:53:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/09/2015 10:53:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (01/09/2015 01:02:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎01.‎2015 um 13:01:13 unerwartet heruntergefahren.

Error: (01/09/2015 00:58:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (01/09/2015 00:58:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/08/2015 10:08:47 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/05/2015 04:02:32 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/02/2015 00:36:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/31/2014 00:49:14 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/30/2014 01:04:42 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/28/2014 01:36:26 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/19/2014 05:06:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (03/25/2014 04:48:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: AMD A8-5600K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 28%
Total physical RAM: 7348.88 MB
Available physical RAM: 5227.57 MB
Total Pagefile: 14695.93 MB
Available Pagefile: 12088.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:466.07 GB) (Free:407.06 GB) NTFS
Drive f: (Privat) (Fixed) (Total:465.34 GB) (Free:464.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0DA7C2E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 09.01.2015, 14:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 15:42   #5
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Code:
ATTFilter
15:13:56.0856 0x1568  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
15:14:25.0241 0x1568  ============================================================
15:14:25.0241 0x1568  Current date / time: 2015/01/09 15:14:25.0241
15:14:25.0241 0x1568  SystemInfo:
15:14:25.0241 0x1568  
15:14:25.0241 0x1568  OS Version: 6.1.7601 ServicePack: 1.0
15:14:25.0241 0x1568  Product type: Workstation
15:14:25.0241 0x1568  ComputerName: USER-PC
15:14:25.0241 0x1568  UserName: User
15:14:25.0241 0x1568  Windows directory: C:\Windows
15:14:25.0241 0x1568  System windows directory: C:\Windows
15:14:25.0241 0x1568  Running under WOW64
15:14:25.0241 0x1568  Processor architecture: Intel x64
15:14:25.0241 0x1568  Number of processors: 4
15:14:25.0241 0x1568  Page size: 0x1000
15:14:25.0241 0x1568  Boot type: Normal boot
15:14:25.0241 0x1568  ============================================================
15:14:26.0471 0x1568  KLMD registered as C:\Windows\system32\drivers\64166718.sys
15:14:26.0741 0x1568  System UUID: {FE57EF47-BA9A-8745-7445-3F5720120C2F}
15:14:27.0261 0x1568  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:14:27.0271 0x1568  ============================================================
15:14:27.0271 0x1568  \Device\Harddisk0\DR0:
15:14:27.0271 0x1568  MBR partitions:
15:14:27.0271 0x1568  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:14:27.0271 0x1568  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x3A422DB0
15:14:27.0271 0x1568  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A456000, BlocksNum 0x3A2B0000
15:14:27.0271 0x1568  ============================================================
15:14:27.0291 0x1568  C: <-> \Device\Harddisk0\DR0\Partition2
15:14:27.0311 0x1568  F: <-> \Device\Harddisk0\DR0\Partition3
15:14:27.0311 0x1568  ============================================================
15:14:27.0311 0x1568  Initialize success
15:14:27.0311 0x1568  ============================================================
15:15:23.0031 0x02d4  ============================================================
15:15:23.0031 0x02d4  Scan started
15:15:23.0031 0x02d4  Mode: Manual; SigCheck; TDLFS; 
15:15:23.0031 0x02d4  ============================================================
15:15:23.0031 0x02d4  KSN ping started
15:15:41.0241 0x02d4  KSN ping finished: true
15:15:42.0201 0x02d4  ================ Scan system memory ========================
15:15:42.0201 0x02d4  System memory - ok
15:15:42.0201 0x02d4  ================ Scan services =============================
15:15:42.0341 0x02d4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:15:42.0411 0x02d4  1394ohci - ok
15:15:42.0451 0x02d4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:15:42.0471 0x02d4  ACPI - ok
15:15:42.0481 0x02d4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:15:42.0501 0x02d4  AcpiPmi - ok
15:15:42.0571 0x02d4  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:15:42.0601 0x02d4  AdobeARMservice - ok
15:15:42.0721 0x02d4  [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:15:42.0741 0x02d4  AdobeFlashPlayerUpdateSvc - ok
15:15:42.0771 0x02d4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:15:42.0791 0x02d4  adp94xx - ok
15:15:42.0811 0x02d4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:15:42.0831 0x02d4  adpahci - ok
15:15:42.0851 0x02d4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:15:42.0871 0x02d4  adpu320 - ok
15:15:42.0891 0x02d4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:15:42.0921 0x02d4  AeLookupSvc - ok
15:15:42.0991 0x02d4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:15:43.0031 0x02d4  AFD - ok
15:15:43.0051 0x02d4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:15:43.0071 0x02d4  agp440 - ok
15:15:43.0071 0x02d4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:15:43.0091 0x02d4  ALG - ok
15:15:43.0121 0x02d4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:15:43.0131 0x02d4  aliide - ok
15:15:43.0171 0x02d4  [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:15:43.0191 0x02d4  AMD External Events Utility - ok
15:15:43.0211 0x02d4  [ 05120427227F6F088ECA75942ED7ACA9, BD25436EB43C6718F5E6A4C3C24831189D3A893DC87AA0ADED993B7C3126F2E9 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
15:15:43.0221 0x02d4  amdhub30 - ok
15:15:43.0251 0x02d4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:15:43.0261 0x02d4  amdide - ok
15:15:43.0281 0x02d4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:15:43.0291 0x02d4  AmdK8 - ok
15:15:43.0701 0x02d4  [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:44.0001 0x02d4  amdkmdag - ok
15:15:44.0051 0x02d4  [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:15:44.0081 0x02d4  amdkmdap - ok
15:15:44.0101 0x02d4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:15:44.0121 0x02d4  AmdPPM - ok
15:15:44.0141 0x02d4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:15:44.0151 0x02d4  amdsata - ok
15:15:44.0171 0x02d4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:15:44.0191 0x02d4  amdsbs - ok
15:15:44.0201 0x02d4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:15:44.0211 0x02d4  amdxata - ok
15:15:44.0231 0x02d4  [ 7DCA2C59491D420947A0B529DB37C7CF, 4673DD141F02801A61FF057BE9DA7FD214C1F9ED31BCB035A8C4E44C579799E4 ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
15:15:44.0251 0x02d4  amdxhc - ok
15:15:44.0281 0x02d4  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
15:15:44.0301 0x02d4  AppID - ok
15:15:44.0311 0x02d4  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:15:44.0321 0x02d4  AppIDSvc - ok
15:15:44.0351 0x02d4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:15:44.0361 0x02d4  Appinfo - ok
15:15:44.0411 0x02d4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:15:44.0431 0x02d4  AppMgmt - ok
15:15:44.0461 0x02d4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:15:44.0471 0x02d4  arc - ok
15:15:44.0481 0x02d4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:15:44.0491 0x02d4  arcsas - ok
15:15:44.0531 0x02d4  [ 954950D11ADA98AC1B7EE3C770E4622C, D6D4700D7359AB84FB362305FBF2389B4EF51B4190EC2E0D4C7FEF80A06A0D0B ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
15:15:44.0561 0x02d4  asmthub3 - ok
15:15:44.0591 0x02d4  [ 01DBB05DB1DB95803E3C9F2B49AFE79C, 286310787F7EB7B237CB0082567BDA2F57D8F88C37015F6637FF6A6775CAA5AE ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
15:15:44.0621 0x02d4  asmtxhci - ok
15:15:44.0711 0x02d4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:15:44.0741 0x02d4  aspnet_state - ok
15:15:44.0771 0x02d4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:44.0791 0x02d4  AsyncMac - ok
15:15:44.0811 0x02d4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:15:44.0821 0x02d4  atapi - ok
15:15:44.0851 0x02d4  [ AAAE03F8EDA817EC28C5445193EA8BF3, 5A2ECB66936B87651202CAA7786D58DE6BFD8217B059C88775EB4B07BA2ADB89 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
15:15:44.0861 0x02d4  AthBTPort - ok
15:15:44.0891 0x02d4  [ 4ECC791539F23982411864037D1AC8FC, 063CBA00E453B5FF3CDFDFB5FA2E6A190A0DC3D399EC36F646262BE76F98A60C ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
15:15:44.0901 0x02d4  ATHDFU - ok
15:15:44.0931 0x02d4  [ FB3FF3DB34CB86F2B936B24D96F21F6F, 987686E9B9193F6A12FD0DEF4565B62AAB89C7E0771CAAED0CC6037BEAF827D6 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:15:44.0941 0x02d4  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
15:15:47.0861 0x02d4  Detect skipped due to KSN trusted
15:15:47.0861 0x02d4  AtherosSvc - ok
15:15:47.0971 0x02d4  [ DACE94C8AB40EFCD819C023F51C60C2E, 6471A423ACA45F8FE35D7D00C20A53340B6905900613652B426E465655B595CB ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:15:48.0051 0x02d4  athr - ok
15:15:48.0141 0x02d4  [ 36322190763845975E0D001E90687BF2, EA3DB2D112015CA5C744C5A84CDEFF6D02CE7D0E7E6E141AE3E527C2FAB5600E ] athur           C:\Windows\system32\DRIVERS\athurx.sys
15:15:48.0201 0x02d4  athur - ok
15:15:48.0221 0x02d4  [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:15:48.0231 0x02d4  AtiHDAudioService - ok
15:15:48.0621 0x02d4  [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:48.0911 0x02d4  atikmdag - ok
15:15:48.0991 0x02d4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:15:49.0011 0x02d4  AudioEndpointBuilder - ok
15:15:49.0061 0x02d4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:15:49.0091 0x02d4  AudioSrv - ok
15:15:49.0261 0x02d4  [ 8DFC779658F5227019615CDF54748652, 5FFA2E04002C9C9888D4FE85179DD8FEA4C999DD66791B15325E933B24AA4AE3 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
15:15:49.0341 0x02d4  AVKProxy - ok
15:15:49.0441 0x02d4  [ 56C6F2D7F1D515B4B534217443D3B67F, CB9E94EE515EE7C426B34EC40DFDEF27893C3379C011B2FF6EEF318A34BCF482 ] AVKService      C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
15:15:49.0471 0x02d4  AVKService - ok
15:15:49.0581 0x02d4  [ 258B9C230D2A904349CDF18CAD6B22BE, A270FF5D58C516272C248E22FD5ED3C4F279D0348154D56E13E88D05820E9246 ] AVKWCtl         C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
15:15:49.0661 0x02d4  AVKWCtl - ok
15:15:49.0701 0x02d4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:15:49.0721 0x02d4  AxInstSV - ok
15:15:49.0761 0x02d4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:15:49.0791 0x02d4  b06bdrv - ok
15:15:49.0821 0x02d4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:49.0841 0x02d4  b57nd60a - ok
15:15:49.0851 0x02d4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:15:49.0871 0x02d4  BDESVC - ok
15:15:49.0881 0x02d4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:15:49.0911 0x02d4  Beep - ok
15:15:49.0981 0x02d4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:15:50.0021 0x02d4  BFE - ok
15:15:50.0061 0x02d4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:15:50.0111 0x02d4  BITS - ok
15:15:50.0121 0x02d4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:15:50.0131 0x02d4  blbdrive - ok
15:15:50.0161 0x02d4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:15:50.0171 0x02d4  bowser - ok
15:15:50.0181 0x02d4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:15:50.0191 0x02d4  BrFiltLo - ok
15:15:50.0201 0x02d4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:15:50.0211 0x02d4  BrFiltUp - ok
15:15:50.0241 0x02d4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:15:50.0251 0x02d4  Browser - ok
15:15:50.0261 0x02d4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:15:50.0291 0x02d4  Brserid - ok
15:15:50.0301 0x02d4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:50.0311 0x02d4  BrSerWdm - ok
15:15:50.0321 0x02d4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:50.0331 0x02d4  BrUsbMdm - ok
15:15:50.0341 0x02d4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:50.0361 0x02d4  BrUsbSer - ok
15:15:50.0391 0x02d4  [ 3B1B573371B206D1D5F25E0EF5FCD6D6, 9CE8E687F7554FF4AD989015806D3A03A801647C88ECADF08F7404E49517680C ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
15:15:50.0411 0x02d4  BTATH_A2DP - ok
15:15:50.0431 0x02d4  [ 2D0446336D9DB55A742B999EC16ADF15, FBF57CBDCFE4146176ABBD7ACF04240048403143DD380E10AE63B10BA5D4F311 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
15:15:50.0441 0x02d4  BTATH_BUS - ok
15:15:50.0451 0x02d4  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD, 6534E599DDDF04A42E25581BB1CF4507B5F2E332FC74961C7F2CB8F672683C39 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:15:50.0461 0x02d4  BTATH_HCRP - ok
15:15:50.0481 0x02d4  [ FC0A8075DDF2E9C66267AEC91E0676F9, BAEBBA87DE72E996C9466FF15D9FD01DBD5D1A1097FC0FFB4819550830DEBCBC ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:15:50.0491 0x02d4  BTATH_LWFLT - ok
15:15:50.0501 0x02d4  [ 5EB4815CBDDBA4541F2380DAE6E269AB, DBBB0B1E5946BE5CA0C28F4175DE10613A3E5A89DCE0D6B9EDDF756B08CD274B ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
15:15:50.0511 0x02d4  BTATH_RCP - ok
15:15:50.0551 0x02d4  [ E24FBEFF8FD3BD997AA5E9BD68BD7C74, FF74067340B2CC9CFFA01B9E3BE410FD8D81D49A59544A93EF52D87220E37202 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
15:15:50.0571 0x02d4  BtFilter - ok
15:15:50.0601 0x02d4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:15:50.0611 0x02d4  BthEnum - ok
15:15:50.0631 0x02d4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:15:50.0641 0x02d4  BTHMODEM - ok
15:15:50.0661 0x02d4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:15:50.0671 0x02d4  BthPan - ok
15:15:50.0701 0x02d4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:15:50.0721 0x02d4  BTHPORT - ok
15:15:50.0741 0x02d4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:15:50.0771 0x02d4  bthserv - ok
15:15:50.0781 0x02d4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:15:50.0801 0x02d4  BTHUSB - ok
15:15:50.0811 0x02d4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:15:50.0841 0x02d4  cdfs - ok
15:15:50.0871 0x02d4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:15:50.0891 0x02d4  cdrom - ok
15:15:50.0921 0x02d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:15:50.0951 0x02d4  CertPropSvc - ok
15:15:50.0971 0x02d4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:15:50.0981 0x02d4  circlass - ok
15:15:51.0031 0x02d4  [ 690E0CA76895B27276A3A1FE2ECE050E, C1814938FA813783AD4322F9B4F3AC0E74A14EE9BD256D23BC89CB49C43806A2 ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
15:15:51.0061 0x02d4  cjpcsc - ok
15:15:51.0091 0x02d4  [ F790E369579A718C8A41F3B94A389ADC, 70FBEAF9BBE890E0BBF4871F2A6CEC374BA5124097811725F41CDD89A40C30BA ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
15:15:51.0101 0x02d4  cjusb - ok
15:15:51.0121 0x02d4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:15:51.0141 0x02d4  CLFS - ok
15:15:51.0191 0x02d4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:51.0211 0x02d4  clr_optimization_v2.0.50727_32 - ok
15:15:51.0231 0x02d4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:15:51.0251 0x02d4  clr_optimization_v2.0.50727_64 - ok
15:15:51.0311 0x02d4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:51.0321 0x02d4  clr_optimization_v4.0.30319_32 - ok
15:15:51.0351 0x02d4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:15:51.0371 0x02d4  clr_optimization_v4.0.30319_64 - ok
15:15:51.0381 0x02d4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:51.0401 0x02d4  CmBatt - ok
15:15:51.0411 0x02d4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:15:51.0421 0x02d4  cmdide - ok
15:15:51.0471 0x02d4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:15:51.0491 0x02d4  CNG - ok
15:15:51.0501 0x02d4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:15:51.0511 0x02d4  Compbatt - ok
15:15:51.0551 0x02d4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:15:51.0561 0x02d4  CompositeBus - ok
15:15:51.0571 0x02d4  COMSysApp - ok
15:15:51.0591 0x02d4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:15:51.0601 0x02d4  crcdisk - ok
15:15:51.0621 0x02d4  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:15:51.0641 0x02d4  CryptSvc - ok
15:15:51.0671 0x02d4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:15:51.0691 0x02d4  CSC - ok
15:15:51.0731 0x02d4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:15:51.0761 0x02d4  CscService - ok
15:15:51.0841 0x02d4  [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:15:51.0861 0x02d4  cvhsvc - ok
15:15:51.0911 0x02d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:15:51.0941 0x02d4  DcomLaunch - ok
15:15:51.0971 0x02d4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:15:52.0001 0x02d4  defragsvc - ok
15:15:52.0031 0x02d4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:15:52.0061 0x02d4  DfsC - ok
15:15:52.0091 0x02d4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:15:52.0111 0x02d4  Dhcp - ok
15:15:52.0121 0x02d4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:15:52.0151 0x02d4  discache - ok
15:15:52.0181 0x02d4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:15:52.0191 0x02d4  Disk - ok
15:15:52.0221 0x02d4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:15:52.0241 0x02d4  Dnscache - ok
15:15:52.0271 0x02d4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:15:52.0301 0x02d4  dot3svc - ok
15:15:52.0331 0x02d4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:15:52.0361 0x02d4  DPS - ok
15:15:52.0401 0x02d4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:15:52.0411 0x02d4  drmkaud - ok
15:15:52.0471 0x02d4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:15:52.0501 0x02d4  DXGKrnl - ok
15:15:52.0531 0x02d4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:15:52.0561 0x02d4  EapHost - ok
15:15:52.0701 0x02d4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:15:52.0821 0x02d4  ebdrv - ok
15:15:52.0861 0x02d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:15:52.0881 0x02d4  EFS - ok
15:15:52.0931 0x02d4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:15:52.0961 0x02d4  ehRecvr - ok
15:15:52.0991 0x02d4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:15:53.0001 0x02d4  ehSched - ok
15:15:53.0041 0x02d4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:15:53.0071 0x02d4  elxstor - ok
15:15:53.0091 0x02d4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:15:53.0101 0x02d4  ErrDev - ok
15:15:53.0151 0x02d4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:15:53.0191 0x02d4  EventSystem - ok
15:15:53.0201 0x02d4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:15:53.0241 0x02d4  exfat - ok
15:15:53.0251 0x02d4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:15:53.0291 0x02d4  fastfat - ok
15:15:53.0341 0x02d4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:15:53.0371 0x02d4  Fax - ok
15:15:53.0381 0x02d4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:15:53.0391 0x02d4  fdc - ok
15:15:53.0411 0x02d4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:15:53.0441 0x02d4  fdPHost - ok
15:15:53.0451 0x02d4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:15:53.0471 0x02d4  FDResPub - ok
15:15:53.0491 0x02d4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:15:53.0501 0x02d4  FileInfo - ok
15:15:53.0511 0x02d4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:15:53.0541 0x02d4  Filetrace - ok
15:15:53.0561 0x02d4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:15:53.0571 0x02d4  flpydisk - ok
15:15:53.0601 0x02d4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:15:53.0621 0x02d4  FltMgr - ok
15:15:53.0691 0x02d4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:15:53.0731 0x02d4  FontCache - ok
15:15:53.0771 0x02d4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:15:53.0781 0x02d4  FontCache3.0.0.0 - ok
15:15:53.0801 0x02d4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:15:53.0811 0x02d4  FsDepends - ok
15:15:53.0831 0x02d4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:15:53.0841 0x02d4  Fs_Rec - ok
15:15:53.0871 0x02d4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:15:53.0881 0x02d4  fvevol - ok
15:15:53.0911 0x02d4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:15:53.0921 0x02d4  gagp30kx - ok
15:15:53.0951 0x02d4  [ 1EDC1A2C1762EF7A0782938F17971C12, DDC021AD302589E8A9831A90489F7CFCABBADA5BA9C5623583CC9ED0700B2113 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
15:15:53.0961 0x02d4  GDBehave - ok
15:15:54.0121 0x02d4  [ 56F6E95D62AFC30FD0250D031E5AA480, 3CEC162DD346F1F93A3F0066E310958996556C9E74052456E0974B29A01E91A2 ] GDFwSvc         C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
15:15:54.0251 0x02d4  GDFwSvc - ok
15:15:54.0291 0x02d4  [ 3AEF393C011738ADDF09057E221EE7D8, 52D3C51D0206C3C082C2AB9958325070A54BC0FD78FF974C69020B424229A18A ] GDKBFlt         C:\Windows\system32\drivers\GDKBFlt64.sys
15:15:54.0301 0x02d4  GDKBFlt - ok
15:15:54.0311 0x02d4  [ F5A571A95A3E22877D0CBC60F7D66E05, D0D785C5D9F60414FCF01B9C1949661975BD49A93B4556D8D1045895531E457A ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
15:15:54.0331 0x02d4  GDMnIcpt - ok
15:15:54.0351 0x02d4  [ 527B1CAA9661D518AC5182292C35AEC7, 1E56FC0EDFED7D60798930812AB0BB623A6721D433B69AD0152379B412CCE4D4 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
15:15:54.0361 0x02d4  GDPkIcpt - ok
15:15:54.0401 0x02d4  [ CC88D7254787D15B84377137BF739F90, F01BF995EDB533C7E6F2A5B9591DA0B4F8F4E79CC45C2DA73198F4B4A8624F0B ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
15:15:54.0431 0x02d4  GDScan - ok
15:15:54.0441 0x02d4  [ 606EFCD1F2DD9D50E3DB8FC53755C7D2, 30C678E3EBDC65E383F311B5E625FBF4EC26D804830D910F102E40BC68DB0820 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
15:15:54.0451 0x02d4  gdwfpcd - ok
15:15:54.0501 0x02d4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:15:54.0551 0x02d4  gpsvc - ok
15:15:54.0581 0x02d4  [ 57875BA7B65C5FE5A87630DC1544C420, 5BB2F6CD21E3855F163B2B15E2E51A3D58637A890D0D3C6AEFB0F60214D6FBD2 ] GRD             C:\Windows\system32\drivers\GRD.sys
15:15:54.0591 0x02d4  GRD - ok
15:15:54.0601 0x02d4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:15:54.0611 0x02d4  hcw85cir - ok
15:15:54.0671 0x02d4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:15:54.0711 0x02d4  HdAudAddService - ok
15:15:54.0741 0x02d4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:15:54.0761 0x02d4  HDAudBus - ok
15:15:54.0781 0x02d4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:15:54.0791 0x02d4  HidBatt - ok
15:15:54.0811 0x02d4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:15:54.0831 0x02d4  HidBth - ok
15:15:54.0861 0x02d4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:15:54.0871 0x02d4  HidIr - ok
15:15:54.0891 0x02d4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:15:54.0921 0x02d4  hidserv - ok
15:15:54.0961 0x02d4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:15:54.0991 0x02d4  HidUsb - ok
15:15:55.0011 0x02d4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:15:55.0041 0x02d4  hkmsvc - ok
15:15:55.0071 0x02d4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:15:55.0091 0x02d4  HomeGroupListener - ok
15:15:55.0111 0x02d4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:15:55.0131 0x02d4  HomeGroupProvider - ok
15:15:55.0151 0x02d4  [ EB6EB3DCC2AD18236EEC42B2FC7BD806, A1334E802997FA2DF34B3C2860731BE03ADB5D1908DDBBCB4A46761ACC568573 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
15:15:55.0161 0x02d4  HookCentre - ok
15:15:55.0191 0x02d4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:15:55.0201 0x02d4  HpSAMD - ok
15:15:55.0241 0x02d4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:15:55.0291 0x02d4  HTTP - ok
15:15:55.0311 0x02d4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:15:55.0321 0x02d4  hwpolicy - ok
15:15:55.0351 0x02d4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:15:55.0361 0x02d4  i8042prt - ok
15:15:55.0391 0x02d4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:15:55.0411 0x02d4  iaStorV - ok
15:15:55.0471 0x02d4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:15:55.0501 0x02d4  idsvc - ok
15:15:55.0511 0x02d4  IEEtwCollectorService - ok
15:15:55.0901 0x02d4  [ BC610ABB825504272364EFE4C831E672, 86C101D6D62E0D37DB58C159776C6F527450DFD6452570DAAFAC4F81EC04FD1F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:15:56.0261 0x02d4  igfx - ok
15:15:56.0311 0x02d4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:15:56.0321 0x02d4  iirsp - ok
15:15:56.0371 0x02d4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:15:56.0401 0x02d4  IKEEXT - ok
15:15:56.0431 0x02d4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:15:56.0441 0x02d4  intelide - ok
15:15:56.0461 0x02d4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:15:56.0471 0x02d4  intelppm - ok
15:15:56.0491 0x02d4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:15:56.0521 0x02d4  IPBusEnum - ok
15:15:56.0551 0x02d4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:56.0581 0x02d4  IpFilterDriver - ok
15:15:56.0611 0x02d4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:15:56.0641 0x02d4  iphlpsvc - ok
15:15:56.0671 0x02d4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:15:56.0681 0x02d4  IPMIDRV - ok
15:15:56.0691 0x02d4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:15:56.0721 0x02d4  IPNAT - ok
15:15:56.0741 0x02d4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:15:56.0751 0x02d4  IRENUM - ok
15:15:56.0761 0x02d4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:15:56.0771 0x02d4  isapnp - ok
15:15:56.0801 0x02d4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:15:56.0821 0x02d4  iScsiPrt - ok
15:15:56.0851 0x02d4  [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
15:15:56.0871 0x02d4  itecir - ok
15:15:56.0881 0x02d4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:15:56.0891 0x02d4  kbdclass - ok
15:15:56.0911 0x02d4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:15:56.0921 0x02d4  kbdhid - ok
15:15:56.0931 0x02d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:15:56.0941 0x02d4  KeyIso - ok
15:15:56.0971 0x02d4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:15:56.0981 0x02d4  KSecDD - ok
15:15:57.0011 0x02d4  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:15:57.0031 0x02d4  KSecPkg - ok
15:15:57.0041 0x02d4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:15:57.0071 0x02d4  ksthunk - ok
15:15:57.0091 0x02d4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:15:57.0131 0x02d4  KtmRm - ok
15:15:57.0161 0x02d4  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
15:15:57.0171 0x02d4  L1E - ok
15:15:57.0211 0x02d4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:15:57.0241 0x02d4  LanmanServer - ok
15:15:57.0261 0x02d4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:15:57.0291 0x02d4  LanmanWorkstation - ok
15:15:57.0321 0x02d4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:15:57.0351 0x02d4  lltdio - ok
15:15:57.0381 0x02d4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:15:57.0421 0x02d4  lltdsvc - ok
15:15:57.0431 0x02d4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:15:57.0461 0x02d4  lmhosts - ok
15:15:57.0481 0x02d4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:57.0491 0x02d4  LSI_FC - ok
15:15:57.0511 0x02d4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:57.0521 0x02d4  LSI_SAS - ok
15:15:57.0531 0x02d4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:57.0541 0x02d4  LSI_SAS2 - ok
15:15:57.0561 0x02d4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:15:57.0571 0x02d4  LSI_SCSI - ok
15:15:57.0571 0x02d4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:15:57.0601 0x02d4  luafv - ok
15:15:57.0631 0x02d4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:15:57.0651 0x02d4  Mcx2Svc - ok
15:15:57.0661 0x02d4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:15:57.0671 0x02d4  megasas - ok
15:15:57.0681 0x02d4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:15:57.0701 0x02d4  MegaSR - ok
15:15:57.0731 0x02d4  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:15:57.0741 0x02d4  MEIx64 - ok
15:15:57.0811 0x02d4  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:15:57.0841 0x02d4  Microsoft Office Groove Audit Service - ok
15:15:57.0871 0x02d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:15:57.0911 0x02d4  MMCSS - ok
15:15:57.0931 0x02d4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:15:57.0951 0x02d4  Modem - ok
15:15:57.0971 0x02d4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:15:57.0981 0x02d4  monitor - ok
15:15:58.0011 0x02d4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:15:58.0031 0x02d4  mouclass - ok
15:15:58.0051 0x02d4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:15:58.0071 0x02d4  mouhid - ok
15:15:58.0091 0x02d4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:15:58.0101 0x02d4  mountmgr - ok
15:15:58.0141 0x02d4  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:15:58.0171 0x02d4  MozillaMaintenance - ok
15:15:58.0181 0x02d4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:15:58.0201 0x02d4  mpio - ok
15:15:58.0221 0x02d4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:15:58.0251 0x02d4  mpsdrv - ok
15:15:58.0321 0x02d4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:15:58.0371 0x02d4  MpsSvc - ok
15:15:58.0401 0x02d4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:15:58.0421 0x02d4  MRxDAV - ok
15:15:58.0441 0x02d4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:58.0461 0x02d4  mrxsmb - ok
15:15:58.0471 0x02d4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:58.0491 0x02d4  mrxsmb10 - ok
15:15:58.0501 0x02d4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:58.0511 0x02d4  mrxsmb20 - ok
15:15:58.0541 0x02d4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:15:58.0551 0x02d4  msahci - ok
15:15:58.0561 0x02d4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:15:58.0581 0x02d4  msdsm - ok
15:15:58.0601 0x02d4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:15:58.0611 0x02d4  MSDTC - ok
15:15:58.0641 0x02d4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:15:58.0661 0x02d4  Msfs - ok
15:15:58.0681 0x02d4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:15:58.0711 0x02d4  mshidkmdf - ok
15:15:58.0721 0x02d4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:15:58.0731 0x02d4  msisadrv - ok
15:15:58.0751 0x02d4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:15:58.0791 0x02d4  MSiSCSI - ok
15:15:58.0791 0x02d4  msiserver - ok
15:15:58.0821 0x02d4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:15:58.0841 0x02d4  MSKSSRV - ok
15:15:58.0851 0x02d4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:58.0881 0x02d4  MSPCLOCK - ok
15:15:58.0891 0x02d4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:15:58.0911 0x02d4  MSPQM - ok
15:15:58.0951 0x02d4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:15:58.0971 0x02d4  MsRPC - ok
15:15:58.0991 0x02d4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:15:59.0001 0x02d4  mssmbios - ok
15:15:59.0011 0x02d4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:15:59.0041 0x02d4  MSTEE - ok
15:15:59.0051 0x02d4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:15:59.0061 0x02d4  MTConfig - ok
15:15:59.0091 0x02d4  [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:15:59.0101 0x02d4  MTsensor - ok
15:15:59.0121 0x02d4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:15:59.0131 0x02d4  Mup - ok
15:15:59.0161 0x02d4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:15:59.0191 0x02d4  napagent - ok
15:15:59.0281 0x02d4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:15:59.0331 0x02d4  NativeWifiP - ok
15:15:59.0381 0x02d4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:15:59.0411 0x02d4  NDIS - ok
15:15:59.0431 0x02d4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:59.0461 0x02d4  NdisCap - ok
15:15:59.0481 0x02d4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:59.0501 0x02d4  NdisTapi - ok
15:15:59.0531 0x02d4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:59.0561 0x02d4  Ndisuio - ok
15:15:59.0591 0x02d4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:59.0621 0x02d4  NdisWan - ok
15:15:59.0641 0x02d4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:15:59.0671 0x02d4  NDProxy - ok
15:15:59.0681 0x02d4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:15:59.0711 0x02d4  NetBIOS - ok
15:15:59.0721 0x02d4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:15:59.0751 0x02d4  NetBT - ok
15:15:59.0761 0x02d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
15:15:59.0771 0x02d4  Netlogon - ok
15:15:59.0811 0x02d4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:15:59.0851 0x02d4  Netman - ok
15:15:59.0881 0x02d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:59.0901 0x02d4  NetMsmqActivator - ok
15:15:59.0921 0x02d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:59.0931 0x02d4  NetPipeActivator - ok
15:15:59.0951 0x02d4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:15:59.0991 0x02d4  netprofm - ok
15:16:00.0001 0x02d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:16:00.0021 0x02d4  NetTcpActivator - ok
15:16:00.0021 0x02d4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:16:00.0041 0x02d4  NetTcpPortSharing - ok
15:16:00.0061 0x02d4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:16:00.0071 0x02d4  nfrd960 - ok
15:16:00.0111 0x02d4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:16:00.0121 0x02d4  NlaSvc - ok
15:16:00.0151 0x02d4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:16:00.0181 0x02d4  Npfs - ok
15:16:00.0181 0x02d4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:16:00.0211 0x02d4  nsi - ok
15:16:00.0221 0x02d4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:16:00.0251 0x02d4  nsiproxy - ok
15:16:00.0321 0x02d4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:16:00.0371 0x02d4  Ntfs - ok
15:16:00.0381 0x02d4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:16:00.0411 0x02d4  Null - ok
15:16:00.0441 0x02d4  [ 0EBC9D13CD96C15B1B18D8678A609E4B, B10896DE16B0C102DFB3E73A6C11A1982C5B428015DAE1F8776BCEF94A0F75C6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:16:00.0451 0x02d4  nusb3hub - ok
15:16:00.0481 0x02d4  [ 7BDEC000D56D485021D9C1E63C2F81CA, 7F1303FD0371AF8715BFC38433B730C797170AEF10C7DB845B7B547DA8DBB5D5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:16:00.0501 0x02d4  nusb3xhc - ok
15:16:00.0541 0x02d4  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
15:16:00.0561 0x02d4  NVENETFD - ok
15:16:00.0581 0x02d4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:16:00.0601 0x02d4  nvraid - ok
15:16:00.0631 0x02d4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:16:00.0641 0x02d4  nvstor - ok
15:16:00.0661 0x02d4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:16:00.0681 0x02d4  nv_agp - ok
15:16:00.0731 0x02d4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:16:00.0761 0x02d4  odserv - ok
15:16:00.0781 0x02d4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:16:00.0791 0x02d4  ohci1394 - ok
15:16:00.0831 0x02d4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:16:00.0841 0x02d4  ose - ok
15:16:01.0031 0x02d4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:16:01.0181 0x02d4  osppsvc - ok
15:16:01.0241 0x02d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:16:01.0261 0x02d4  p2pimsvc - ok
15:16:01.0281 0x02d4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:16:01.0311 0x02d4  p2psvc - ok
15:16:01.0341 0x02d4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:16:01.0361 0x02d4  Parport - ok
15:16:01.0381 0x02d4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:16:01.0391 0x02d4  partmgr - ok
15:16:01.0421 0x02d4  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:16:01.0441 0x02d4  PcaSvc - ok
15:16:01.0461 0x02d4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:16:01.0471 0x02d4  pci - ok
15:16:01.0501 0x02d4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:16:01.0511 0x02d4  pciide - ok
15:16:01.0531 0x02d4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:01.0541 0x02d4  pcmcia - ok
15:16:01.0561 0x02d4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:16:01.0571 0x02d4  pcw - ok
15:16:01.0591 0x02d4  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:16:01.0621 0x02d4  PEAUTH - ok
15:16:01.0671 0x02d4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:16:01.0721 0x02d4  PeerDistSvc - ok
15:16:01.0781 0x02d4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:16:01.0791 0x02d4  PerfHost - ok
15:16:01.0861 0x02d4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:16:01.0921 0x02d4  pla - ok
15:16:01.0971 0x02d4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:16:01.0991 0x02d4  PlugPlay - ok
15:16:02.0001 0x02d4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:16:02.0011 0x02d4  PNRPAutoReg - ok
15:16:02.0031 0x02d4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:16:02.0051 0x02d4  PNRPsvc - ok
15:16:02.0071 0x02d4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:16:02.0111 0x02d4  PolicyAgent - ok
15:16:02.0141 0x02d4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:16:02.0171 0x02d4  Power - ok
15:16:02.0201 0x02d4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:16:02.0231 0x02d4  PptpMiniport - ok
15:16:02.0251 0x02d4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:16:02.0261 0x02d4  Processor - ok
15:16:02.0291 0x02d4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:16:02.0311 0x02d4  ProfSvc - ok
15:16:02.0321 0x02d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:16:02.0331 0x02d4  ProtectedStorage - ok
15:16:02.0371 0x02d4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:16:02.0431 0x02d4  Psched - ok
15:16:02.0481 0x02d4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:16:02.0531 0x02d4  ql2300 - ok
15:16:02.0551 0x02d4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:16:02.0561 0x02d4  ql40xx - ok
15:16:02.0581 0x02d4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:16:02.0601 0x02d4  QWAVE - ok
15:16:02.0621 0x02d4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:16:02.0641 0x02d4  QWAVEdrv - ok
15:16:02.0651 0x02d4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:16:02.0681 0x02d4  RasAcd - ok
15:16:02.0691 0x02d4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:02.0721 0x02d4  RasAgileVpn - ok
15:16:02.0731 0x02d4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:16:02.0761 0x02d4  RasAuto - ok
15:16:02.0781 0x02d4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:02.0821 0x02d4  Rasl2tp - ok
15:16:02.0851 0x02d4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:16:02.0891 0x02d4  RasMan - ok
15:16:02.0901 0x02d4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:02.0931 0x02d4  RasPppoe - ok
15:16:02.0951 0x02d4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:16:02.0981 0x02d4  RasSstp - ok
15:16:03.0011 0x02d4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:16:03.0051 0x02d4  rdbss - ok
15:16:03.0061 0x02d4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:03.0071 0x02d4  rdpbus - ok
15:16:03.0081 0x02d4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:03.0111 0x02d4  RDPCDD - ok
15:16:03.0131 0x02d4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:16:03.0161 0x02d4  RDPDR - ok
15:16:03.0181 0x02d4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:16:03.0211 0x02d4  RDPENCDD - ok
15:16:03.0221 0x02d4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:16:03.0241 0x02d4  RDPREFMP - ok
15:16:03.0321 0x02d4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:16:03.0351 0x02d4  RdpVideoMiniport - ok
15:16:03.0381 0x02d4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:16:03.0411 0x02d4  RDPWD - ok
15:16:03.0431 0x02d4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:16:03.0451 0x02d4  rdyboost - ok
15:16:03.0481 0x02d4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:16:03.0511 0x02d4  RemoteAccess - ok
15:16:03.0541 0x02d4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:16:03.0571 0x02d4  RemoteRegistry - ok
15:16:03.0601 0x02d4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:16:03.0611 0x02d4  RFCOMM - ok
15:16:03.0631 0x02d4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:16:03.0661 0x02d4  RpcEptMapper - ok
15:16:03.0671 0x02d4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:16:03.0681 0x02d4  RpcLocator - ok
15:16:03.0721 0x02d4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:16:03.0761 0x02d4  RpcSs - ok
15:16:03.0781 0x02d4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:16:03.0811 0x02d4  rspndr - ok
15:16:03.0861 0x02d4  [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:16:03.0891 0x02d4  RTL8167 - ok
15:16:03.0911 0x02d4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:16:03.0931 0x02d4  s3cap - ok
15:16:03.0941 0x02d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
15:16:03.0961 0x02d4  SamSs - ok
15:16:03.0981 0x02d4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:16:03.0991 0x02d4  sbp2port - ok
15:16:04.0011 0x02d4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:16:04.0051 0x02d4  SCardSvr - ok
15:16:04.0071 0x02d4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:16:04.0101 0x02d4  scfilter - ok
15:16:04.0161 0x02d4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
15:16:04.0211 0x02d4  Schedule - ok
15:16:04.0241 0x02d4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:16:04.0261 0x02d4  SCPolicySvc - ok
15:16:04.0291 0x02d4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:16:04.0301 0x02d4  SDRSVC - ok
15:16:04.0361 0x02d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:16:04.0411 0x02d4  secdrv - ok
15:16:04.0421 0x02d4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:16:04.0451 0x02d4  seclogon - ok
15:16:04.0461 0x02d4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:16:04.0491 0x02d4  SENS - ok
15:16:04.0501 0x02d4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:16:04.0521 0x02d4  SensrSvc - ok
15:16:04.0531 0x02d4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:16:04.0541 0x02d4  Serenum - ok
15:16:04.0551 0x02d4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:16:04.0571 0x02d4  Serial - ok
15:16:04.0591 0x02d4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:16:04.0601 0x02d4  sermouse - ok
15:16:04.0631 0x02d4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:16:04.0661 0x02d4  SessionEnv - ok
15:16:04.0671 0x02d4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:16:04.0681 0x02d4  sffdisk - ok
15:16:04.0691 0x02d4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:16:04.0701 0x02d4  sffp_mmc - ok
15:16:04.0711 0x02d4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:16:04.0721 0x02d4  sffp_sd - ok
15:16:04.0731 0x02d4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:16:04.0751 0x02d4  sfloppy - ok
15:16:04.0801 0x02d4  [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:16:04.0831 0x02d4  Sftfs - ok
15:16:04.0871 0x02d4  [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:16:04.0901 0x02d4  sftlist - ok
15:16:04.0921 0x02d4  [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:16:04.0931 0x02d4  Sftplay - ok
15:16:04.0951 0x02d4  [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:16:04.0961 0x02d4  Sftredir - ok
15:16:04.0961 0x02d4  [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:16:04.0971 0x02d4  Sftvol - ok
15:16:04.0981 0x02d4  [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:16:05.0001 0x02d4  sftvsa - ok
15:16:05.0031 0x02d4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:16:05.0061 0x02d4  SharedAccess - ok
15:16:05.0081 0x02d4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:16:05.0121 0x02d4  ShellHWDetection - ok
15:16:05.0141 0x02d4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:16:05.0151 0x02d4  SiSRaid2 - ok
15:16:05.0161 0x02d4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:16:05.0181 0x02d4  SiSRaid4 - ok
15:16:05.0251 0x02d4  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:16:05.0281 0x02d4  SkypeUpdate - ok
15:16:05.0311 0x02d4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:16:05.0341 0x02d4  Smb - ok
15:16:05.0381 0x02d4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:16:05.0391 0x02d4  SNMPTRAP - ok
15:16:05.0731 0x02d4  [ 37D91C6385BB1104D67925FC43800ED0, E3DBD9B7A4AC7EE193454C83A978EA6F1D7212B282CCDDC4A9366D4EB4F1C3B6 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
15:16:06.0031 0x02d4  SNPSTD3 - ok
15:16:06.0071 0x02d4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:16:06.0081 0x02d4  spldr - ok
15:16:06.0141 0x02d4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:16:06.0171 0x02d4  Spooler - ok
15:16:06.0311 0x02d4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:16:06.0411 0x02d4  sppsvc - ok
15:16:06.0431 0x02d4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:16:06.0461 0x02d4  sppuinotify - ok
15:16:06.0491 0x02d4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:16:06.0521 0x02d4  srv - ok
15:16:06.0541 0x02d4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:16:06.0561 0x02d4  srv2 - ok
15:16:06.0571 0x02d4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:16:06.0581 0x02d4  srvnet - ok
15:16:06.0611 0x02d4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:16:06.0641 0x02d4  SSDPSRV - ok
15:16:06.0651 0x02d4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:16:06.0681 0x02d4  SstpSvc - ok
15:16:06.0801 0x02d4  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
15:16:06.0831 0x02d4  StarMoney 9.0 OnlineUpdate - ok
15:16:06.0851 0x02d4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:16:06.0861 0x02d4  stexstor - ok
15:16:06.0911 0x02d4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:16:06.0941 0x02d4  stisvc - ok
15:16:06.0961 0x02d4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:16:06.0971 0x02d4  storflt - ok
15:16:06.0991 0x02d4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
15:16:07.0011 0x02d4  StorSvc - ok
15:16:07.0021 0x02d4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:16:07.0031 0x02d4  storvsc - ok
15:16:07.0061 0x02d4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:16:07.0071 0x02d4  swenum - ok
15:16:07.0101 0x02d4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:16:07.0141 0x02d4  swprv - ok
15:16:07.0211 0x02d4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
15:16:07.0261 0x02d4  SysMain - ok
15:16:07.0291 0x02d4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:16:07.0311 0x02d4  TabletInputService - ok
15:16:07.0331 0x02d4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:16:07.0361 0x02d4  TapiSrv - ok
15:16:07.0381 0x02d4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:16:07.0411 0x02d4  TBS - ok
15:16:07.0481 0x02d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:16:07.0541 0x02d4  Tcpip - ok
15:16:07.0601 0x02d4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:16:07.0651 0x02d4  TCPIP6 - ok
15:16:07.0671 0x02d4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:16:07.0681 0x02d4  tcpipreg - ok
15:16:07.0701 0x02d4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:16:07.0711 0x02d4  TDPIPE - ok
15:16:07.0751 0x02d4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:16:07.0761 0x02d4  TDTCP - ok
15:16:07.0801 0x02d4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:16:07.0811 0x02d4  tdx - ok
15:16:07.0831 0x02d4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:16:07.0841 0x02d4  TermDD - ok
15:16:07.0891 0x02d4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:16:07.0911 0x02d4  TermService - ok
15:16:07.0931 0x02d4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:16:07.0951 0x02d4  Themes - ok
15:16:07.0971 0x02d4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:16:07.0991 0x02d4  THREADORDER - ok
15:16:08.0001 0x02d4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:16:08.0041 0x02d4  TrkWks - ok
15:16:08.0071 0x02d4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:16:08.0101 0x02d4  TrustedInstaller - ok
15:16:08.0121 0x02d4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:08.0141 0x02d4  tssecsrv - ok
15:16:08.0181 0x02d4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:16:08.0191 0x02d4  TsUsbFlt - ok
15:16:08.0221 0x02d4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:16:08.0251 0x02d4  tunnel - ok
15:16:08.0271 0x02d4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:16:08.0281 0x02d4  uagp35 - ok
15:16:08.0301 0x02d4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:16:08.0371 0x02d4  udfs - ok
15:16:08.0391 0x02d4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:16:08.0411 0x02d4  UI0Detect - ok
15:16:08.0431 0x02d4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:16:08.0441 0x02d4  uliagpkx - ok
15:16:08.0461 0x02d4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
15:16:08.0471 0x02d4  umbus - ok
15:16:08.0491 0x02d4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:16:08.0501 0x02d4  UmPass - ok
15:16:08.0531 0x02d4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:16:08.0551 0x02d4  UmRdpService - ok
15:16:08.0571 0x02d4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:16:08.0611 0x02d4  upnphost - ok
15:16:08.0641 0x02d4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:16:08.0651 0x02d4  usbaudio - ok
15:16:08.0681 0x02d4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:16:08.0691 0x02d4  usbccgp - ok
15:16:08.0721 0x02d4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:16:08.0731 0x02d4  usbcir - ok
15:16:08.0751 0x02d4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:16:08.0761 0x02d4  usbehci - ok
15:16:08.0811 0x02d4  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
15:16:08.0821 0x02d4  usbfilter - ok
15:16:08.0861 0x02d4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:16:08.0881 0x02d4  usbhub - ok
15:16:08.0901 0x02d4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:16:08.0911 0x02d4  usbohci - ok
15:16:08.0941 0x02d4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:16:08.0951 0x02d4  usbprint - ok
15:16:08.0961 0x02d4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:16:08.0981 0x02d4  usbscan - ok
15:16:08.0991 0x02d4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:16:09.0011 0x02d4  USBSTOR - ok
15:16:09.0031 0x02d4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:16:09.0041 0x02d4  usbuhci - ok
15:16:09.0061 0x02d4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:16:09.0091 0x02d4  UxSms - ok
15:16:09.0111 0x02d4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
15:16:09.0121 0x02d4  VaultSvc - ok
15:16:09.0131 0x02d4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:16:09.0141 0x02d4  vdrvroot - ok
15:16:09.0181 0x02d4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:16:09.0221 0x02d4  vds - ok
15:16:09.0231 0x02d4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:09.0241 0x02d4  vga - ok
15:16:09.0251 0x02d4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:16:09.0281 0x02d4  VgaSave - ok
15:16:09.0311 0x02d4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:16:09.0321 0x02d4  vhdmp - ok
15:16:09.0351 0x02d4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:16:09.0361 0x02d4  viaide - ok
15:16:09.0401 0x02d4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:16:09.0411 0x02d4  vmbus - ok
15:16:09.0431 0x02d4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:16:09.0441 0x02d4  VMBusHID - ok
15:16:09.0471 0x02d4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:16:09.0481 0x02d4  volmgr - ok
15:16:09.0521 0x02d4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:16:09.0531 0x02d4  volmgrx - ok
15:16:09.0571 0x02d4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:16:09.0581 0x02d4  volsnap - ok
15:16:09.0611 0x02d4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:16:09.0631 0x02d4  vsmraid - ok
15:16:09.0691 0x02d4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:16:09.0751 0x02d4  VSS - ok
15:16:09.0791 0x02d4  [ 19AD122244A1C8E16B3427A5CAE473A1, 3561D6DDB58D17EA998C5014C645DECB874034291A956692BF257ED782E15DE6 ] VUSB3HUB        C:\Windows\system32\DRIVERS\ViaHub3.sys
15:16:09.0801 0x02d4  VUSB3HUB - ok
15:16:09.0821 0x02d4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:09.0831 0x02d4  vwifibus - ok
15:16:09.0861 0x02d4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:09.0871 0x02d4  vwififlt - ok
15:16:09.0891 0x02d4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:16:09.0931 0x02d4  W32Time - ok
15:16:09.0951 0x02d4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:16:09.0961 0x02d4  WacomPen - ok
15:16:09.0991 0x02d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:16:10.0011 0x02d4  WANARP - ok
15:16:10.0031 0x02d4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:16:10.0061 0x02d4  Wanarpv6 - ok
15:16:10.0121 0x02d4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:16:10.0161 0x02d4  wbengine - ok
15:16:10.0201 0x02d4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:16:10.0221 0x02d4  WbioSrvc - ok
15:16:10.0251 0x02d4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:16:10.0271 0x02d4  wcncsvc - ok
15:16:10.0281 0x02d4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:16:10.0291 0x02d4  WcsPlugInService - ok
15:16:10.0301 0x02d4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:16:10.0311 0x02d4  Wd - ok
15:16:10.0381 0x02d4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:16:10.0401 0x02d4  Wdf01000 - ok
15:16:10.0421 0x02d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:16:10.0441 0x02d4  WdiServiceHost - ok
15:16:10.0441 0x02d4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:16:10.0461 0x02d4  WdiSystemHost - ok
15:16:10.0471 0x02d4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
15:16:10.0491 0x02d4  WebClient - ok
15:16:10.0501 0x02d4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:16:10.0541 0x02d4  Wecsvc - ok
15:16:10.0551 0x02d4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:16:10.0581 0x02d4  wercplsupport - ok
15:16:10.0601 0x02d4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:16:10.0631 0x02d4  WerSvc - ok
15:16:10.0641 0x02d4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:10.0671 0x02d4  WfpLwf - ok
15:16:10.0681 0x02d4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:16:10.0691 0x02d4  WIMMount - ok
15:16:10.0711 0x02d4  WinDefend - ok
15:16:10.0731 0x02d4  WinHttpAutoProxySvc - ok
15:16:10.0761 0x02d4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:16:10.0791 0x02d4  Winmgmt - ok
15:16:10.0871 0x02d4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
15:16:10.0931 0x02d4  WinRM - ok
15:16:10.0971 0x02d4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:16:10.0981 0x02d4  WinUsb - ok
15:16:11.0021 0x02d4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:16:11.0061 0x02d4  Wlansvc - ok
15:16:11.0081 0x02d4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:16:11.0091 0x02d4  WmiAcpi - ok
15:16:11.0111 0x02d4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:16:11.0121 0x02d4  wmiApSrv - ok
15:16:11.0131 0x02d4  WMPNetworkSvc - ok
15:16:11.0141 0x02d4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:16:11.0161 0x02d4  WPCSvc - ok
15:16:11.0181 0x02d4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:16:11.0201 0x02d4  WPDBusEnum - ok
15:16:11.0211 0x02d4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:16:11.0241 0x02d4  ws2ifsl - ok
15:16:11.0261 0x02d4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:16:11.0271 0x02d4  wscsvc - ok
15:16:11.0281 0x02d4  WSearch - ok
15:16:11.0371 0x02d4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:16:11.0431 0x02d4  wuauserv - ok
15:16:11.0461 0x02d4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:16:11.0481 0x02d4  WudfPf - ok
15:16:11.0511 0x02d4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:11.0521 0x02d4  WUDFRd - ok
15:16:11.0541 0x02d4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:16:11.0561 0x02d4  wudfsvc - ok
15:16:11.0581 0x02d4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:16:11.0601 0x02d4  WwanSvc - ok
15:16:11.0631 0x02d4  [ 733A616083557572B4FDFE104B006393, 0885D3DE8518171CA74DF5BC25AB404D0E25085C2808C7E789C77FB2F2CD06A6 ] xhcdrv          C:\Windows\system32\DRIVERS\xhcdrv.sys
15:16:11.0651 0x02d4  xhcdrv - ok
15:16:11.0711 0x02d4  ================ Scan global ===============================
15:16:11.0731 0x02d4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:16:11.0751 0x02d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:16:11.0771 0x02d4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
15:16:11.0781 0x02d4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:16:11.0821 0x02d4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:16:11.0831 0x02d4  [ Global ] - ok
15:16:11.0831 0x02d4  ================ Scan MBR ==================================
15:16:11.0831 0x02d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:16:12.0151 0x02d4  \Device\Harddisk0\DR0 - ok
15:16:12.0151 0x02d4  ================ Scan VBR ==================================
15:16:12.0161 0x02d4  [ D42C0A96811FA03D021247750155425E ] \Device\Harddisk0\DR0\Partition1
15:16:12.0211 0x02d4  \Device\Harddisk0\DR0\Partition1 - ok
15:16:12.0221 0x02d4  [ 17A0C261F9C7B2067C7AE73FFFEC1009 ] \Device\Harddisk0\DR0\Partition2
15:16:12.0271 0x02d4  \Device\Harddisk0\DR0\Partition2 - ok
15:16:12.0281 0x02d4  [ FF9C219E5BBDB4BCB4A7AA69EA6799B5 ] \Device\Harddisk0\DR0\Partition3
15:16:12.0281 0x02d4  \Device\Harddisk0\DR0\Partition3 - ok
15:16:12.0281 0x02d4  ================ Scan generic autorun ======================
15:16:12.0321 0x02d4  [ 1BD833293DC78C3C66F55CB31AC27353, D10AB0F9F0073EDCAF8E4C4E82830A2A7F86EEE7F7C408B320F504A76C5ACD11 ] C:\Windows\system32\igfxtray.exe
15:16:12.0351 0x02d4  IgfxTray - ok
15:16:12.0371 0x02d4  [ 1FB519690A010AF3EDCA60FED6F02C20, 84DF42D34415F9B464BDB6559A674EED25A9E3A0A599E51E5D884E2DB71D9867 ] C:\Windows\system32\hkcmd.exe
15:16:12.0401 0x02d4  HotKeysCmds - ok
15:16:12.0411 0x02d4  [ 63AC9EF9DA04681A456497F4C305E49E, 880D42EA08F3F04B8948E91370851E2DB8CFCC23E61C07087CCFBEF7E6EC6C52 ] C:\Windows\system32\igfxpers.exe
15:16:12.0431 0x02d4  Persistence - ok
15:16:12.0451 0x02d4  VIAxHCUtl - ok
15:16:12.0491 0x02d4  [ FB0C8699B87F7140BB6201BE7B4B6778, C5F9956374E59BB478FCBA457A0207AEA8B90EC8EB6C52F4F0D27A89FC7920EE ] C:\Windows\vsnpstd3.exe
15:16:12.0531 0x02d4  snpstd3 - ok
15:16:12.0621 0x02d4  [ 0B6307FB3D24EACBB86A51E285E1F384, 4658EEBD36669906C15D876B28D566E74703A81A3EF6ACE99EE2B6D8857DA594 ] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
15:16:12.0671 0x02d4  GDFirewallTray - ok
15:16:12.0721 0x02d4  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
15:16:12.0751 0x02d4  GrooveMonitor - ok
15:16:12.0781 0x02d4  [ A9F3C6135C9756E21A331F20437BC83E, 2576B4DD5D8374FF3042704DC885B4674ABF3E239BD7697785680C1D705901BA ] C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe
15:16:12.0811 0x02d4  G Data ASM - ok
15:16:12.0851 0x02d4  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
15:16:12.0861 0x02d4  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
15:16:15.0811 0x02d4  Detect skipped due to KSN trusted
15:16:15.0811 0x02d4  QuickTime Task - ok
15:16:15.0871 0x02d4  [ 1AA5F0A2E3E65A9F6B35C19A7C9D7762, AB08124D101C4FE8B6D4A6056783D2EAD5C049BE39A3DE772E008CD43E36F443 ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
15:16:15.0911 0x02d4  Nikon Message Center 2 - detected UnsignedFile.Multi.Generic ( 1 )
15:16:18.0861 0x02d4  Detect skipped due to KSN trusted
15:16:18.0861 0x02d4  Nikon Message Center 2 - ok
15:16:18.0941 0x02d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:16:18.0981 0x02d4  Sidebar - ok
15:16:19.0001 0x02d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:16:19.0011 0x02d4  mctadmin - ok
15:16:19.0041 0x02d4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:16:19.0081 0x02d4  Sidebar - ok
15:16:19.0081 0x02d4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:16:19.0101 0x02d4  mctadmin - ok
15:16:19.0161 0x02d4  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
15:16:19.0201 0x02d4  Sidebar - ok
15:16:19.0201 0x02d4  Waiting for KSN requests completion. In queue: 123
15:16:20.0201 0x02d4  Waiting for KSN requests completion. In queue: 5
15:16:21.0201 0x02d4  Waiting for KSN requests completion. In queue: 5
15:16:22.0251 0x02d4  AV detected via SS2: G DATA INTERNET SECURITY, C:\Program Files (x86)\G Data\InternetSecurity\AVK\avkwscpe.exe ( 25.0.0.0 ), 0x41000 ( enabled : updated )
15:16:22.0251 0x02d4  FW detected via SS2: G DATA Personal Firewall, C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe ( 22.0.0.1 ), 0x41010 ( enabled )
15:16:25.0131 0x02d4  ============================================================
15:16:25.0131 0x02d4  Scan finished
15:16:25.0131 0x02d4  ============================================================
15:16:25.0141 0x10c0  Detected object count: 0
15:16:25.0141 0x10c0  Actual detected object count: 0
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.09.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
User :: USER-PC [administrator]

09.01.2015 15:35:27
mbar-log-2015-01-09 (15-35-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 371702
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 09.01.2015, 16:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



hi,

Zugriff verweigert ist nicht unnormal, das kommt schon mal vor. Aber hier haben wir noch bissl Arbeit.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Gdata Fund : Zugriff verweigert

Alt 09.01.2015, 17:30   #7
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.01.2015
Suchlauf-Zeit: 16:16:45
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.01.09.09
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 371950
Verstrichene Zeit: 6 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 53
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), ,[9cc18273058473c38de5ae1a4fb608f8]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (ser Preferences

/* Do not edit this file.
 *
 * If y), ,[322b8e67cebb1d199bd797314db8c23e]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make changes to this file while the app), ,[025b2bca2960ad89c0b2992f19ec8779]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("app.update.), ,[b3aa91646a1f9e98f47e13b5986db24e]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (nge to preferences, you can visit the URL about:config), ,[c29b4aabb8d16dc9135f5870b352a957]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you ), ,[47168e67bbcee3538ce633954bbad42c]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If yo), ,[70ed4fa68306e551a0d2f9cf1ee7c937]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you), ,[84d925d0fc8d82b4264c349444c136ca]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you), ,[97c654a19eeb81b54a28d8f0f4110bf5]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("app.update.lastUpdateTime.addon-background-update-tim), ,[90cd4aab8900c27483ef864242c3d22e]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (pp.update.lastUpdateTime.addon-background-update-timer", 142), ,[ec712dc89aef2d09234f00c87392b947]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes), ,[2835a2538dfc65d1f9798c3cd03541bf]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make chang), ,[a1bc26cff3966ec81b57a3255ca9a060]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("app.update.lastUpdateTime.addon-background-update-timer", 142), ,[77e6b73e25649c9aa6cc9b2d9c693dc3]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (.update.lastUpdateTime.addon-background-update-timer", 1420), ,[332a39bcf7929b9b1d555177af5628d8]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes to t), ,[005d8b6a51381c1a660cc10717ee6c94]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to this ), ,[a0bd4fa62267f3432151e0e89174a45c]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (* Do not edit this file.
 *
 * If you make changes), ,[dc8105f0a7e2e05630424682cb3a7a86]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("app.update.lastUpdateTime.addon-background-update-timer", 14), ,[025bcd289fea63d3dd95dcec07fec33d]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (te.lastUpdateTime.addon-background-update-timer", 1420), ,[bca181746f1ae65091e11cac6b9a7c84]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make c), ,[ef6e2bca7c0def47d49e92367194ef11]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ), ,[9dc0c82d90f9b18584eeffc9689d58a8]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make ), ,[2538609595f432047df50abe9c69847c]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make changes to ), ,[ea739d582e5b2f07175b963265a08a76]
PUP.Optional.MySearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.instlRef", "140305_b");), ,[bda0b83d6d1c201657134b7d44c16799]
PUP.Optional.MySearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (mysearch.instlRef", "140305_b");
user_pref("extensi), ,[cd90599cbbceab8babbfc404df26a55b]
PUP.Optional.MySearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (s.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "1895202918");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0Fy), ,[2439807536534de9ef7b923619ec53ad]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q&cr=1895202918&ir=");), ,[6bf255a093f61e18294a6d5bb84dfc04]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (tDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B), ,[5b027f763950ac8ac4afcdfb6f96a35d]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (ons.irmysearch.instlRef", "140305_b");
user_pref("extensions.i), ,[510cbc396920a0961b580eba6c99827e]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (rch.instlRef", "140305_b");
user_pref("extensions), ,[1d40a64f4d3c5bdbeb880cbc8481d12f]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (sions.irmysearch.instlRef", "140305_b");
user_pref("), ,[3429ba3b7d0c7eb8eb889731b451619f]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (ns.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "1895202918");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0), ,[124b787de3a654e2b6bdb11700056c94]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (tDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q");

user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByCyB0FtGtD0), ,[035a8a6b86037bbba5ce824659acc33d]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q"), ,[6feefcf92564d36300739830a75e03fd]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (search.instlRef", "140305_b");
user_pref("extensions.i), ,[83da5c99d9b02c0ad69de2e66d98f709]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (.irmysearch.instlRef", "140305_b");
user_pref("extens), ,[5effce274c3de94d78fbf7d18c7911ef]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (s.irmysearch.instlRef", "140305_b");
user_pref("extens), ,[ff5e75804049c2747102fccc35d0e21e]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmys), ,[0b52698c92f7f640e88bfbcd6c99ba46]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (ch.instlRef", "140305_b");
user_pref("extensions.irmysearch.), ,[d786f9fcd7b22511b4bf87417e877c84]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (earch.instlRef", "140305_b");
user_pref("extensions.irmyse), ,[2835767f3b4e7abcbdb6943431d4bd43]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (ysearch.instlRef", "140305_b");
user_pref("extensions.ir), ,[d08d25d03059fd39551eb216c44101ff]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (rmysearch.instlRef", "140305_b");
user_pref("extension), ,[2c3129ccc6c379bdd99ae6e29471f709]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (.irmysearch.instlRef", "140305_b");
user_pref("exte), ,[8fce40b575142115df94af19a95c57a9]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (ons.irmysearch.instlRef", "140305_b");
user_pref("extensi), ,[1e3f7283ff8af0462c4710b849bcf709]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (mysearch.instlRef", "140305_b");
user_pref("exte), ,[6feee70efa8f5adc0a692e9a768f7090]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (nsions.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "189), ,[45180de8315840f641327850e81d8f71]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (_b");
user_pref("extensions.irmysearch.cr", "189520), ,[c895fbfa8504b2843d369830966f7888]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (ons.irmysearch.instlRef", "140305_b");
user_pref("ext), ,[80dd95603d4ccf6791e26e5adf269d63]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (s.irmysearch.instlRef", "140305_b");
user_pref("extensions.irmysearch.cr", "1895202918");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEy), ,[015ce411a2e7ec4a185bbd0b877e05fb]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (zutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0A), ,[6df01adb96f322145c17cff93cc917e9]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (zu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q&cr=1895202918&ir=");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdi), ,[85d8698c157475c1fc78497f5baac838]
PUP.Optional.MySearchDial.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js, Gut: (), Schlecht: (tDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByCyB0FtGtD0AyBtCtG0F0B0F0AtGtA0AzytBzz0B0D0DtDyB0DyC2Q");

user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyB), ,[afae38bd4e3b2610caaa14b416efea16]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 16:32:50
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Systweak
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Advanced System Protector

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByCyB[...]
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1895202918");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "140305_b");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "ir_14_11_ff");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1VB0AyEtBtG0FyEyBtAtGtBtByBtCtGtC0B0EtDtDzz0FtG0ByC[...]
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1895202918");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtD[...]
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.id", "B8975A781EBE4BE8");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16143");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_b");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AyBzztC0E0B0EyE0B0EzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[x39fp4t4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.018:8:7");

*************************

AdwCleaner[R0].txt - [6397 octets] - [09/01/2015 16:31:12]
AdwCleaner[S0].txt - [6334 octets] - [09/01/2015 16:32:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6394 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by User on 09.01.2015 at 17:20:54,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\x39fp4t4.default\searchplugins\avira-safesearch.xml
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\x39fp4t4.default\minidumps [88 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at 17:28:40,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by User at 2015-01-09 17:32:10
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Any Video Converter 5.7.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Short Movie Creator (HKLM-x32\...\{B2817391-97C2-4A88-A952-14920594BD62}) (Version: 1.3.0 - Nikon)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{A0989FD5-B866-4217-8F08-4846AC5BE4B0}) (Version: 9.0 - Star Finanz GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\{BAD965D8-EAB0-4177-A728-1541797CEF9F}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-01-2015 15:23:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D8C8CE6-8760-4682-AD17-3757F00381D3} - System32\Tasks\{E5377033-A609-4846-97DB-DAC41DA52E9C} => pcalua.exe -a "C:\Users\User\Desktop\Virenscanner (bitte installieren!)\GDATA 2014 Internet Security Vollversion - Installation starten.exe" -d "C:\Users\User\Desktop\Virenscanner (bitte installieren!)"
Task: {21B1F005-8405-484C-A734-BAFA294ED322} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {51F24C46-BA26-4763-B4A6-0D39005F59C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {59B101E8-CE48-48E3-9C6B-DB33772F8576} - System32\Tasks\{E7067897-0BAC-4CB2-9F86-A61330EBD0E0} => pcalua.exe -a "C:\Users\User\Downloads\Treiber und Software\delinf_10190 Treiberdeinstallation.EXE" -d "C:\Users\User\Downloads\Treiber und Software"
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION
Task: {AF61CFDD-CF2F-488A-9B81-E9566839249B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D62BEAE9-2F3F-41B5-BD9B-37072200D163} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D98416E4-07C5-465B-B7D5-848EA11C4AC4} - System32\Tasks\Install_SSD => C:\Users\Default\AppData\Roaming\systweak\ssd\SSDPTstub.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-03-30 07:32 - 2009-03-30 07:32 - 00032768 ____R () C:\Windows\DAODx.exe
2006-09-19 08:07 - 2006-09-19 08:07 - 00827392 _____ () C:\Windows\vsnpstd3.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____C () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-03-27 20:21 - 2007-05-31 07:38 - 00167936 ____C () C:\Windows\SysWOW64\SerialXP.dll
2014-08-04 13:53 - 2011-01-13 10:44 - 00232800 ____C () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-12-09 19:19 - 2014-12-09 19:19 - 03758192 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3928150652-2756980015-3035233101-500 - Administrator - Disabled)
Gast (S-1-5-21-3928150652-2756980015-3035233101-501 - Limited - Disabled)
User (S-1-5-21-3928150652-2756980015-3035233101-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/25/2014 04:48:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: AMD A8-5600K APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 26%
Total physical RAM: 7348.88 MB
Available physical RAM: 5418.93 MB
Total Pagefile: 14695.93 MB
Available Pagefile: 12305.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:466.07 GB) (Free:406.82 GB) NTFS
Drive f: (Privat) (Fixed) (Total:465.34 GB) (Free:464.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0DA7C2E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 17:31:41
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\DAODx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Tcpip\..\Interfaces\{1F8D4A49-6648-458B-8414-890EAE2121DC}: [NameServer] 217.0.43.17 217.0.43.49

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\ixquick-https---deutsch.xml
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Cliqz Beta - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\cliqz@cliqz.com.xpi [2014-09-09]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2014-11-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-10] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 17:31 - 2015-01-09 17:31 - 00011272 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-09 17:28 - 2015-01-09 17:28 - 00001026 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 17:20 - 2015-01-09 17:20 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 16:37 - 2015-01-09 16:37 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 16:31 - 2015-01-09 16:32 - 00000000 ____D () C:\AdwCleaner
2015-01-09 16:30 - 2015-01-09 16:30 - 02191360 _____ () C:\Users\User\Desktop\AdwCleaner_4.107.exe
2015-01-09 16:28 - 2015-01-09 16:28 - 00015991 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 15:25 - 2015-01-09 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 15:21 - 2015-01-09 15:44 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-09 15:18 - 2015-01-09 15:19 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.08.2.1001.exe
2015-01-09 15:12 - 2015-01-09 15:12 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-01-09 14:20 - 2015-01-09 14:21 - 00033571 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-09 14:20 - 2015-01-09 14:21 - 00020130 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-09 14:19 - 2015-01-09 17:31 - 00000000 ____D () C:\FRST
2015-01-09 14:19 - 2015-01-09 14:19 - 02124288 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-09 13:57 - 2015-01-09 13:57 - 00000000 ____D () C:\Users\User\Documents\Gdata
2015-01-09 13:01 - 2015-01-09 16:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 13:01 - 2015-01-09 13:01 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 13:00 - 2015-01-09 15:35 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 12:50 - 2015-01-09 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 20:44 - 2015-01-08 20:44 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-08 20:42 - 2015-01-08 20:42 - 01581592 _____ (NCH Software) C:\Users\User\Downloads\Kamera.exe
2015-01-02 12:45 - 2015-01-02 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-02 12:35 - 2015-01-02 12:35 - 00000000 ____D () C:\ProgramData\Nikon
2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\Users\User\Downloads\Nikon 1
2014-12-31 13:34 - 2014-12-31 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-31 13:33 - 2014-12-31 13:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-31 13:32 - 2014-12-31 13:33 - 00000000 ___DC () C:\Program Files\Common Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00002057 _____ () C:\Users\Public\Desktop\ViewNX 2.lnk
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\ProgramData\Organic
2014-12-31 13:32 - 2014-12-31 13:32 - 00000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-12-31 13:32 - 2014-12-31 13:32 - 00000012 ___RH () C:\ProgramData\Pianos and Keyboards
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ___DC () C:\Program Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-12-31 13:31 - 2014-12-31 13:34 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-12-31 13:31 - 2014-12-31 13:31 - 00002176 _____ () C:\Users\Public\Desktop\Short Movie Creator.lnk
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature Sounds
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Multipressor
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Organs
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Noise Gate
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Pipe Organ
2014-12-31 13:31 - 2014-12-31 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Short Movie Creator
2014-12-31 13:30 - 2014-12-31 13:34 - 00000000 ___DC () C:\Program Files (x86)\Nikon
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Ultima_T15
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\EnterNHelp
2014-12-31 13:30 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Piano Hard
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Percussion Kit
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\NetServices
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\ProgramData\Overdrive
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeu.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Robot
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Plants
2014-12-31 13:29 - 2014-12-31 13:29 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 13:28 - 2014-12-31 13:28 - 00001853 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ___DC () C:\Program Files (x86)\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-31 13:27 - 2014-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2014-12-18 09:50 - 2014-12-18 11:42 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:50 - 2014-12-18 11:42 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 10:08 - 2014-12-15 10:08 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2014-12-15 10:07 - 2014-12-15 10:07 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-12-15 10:02 - 2014-12-15 10:02 - 01177424 _____ () C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe
2014-12-12 03:15 - 2014-12-12 03:15 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:01 - 2014-12-12 03:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:01 - 2014-12-12 03:01 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 15:30 - 2014-12-12 03:04 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 15:30 - 2014-12-12 03:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 17:29 - 2011-06-26 21:04 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-09 16:54 - 2014-03-22 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 16:41 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:41 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:40 - 2009-07-14 18:58 - 09466196 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 16:40 - 2009-07-14 18:58 - 02881630 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 16:40 - 2009-07-14 06:13 - 00006536 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 16:38 - 2011-05-25 03:18 - 01276214 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 16:33 - 2014-11-17 16:59 - 00008680 _____ () C:\Windows\PFRO.log
2015-01-09 16:33 - 2014-10-13 14:27 - 00011636 _____ () C:\Windows\setupact.log
2015-01-09 16:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\systweak
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\systweak
2015-01-09 13:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-09 12:49 - 2014-09-22 23:57 - 00000000 ____D () C:\Users\User\Downloads\Antivirentools
2015-01-08 23:28 - 2014-03-30 16:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-08 23:05 - 2014-03-27 20:02 - 00000000 ___DC () C:\Program Files (x86)\StarMoney 9.0
2015-01-06 04:36 - 2014-03-14 13:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 12:45 - 2014-03-30 16:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-02 12:44 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-12-31 14:08 - 2014-03-14 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-31 13:34 - 2011-05-25 03:25 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 13:31 - 2003-03-18 19:05 - 00106496 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2014-12-16 08:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:15 - 2014-04-24 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:04 - 2014-03-21 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 03:04 - 2013-07-15 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2013-07-14 16:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 15:23 - 2014-08-25 17:14 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-11 15:23 - 2014-03-22 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 15:22 - 2014-03-22 08:18 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 15:22 - 2014-03-22 08:18 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:26 - 2014-03-19 20:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\tmd_34011268.exe
C:\Users\User\AppData\Local\Temp\tmd_34013928.exe
C:\Users\User\AppData\Local\Temp\tmd_34018826.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 09.01.2015, 17:35   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 17:52   #9
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by User at 2015-01-09 17:48:51 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D759583-D093-4D62-8787-AA5A33B65F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D759583-D093-4D62-8787-AA5A33B65F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\i-Setup042718" => Key deleted successfully.
EmptyTemp: => Removed 470.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:51:41 ====
         

Alt 09.01.2015, 19:46   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



und weiter
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 19:55   #11
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a3227797aa62fa449910cd52e2d1d39e
# engine=21890
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 06:47:06
# local_time=2015-01-09 07:47:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 19383 172459076 0 0
# scanned=140807
# found=5
# cleaned=0
# scan_time=4739
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=348DB0A03942417870F87F69F442EFEF9586D0D4 ft=1 fh=cc60e7fab1fa522a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe"
sh=5382C568ED2238456C82AC0CEC23CD62A7CE9AEE ft=1 fh=0d6859b2e149c6ab vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Antivirentools\Sophos Virus Removal Tool - CHIP-Installer.exe"
sh=8A5A0BB3ED954190FBC7812BFFF71FEB8B1B71FE ft=1 fh=677108357d6e4d56 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Nikon 1\Nikon 1 V2 Bedienungsanleitung - CHIP-Installer.exe"
sh=9B0B5C18EA3ED08514A572FDB932EC978103A4BB ft=1 fh=2c2fd6cb77eb4402 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Treiber und Software\Free Download Manager - CHIP-Installer.exe"
         
Bin dran ;-) Dauert sein Weilchen .
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G DATA INTERNET SECURITY   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Mozilla Thunderbird (24.4.0) 
````````Process Check: objlist.exe by Laurent````````  
 G Data InternetSecurity Firewall GDFirewallTray.exe 
 G Data InternetSecurity Firewall GDFwSvcx64.exe 
 StarMoney 9.0 ouservice StarMoneyOnlineUpdate.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 19:56:47
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\DAODx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Tcpip\..\Interfaces\{1F8D4A49-6648-458B-8414-890EAE2121DC}: [NameServer] 217.0.43.17 217.0.43.49

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\ixquick-https---deutsch.xml
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Cliqz Beta - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\cliqz@cliqz.com.xpi [2014-09-09]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2014-11-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-10] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 19:52 - 2015-01-09 19:53 - 00852505 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-01-09 19:48 - 2015-01-09 19:48 - 00000710 _____ () C:\Users\User\Desktop\Eset.txt
2015-01-09 18:21 - 2015-01-09 18:22 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2015-01-09 17:32 - 2015-01-09 17:32 - 00013456 _____ () C:\Users\User\Desktop\Addition.txt
2015-01-09 17:31 - 2015-01-09 19:56 - 00011181 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-09 17:28 - 2015-01-09 17:28 - 00001026 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 17:20 - 2015-01-09 17:20 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 16:37 - 2015-01-09 16:37 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 16:31 - 2015-01-09 16:32 - 00000000 ____D () C:\AdwCleaner
2015-01-09 16:30 - 2015-01-09 16:30 - 02191360 _____ () C:\Users\User\Desktop\AdwCleaner_4.107.exe
2015-01-09 16:28 - 2015-01-09 16:28 - 00015991 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 15:25 - 2015-01-09 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 15:21 - 2015-01-09 15:44 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-09 15:18 - 2015-01-09 15:19 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.08.2.1001.exe
2015-01-09 15:12 - 2015-01-09 15:12 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-01-09 14:20 - 2015-01-09 14:21 - 00033571 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-09 14:20 - 2015-01-09 14:21 - 00020130 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-09 14:19 - 2015-01-09 19:56 - 00000000 ____D () C:\FRST
2015-01-09 14:19 - 2015-01-09 14:19 - 02124288 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-09 13:57 - 2015-01-09 13:57 - 00000000 ____D () C:\Users\User\Documents\Gdata
2015-01-09 13:01 - 2015-01-09 16:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 13:01 - 2015-01-09 13:01 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 13:00 - 2015-01-09 15:35 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 12:50 - 2015-01-09 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 20:44 - 2015-01-08 20:44 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-08 20:42 - 2015-01-08 20:42 - 01581592 _____ (NCH Software) C:\Users\User\Downloads\Kamera.exe
2015-01-02 12:45 - 2015-01-02 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-02 12:35 - 2015-01-02 12:35 - 00000000 ____D () C:\ProgramData\Nikon
2014-12-31 13:37 - 2014-12-31 13:37 - 00000000 ____D () C:\Users\User\Downloads\Nikon 1
2014-12-31 13:34 - 2014-12-31 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-31 13:33 - 2014-12-31 13:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-31 13:32 - 2014-12-31 13:33 - 00000000 ___DC () C:\Program Files\Common Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00002057 _____ () C:\Users\Public\Desktop\ViewNX 2.lnk
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\ProgramData\Organic
2014-12-31 13:32 - 2014-12-31 13:32 - 00000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-12-31 13:32 - 2014-12-31 13:32 - 00000012 ___RH () C:\ProgramData\Pianos and Keyboards
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ___DC () C:\Program Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-12-31 13:31 - 2014-12-31 13:34 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-12-31 13:31 - 2014-12-31 13:31 - 00002176 _____ () C:\Users\Public\Desktop\Short Movie Creator.lnk
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature Sounds
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Multipressor
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Organs
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Noise Gate
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Pipe Organ
2014-12-31 13:31 - 2014-12-31 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Short Movie Creator
2014-12-31 13:30 - 2014-12-31 13:34 - 00000000 ___DC () C:\Program Files (x86)\Nikon
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Ultima_T15
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\EnterNHelp
2014-12-31 13:30 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Piano Hard
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Percussion Kit
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\NetServices
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\ProgramData\Overdrive
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeu.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Robot
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Plants
2014-12-31 13:29 - 2014-12-31 13:29 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 13:28 - 2014-12-31 13:28 - 00001853 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ___DC () C:\Program Files (x86)\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-31 13:27 - 2014-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2014-12-18 09:50 - 2014-12-18 11:42 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:50 - 2014-12-18 11:42 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 10:08 - 2014-12-15 10:08 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2014-12-15 10:07 - 2014-12-15 10:07 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-12-15 10:02 - 2014-12-15 10:02 - 01177424 _____ () C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe
2014-12-12 03:15 - 2014-12-12 03:15 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:01 - 2014-12-12 03:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:01 - 2014-12-12 03:01 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 15:30 - 2014-12-12 03:04 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 15:30 - 2014-12-12 03:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 19:54 - 2014-03-22 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 18:02 - 2009-07-14 18:58 - 09510326 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 18:02 - 2009-07-14 18:58 - 02895688 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 18:02 - 2009-07-14 06:13 - 00006536 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 18:00 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 18:00 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 17:56 - 2011-05-25 03:18 - 01288912 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 17:52 - 2014-11-17 16:59 - 00009946 _____ () C:\Windows\PFRO.log
2015-01-09 17:52 - 2014-10-13 14:27 - 00011748 _____ () C:\Windows\setupact.log
2015-01-09 17:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 17:29 - 2011-06-26 21:04 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\systweak
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\systweak
2015-01-09 13:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-09 12:49 - 2014-09-22 23:57 - 00000000 ____D () C:\Users\User\Downloads\Antivirentools
2015-01-08 23:28 - 2014-03-30 16:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-08 23:05 - 2014-03-27 20:02 - 00000000 ___DC () C:\Program Files (x86)\StarMoney 9.0
2015-01-06 04:36 - 2014-03-14 13:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 12:45 - 2014-03-30 16:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-02 12:44 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-12-31 14:08 - 2014-03-14 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-31 13:34 - 2011-05-25 03:25 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 13:31 - 2003-03-18 19:05 - 00106496 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2014-12-16 08:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:15 - 2014-04-24 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:04 - 2014-03-21 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 03:04 - 2013-07-15 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2013-07-14 16:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 15:23 - 2014-08-25 17:14 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-11 15:23 - 2014-03-22 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 15:22 - 2014-03-22 08:18 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 15:22 - 2014-03-22 08:18 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:26 - 2014-03-19 20:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 09.01.2015, 20:51   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe

C:\Users\User\Downloads\Antivirentools\Sophos Virus Removal Tool - CHIP-Installer.exe

C:\Users\User\Downloads\Nikon 1\Nikon 1 V2 Bedienungsanleitung - CHIP-Installer.exe

C:\Users\User\Downloads\Treiber und Software\Free Download Manager - CHIP-Installer.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 21:46   #13
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by User at 2015-01-09 21:03:03 Run:2
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe

C:\Users\User\Downloads\Antivirentools\Sophos Virus Removal Tool - CHIP-Installer.exe

C:\Users\User\Downloads\Nikon 1\Nikon 1 V2 Bedienungsanleitung - CHIP-Installer.exe

C:\Users\User\Downloads\Treiber und Software\Free Download Manager - CHIP-Installer.exe
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Emptytemp:
         
*****************

C:\Users\User\Downloads\Tor Browser Paket - CHIP-Installer.exe => Moved successfully.
C:\Users\User\Downloads\Antivirentools\Sophos Virus Removal Tool - CHIP-Installer.exe => Moved successfully.
C:\Users\User\Downloads\Nikon 1\Nikon 1 V2 Bedienungsanleitung - CHIP-Installer.exe => Moved successfully.
C:\Users\User\Downloads\Treiber und Software\Free Download Manager - CHIP-Installer.exe => Moved successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
EmptyTemp: => Removed 67.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:03:47 ====
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 21:07:40
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\DAODx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
Tcpip\..\Interfaces\{1F8D4A49-6648-458B-8414-890EAE2121DC}: [NameServer] 217.0.43.17 217.0.43.49

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\searchplugins\ixquick-https---deutsch.xml
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Cliqz Beta - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\cliqz@cliqz.com.xpi [2014-09-09]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\x39fp4t4.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-26] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2014-11-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-10] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 19:52 - 2015-01-09 19:53 - 00852505 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-01-09 19:48 - 2015-01-09 19:48 - 00000710 _____ () C:\Users\User\Desktop\Eset.txt
2015-01-09 18:21 - 2015-01-09 18:22 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe
2015-01-09 17:32 - 2015-01-09 17:32 - 00013456 _____ () C:\Users\User\Desktop\Addition.txt
2015-01-09 17:31 - 2015-01-09 21:07 - 00010598 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-09 17:28 - 2015-01-09 17:28 - 00001026 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 17:20 - 2015-01-09 17:20 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 16:37 - 2015-01-09 16:37 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 16:31 - 2015-01-09 16:32 - 00000000 ____D () C:\AdwCleaner
2015-01-09 16:30 - 2015-01-09 16:30 - 02191360 _____ () C:\Users\User\Desktop\AdwCleaner_4.107.exe
2015-01-09 16:28 - 2015-01-09 16:28 - 00015991 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 15:25 - 2015-01-09 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 15:21 - 2015-01-09 15:44 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-09 15:18 - 2015-01-09 15:19 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.08.2.1001.exe
2015-01-09 15:12 - 2015-01-09 15:12 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2015-01-09 14:20 - 2015-01-09 14:21 - 00033571 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-09 14:20 - 2015-01-09 14:21 - 00020130 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-09 14:19 - 2015-01-09 21:07 - 00000000 ____D () C:\FRST
2015-01-09 14:19 - 2015-01-09 14:19 - 02124288 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-09 13:57 - 2015-01-09 13:57 - 00000000 ____D () C:\Users\User\Documents\Gdata
2015-01-09 13:01 - 2015-01-09 16:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 13:01 - 2015-01-09 13:01 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 13:00 - 2015-01-09 15:35 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 13:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 12:50 - 2015-01-09 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 12:50 - 2015-01-09 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-08 20:44 - 2015-01-08 20:44 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-08 20:42 - 2015-01-08 20:42 - 01581592 _____ (NCH Software) C:\Users\User\Downloads\Kamera.exe
2015-01-02 12:45 - 2015-01-02 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-02 12:35 - 2015-01-02 12:35 - 00000000 ____D () C:\ProgramData\Nikon
2014-12-31 13:37 - 2015-01-09 21:03 - 00000000 ____D () C:\Users\User\Downloads\Nikon 1
2014-12-31 13:34 - 2014-12-31 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-31 13:33 - 2014-12-31 13:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-31 13:32 - 2014-12-31 13:33 - 00000000 ___DC () C:\Program Files\Common Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00002057 _____ () C:\Users\Public\Desktop\ViewNX 2.lnk
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature
2014-12-31 13:32 - 2014-12-31 13:32 - 00000268 ___RH () C:\ProgramData\Organic
2014-12-31 13:32 - 2014-12-31 13:32 - 00000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-12-31 13:32 - 2014-12-31 13:32 - 00000012 ___RH () C:\ProgramData\Pianos and Keyboards
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ___DC () C:\Program Files\Nikon
2014-12-31 13:32 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-12-31 13:31 - 2014-12-31 13:34 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-12-31 13:31 - 2014-12-31 13:31 - 00002176 _____ () C:\Users\Public\Desktop\Short Movie Creator.lnk
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Nature Sounds
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Multipressor
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Organs
2014-12-31 13:31 - 2014-12-31 13:31 - 00000268 ___RH () C:\ProgramData\Noise Gate
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-12-31 13:31 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Pipe Organ
2014-12-31 13:31 - 2014-12-31 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Short Movie Creator
2014-12-31 13:30 - 2014-12-31 13:34 - 00000000 ___DC () C:\Program Files (x86)\Nikon
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\Ultima_T15
2014-12-31 13:30 - 2014-12-31 13:32 - 00000000 ____D () C:\ProgramData\EnterNHelp
2014-12-31 13:30 - 2014-12-31 13:31 - 00000012 ___RH () C:\ProgramData\Piano Hard
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\Percussion Kit
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\Users\User\AppData\Roaming\NetServices
2014-12-31 13:30 - 2014-12-31 13:30 - 00000268 ___RH () C:\ProgramData\Overdrive
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeu.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Robot
2014-12-31 13:30 - 2014-12-31 13:30 - 00000012 ___RH () C:\ProgramData\Plants
2014-12-31 13:29 - 2014-12-31 13:29 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 13:28 - 2014-12-31 13:28 - 00001853 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ___DC () C:\Program Files (x86)\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-31 13:28 - 2014-12-31 13:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-31 13:27 - 2014-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2014-12-18 09:50 - 2014-12-18 11:42 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:50 - 2014-12-18 11:42 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 10:08 - 2014-12-15 10:08 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2014-12-15 10:07 - 2014-12-15 10:07 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-12-12 03:15 - 2014-12-12 03:15 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 03:01 - 2014-12-12 03:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 03:01 - 2014-12-12 03:01 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 15:30 - 2014-12-12 03:04 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 15:30 - 2014-12-12 03:04 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 15:30 - 2014-12-12 03:01 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 15:30 - 2014-12-12 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 15:30 - 2014-12-12 03:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 15:30 - 2014-12-12 03:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 15:30 - 2014-12-12 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:01 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 15:28 - 2014-12-12 03:01 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 15:28 - 2014-12-12 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 21:08 - 2014-03-30 16:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-09 21:04 - 2014-11-17 16:59 - 00012918 _____ () C:\Windows\PFRO.log
2015-01-09 21:04 - 2014-10-13 14:27 - 00011804 _____ () C:\Windows\setupact.log
2015-01-09 21:04 - 2011-05-25 03:18 - 01293944 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 21:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 21:03 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-09 21:03 - 2014-09-22 23:57 - 00000000 ____D () C:\Users\User\Downloads\Antivirentools
2015-01-09 21:03 - 2014-06-06 13:21 - 00000000 ____D () C:\Users\User\Downloads\Treiber und Software
2015-01-09 20:54 - 2014-03-22 08:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 18:02 - 2009-07-14 18:58 - 09510326 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 18:02 - 2009-07-14 18:58 - 02895688 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 18:02 - 2009-07-14 06:13 - 00006536 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 18:00 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 18:00 - 2009-07-14 05:45 - 00032592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 17:29 - 2011-06-26 21:04 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default\AppData\Roaming\systweak
2015-01-09 13:14 - 2014-05-14 17:39 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\systweak
2015-01-09 13:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-08 23:05 - 2014-03-27 20:02 - 00000000 ___DC () C:\Program Files (x86)\StarMoney 9.0
2015-01-06 04:36 - 2014-03-14 13:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 12:45 - 2014-03-30 16:31 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-02 12:45 - 2014-03-30 16:31 - 00000000 ____D () C:\ProgramData\Skype
2014-12-31 14:08 - 2014-03-14 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-31 13:34 - 2011-05-25 03:25 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 13:31 - 2003-03-18 19:05 - 00106496 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2014-12-16 08:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 03:15 - 2014-04-24 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 03:04 - 2014-03-21 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 03:04 - 2013-07-15 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 03:02 - 2013-07-14 16:33 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 15:23 - 2014-08-25 17:14 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-11 15:23 - 2014-03-22 08:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 15:22 - 2014-03-22 08:18 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 15:22 - 2014-03-22 08:18 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 09:26 - 2014-03-19 20:16 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Kannst du mir erklären, was sich da auf meinem PC eingefunden hatte?

Alt 10.01.2015, 11:33   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Da war nur ADware


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 12:09   #15
Visuti3
 
Gdata Fund : Zugriff verweigert - Standard

Gdata Fund : Zugriff verweigert



Nochmals vielen Dank
Ich habe die meisten deiner Anregegungen schon auf dem PC gehabt. ( WOT, ABP und das up-do- date- Halten). Ich nutze Mozilla und habe G-Data gekauft. Ich möchte eigentlich auch weniger auf google suchen , sondern z.B. auf xquick. Das ist halt bloß mit mehr Mühe verbunden. Ist "No script" auch zu empfehlen und wenn ja: sollte man dann grundsätzlich nur temporär etwas zulassen? Und wie stehst du zum "Tor-Browser?

Antwort

Themen zu Gdata Fund : Zugriff verweigert
appdata, code, data, dateien, ergebnis, festplatte, folge, fund, gdata, infizierte, internet, logfiles, microsoft, prozesse, prüfen, scan, signaturen, speicher, system volume information, system32, temp, windows, wmi, zugriff, zugriff verweigert



Ähnliche Themen: Gdata Fund : Zugriff verweigert


  1. Fehler 5: Zugriff verweigert
    Log-Analyse und Auswertung - 16.08.2014 (1)
  2. G DATA Virenprüfung von Web-Inhalten, Fund, Zugriff wurde verweigert
    Log-Analyse und Auswertung - 27.01.2014 (22)
  3. Admin-PW abgelaufen - Zugriff verweigert
    Alles rund um Windows - 10.02.2013 (4)
  4. Nvcpl.dll zugriff verweigert
    Log-Analyse und Auswertung - 04.07.2012 (7)
  5. NOD32 URL, Zugriff verweigert
    Mülltonne - 08.09.2011 (17)
  6. Gdata zeigt sehr viele zugriff verweigert dateien an...
    Antiviren-, Firewall- und andere Schutzprogramme - 02.03.2010 (5)
  7. Zugriff auf Antivirenseiten etc. verweigert....
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (5)
  8. Gdata Zugriff verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 13.12.2008 (3)
  9. Zugriff verweigert - als Admin unter C:\
    Log-Analyse und Auswertung - 16.06.2008 (4)
  10. Windows verweigert Zugriff
    Alles rund um Windows - 08.11.2007 (4)
  11. Laufwerk C:\ : zugriff verweigert!
    Alles rund um Windows - 27.08.2007 (3)
  12. Zugriff verweigert
    Alles rund um Windows - 12.08.2007 (6)
  13. PCI Brückengerät Zugriff verweigert
    Netzwerk und Hardware - 21.04.2007 (1)
  14. Zugriff auf zlclient.exe verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 10.08.2006 (1)
  15. Zugriff verweigert -- Problem
    Plagegeister aller Art und deren Bekämpfung - 15.12.2005 (3)
  16. Zugriff verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 27.12.2004 (1)
  17. Virus - Zugriff verweigert! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2003 (8)

Zum Thema Gdata Fund : Zugriff verweigert - Hallo, ich habe beim heutigen Virenscan folgendes Ergebnis erhalten: Code: Alles auswählen Aufklappen ATTFilter Virenprüfung mit G DATA INTERNET SECURITY Version 25.0.2.3 (26.09.2014) Virensignaturen vom 09.01.2015 Startzeit: 09.01.2015 13:23:56 Engine(s): - Gdata Fund : Zugriff verweigert...
Archiv
Du betrachtest: Gdata Fund : Zugriff verweigert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.