Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SPAM wird von meiner Mail aus an meine Kontakte versendet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2015, 10:26   #1
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Ich habe seit gut 1 Monat folgendes Problem.
Ich erhalte täglich einige E-mails mit verdächtigen Links, die immer von mir bekannten Kontakten (bzw. von Kontakten aus meinem Adressbuch) an mich und teilweise auch an einige andere E-Mail-Adressen versendet werden. Die anderen Adressaten stammen (zumindest teilweise oder vielleicht auch ausschließlich) aus meinen Kontaktadressen. Absender und Empfänger kennen sich definitiv nicht, sondern können einzig und allein durch mein Adressbuch zueinander finden.
Aufgefallen ist mir außerdem, dass bei dem Empfängern oft nicht die vollständige Adresse aufscheint, sondern nur die Abkürzung bzw. der Name wie in meinem Adressbuch. Das E-Mail muss daher definitiv über mein Account gesendet werden.

Das E-Mail hat immer dasselbe Layout (Link, Absender-Adresse nochmals eingefügt und Zeitangabe; Betreffangabe allerdings ist immer etwas anders). Die Empfänger sind jedesmal andere (ich bin natürlich immer dabei). Der Absender ist immer ein anderer von meiner Kontaktliste.

Hier ein Beispiel von heute (E-Mail-Adressen wurden von mir hier sicherheitshalber etwas abgeändert)

-----Original Message-----
From: naty [mailto:naty@liberoo.it]
Sent: Saturday, March 07, 2015 1:15 PM
To: udin; associazionnic; puntoenedine; barbaralera; mato (hier also steht meine Mail-Adresse); petllo; anci; info; gioiodorio
Subject: 3/7/2015 12:14:51 AM

hxxp://www.deviantsart.com/34ungjo.png

--------------
naty@liberoo.it

3/7/2015 12:14:51 AM




Noch etwas sehr kurioses.
Meine E-Mail ist eine registrierte Domain (sagt man so??), also z.B. mato@mato.de
Auf dem selben Rechner (im selben Outlook) erhalte ich auch die Email familie@mato.de
Meine Frau benutzt auf Ihrem PC (anderes Gerät, aber im selben Netzwerk) die Mail frau@mato.de


Das Problem betrifft alle 3 Mails, also auch die email frau@mato.de, obwohl es sich um einen anderen Rechner handelt (mit selbem Internetzugang).

Ich habe F-Secure als Antivirus-Schutz. Dieses findet kein Problem. Hier der Bericht:
Scan-Bericht
Samstag, 7. März 2015 10:18:51 - 10:23:59
Computername: PC
Scan-Methode: Viren- und Spyware-Scan
Ziel: System


--------------------------------------------------------------------------------

Ergebnis
Keine Malware gefunden




--------------------------------------------------------------------------------

Statistiken
Gescannt:
Dateien: 20273
Nicht gescannt: 0
Ergebnis:
Viren: 0
Spyware: 0
Verdächtige Elemente: 0
Riskware: 0
Aktionen:
Desinfiziert: 0
Umbenannt: 0
Gelöscht: 0
In Quarantäne: 0
Fehlgeschl.: 0
Boot-Sektoren:
Gescannt: 0
Infiziert: 0
Verdächtige Elemente: 0
Desinfiziert: 0


--------------------------------------------------------------------------------

Optionen
Version der Definitionen:
Viren: 2015-03-06_07
Spyware: 2015-03-06_07
Scan-Module:
F-Secure Aquarius: 11.00.01, 2015-03-06
F-Secure Hydra: 5.13.68, 2015-03-06
F-Secure Online: 13.90.22, 0-00-00
F-Secure Gemini: 3.02.328, 2015-02-25
Scan-Optionen:
Definierte Dateien scannen: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 TMP VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Archive scannen
Aktionen:
Viren: Nach Scannen fragen
Spyware: Nach Scannen fragen


Kann mir vielleicht jemand von Euch weiterhelfen oder raten, was ich testen könnte, um das Problem loszuwerden?
Danke vorab

Alt 07.03.2015, 11:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 07.03.2015, 13:45   #3
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Danke für die rasche Antwort.
Hier sind die beiden Files



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Marvin (administrator) on MARVIN-PC on 07-03-2015 13:32:30
Running from C:\Users\marvin\Desktop
Loaded Profiles: Marvin & UpdatusUser (Available profiles: Marvin & UpdatusUser & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNJAE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [2566144 2014-04-17] (May Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2011-12-13] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [F-Secure Hoster (41035)] => C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1084840 2012-05-16] (Nokia)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [Akidynivi] => C:\Users\Marvin\AppData\Roaming\Koet\ilti.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-19] (Google Inc.)
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\MountPoints2: {4a1f5f18-bc2f-11e1-9ce5-4487fc8b29e2} - F:\LaunchU3.exe -a
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\MountPoints2: {66704687-0f90-11e0-8ed5-806e6f6e6963} - E:\Service.exe
HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\MountPoints2: {cb6399bc-0de8-11e2-b9a4-4487fc8b29e2} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-921190-1051346105-2666659791-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-921190-1051346105-2666659791-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.it/
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {6E9EFEDA-2EE0-424E-A3A6-942521C180EE} URL = hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11461&pf=V7&p2=^BE7^OSJ000^YY^IT&gct=&itbv=12.24.1.53&apn_uid=95B0EA29-79FB-48E6-9FE7-497F2D1D8E13&apn_ptnrs=BE7&apn_dtid=^OSJ000^YY^IT&apn_dbr=ie_9.0.8112.16476&doi=2015-03-06&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {757E2975-20B1-4AA5-A9AE-E1F46D2267BB} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> {CE2E3337-FFE8-44D0-814E-D11CA318A172} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q={searchTerms}&src=IE-SearchBox
BHO: Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können. -> {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
BHO: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll (F-Secure Corporation)
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können. -> {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll (F-Secure Corporation)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3C90111F-03C3-4522-96FE-DEA700CC0517} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EE0D7DAF-0F59-4245-924C-488EE3339CA1} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.google.it/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN65823296474436112&UM=&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-921190-1051346105-2666659791-1000: @hola.org/vlc,version=1.6.732 -> C:\Users\Marvin\AppData\Local\Hola\firefox\app\vlc ()
FF user.js: detected! => C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\searchplugins\conduit.xml
FF Extension: softonic.com - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\ffxtlbra@softonic.com [2012-06-18]
FF Extension: Hola Better Internet - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-03-03]
FF Extension: DVDVideoSoftTB  - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-11-20]
FF Extension: DVDVideoSoft Menu - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-01-01]
FF Extension: DownloadHelper - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: Fast Video Download - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013-11-29]
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-08]
FF Extension: DownThemAll! - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{b4208cd3-a949-4cce-a44a-a5e217608fe5}] - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: ROL Secure Total Care - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-28]
FF HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Firefox\Extensions: [finder@meingutscheincode.de] - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF Extension: preisspion.de - C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011-07-20]

Chrome: 
=======
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (preisspion.de) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo [2014-07-03]
CHR Extension: (Skype Click to Call) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-19]
CHR HKLM-x32\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files (x86)\Mein Gutscheincode Finder\Chrome\chrome-extension.crx [2011-07-20]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/ROL Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-09-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-27] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-26] (Freemake) [File not signed]
R2 fshoster; C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-06-18] (Nitro PDF Software)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [45824 2009-12-15] (Advanced Card Systems Ltd.)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-02-24] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-04-07] ()
R3 fsni; C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-09] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 13:32 - 2015-03-07 13:33 - 00029761 _____ () C:\Users\marvin\Desktop\FRST.txt
2015-03-07 13:32 - 2015-03-07 13:32 - 00000000 ____D () C:\FRST
2015-03-07 13:31 - 2015-03-07 13:31 - 02092544 _____ (Farbar) C:\Users\marvin\Desktop\FRST64.exe
2015-03-06 14:31 - 2015-03-06 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 18:39 - 2015-03-05 18:39 - 00000039 _____ () C:\Users\marvin\Desktop\Haendler Italien bioetanolo.txt
2015-03-05 18:34 - 2015-03-05 18:35 - 00000064 _____ () C:\Users\marvin\Desktop\Herstellersuche oefen perfekt.txt
2015-02-27 16:12 - 2015-02-27 16:12 - 00000000 ____D () C:\Users\marvin\Desktop\Stapler Förderung
2015-02-27 15:11 - 2015-02-27 15:11 - 00002835 _____ () C:\Users\marvin\.recently-used.xbel
2015-02-23 08:20 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-13 12:13 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
2015-02-12 18:06 - 2015-02-12 18:08 - 00000000 ____D () C:\Users\marvin\AppData\Local\{DA20E2BE-32D5-4E67-A7D5-B93174138958}
2015-02-12 18:06 - 2015-02-12 18:06 - 00000000 ____D () C:\Users\marvin\AppData\Local\{07494C94-F45C-475A-89A5-A4B8B9CFB434}
2015-02-10 20:05 - 2015-02-10 20:05 - 00011563 _____ () C:\Users\marvin\Desktop\Apros_Calcolo Studio 3.xlsx
2015-02-08 16:27 - 2015-02-08 17:56 - 00002438 _____ () C:\Users\marvin\Desktop\SICILIA.docx.lnk
2015-02-06 17:28 - 2015-02-06 17:28 - 06372800 _____ (Tim Kosse) C:\Users\marvin\Downloads\FileZilla_3.10.1.1_win32-setup.exe
2015-02-05 12:28 - 2015-02-05 12:28 - 00010144 _____ () C:\Users\marvin\Desktop\Zitturi.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 13:27 - 2010-12-27 21:24 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Skype
2015-03-07 13:24 - 2012-04-05 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 13:10 - 2013-07-08 14:53 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Nitro PDF
2015-03-07 13:10 - 2011-01-01 16:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 13:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-07 12:24 - 2011-02-15 12:24 - 00000254 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-03-07 11:15 - 2010-12-24 20:05 - 01536749 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 10:10 - 2011-01-01 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 09:26 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:26 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:20 - 2013-02-01 13:01 - 00000000 ____D () C:\Users\marvin\AppData\Local\6C900BDC-6491-41F6-BC30-09C0ED8B9CBD.aplzod
2015-03-07 09:16 - 2013-05-05 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-07 09:16 - 2011-07-21 07:22 - 00148056 _____ () C:\Windows\error.log
2015-03-07 09:16 - 2011-07-21 07:22 - 00035057 _____ () C:\Windows\errord.log
2015-03-07 09:16 - 2011-04-14 22:06 - 00195077 _____ () C:\Windows\setupact.log
2015-03-07 09:16 - 2010-12-24 20:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 09:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 17:35 - 2014-09-11 15:36 - 00010035 _____ () C:\Users\marvin\Desktop\Privat fatturazione aziendale.xlsx
2015-03-06 16:10 - 2011-08-03 16:28 - 00000000 ____D () C:\Users\marvin\Documents\Marvin privat
2015-03-06 12:44 - 2014-02-16 14:42 - 00000000 ____D () C:\Users\marvin\Documents\Prospekte 2014
2015-03-06 08:27 - 2014-05-07 19:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 08:20 - 2015-01-16 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-06 08:20 - 2015-01-16 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 08:19 - 2010-12-28 19:05 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 14:52 - 2011-12-30 17:10 - 00427768 _____ () C:\Users\marvin\Documents\Lagerplanung 2012.xlsx
2015-03-03 18:35 - 2011-08-03 16:50 - 00000000 ____D () C:\Users\marvin\Documents\Werbung und Marketing
2015-03-03 17:38 - 2014-07-28 11:39 - 00031980 _____ () C:\Users\marvin\Documents\Stunden Christian.xlsx
2015-03-03 09:46 - 2011-08-03 16:32 - 00000000 ____D () C:\Users\marvin\Documents\Rechnungen Online
2015-03-03 08:10 - 2011-07-12 08:21 - 00100850 _____ () C:\Windows\PFRO.log
2015-03-02 09:12 - 2011-01-01 16:20 - 00000000 ____D () C:\Users\marvin\AppData\Local\Google
2015-02-27 15:54 - 2014-09-15 17:56 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\FileZilla
2015-02-27 15:11 - 2011-03-19 17:50 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\gtk-2.0
2015-02-27 15:11 - 2011-03-19 17:47 - 00000000 ____D () C:\Users\marvin\.gimp-2.6
2015-02-26 09:26 - 2011-08-03 16:30 - 00000000 ____D () C:\Users\marvin\Documents\Oranier Ersatzteile
2015-02-23 08:19 - 2013-01-06 11:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-21 11:47 - 2011-08-03 16:32 - 00000000 ____D () C:\Users\marvin\Documents\Vertreter
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-18 08:04 - 2009-07-14 18:58 - 00054252 _____ () C:\Windows\system32\perfh007.dat
2015-02-18 08:04 - 2009-07-14 18:58 - 00016384 _____ () C:\Windows\system32\perfc007.dat
2015-02-18 08:04 - 2009-07-14 06:13 - 00064968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 18:52 - 2011-08-03 16:18 - 00023073 _____ () C:\Users\marvin\Documents\Bartolini vs Executive costo spedizione.xlsx
2015-02-14 13:10 - 2012-04-24 18:26 - 00000000 ____D () C:\Users\marvin\Documents\Ersatzteile Stovax
2015-02-13 12:13 - 2010-12-27 20:41 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk
2015-02-13 12:13 - 2010-12-27 20:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
2015-02-13 12:08 - 2015-01-28 21:02 - 00000000 ____D () C:\Users\marvin\Desktop\Txpen
2015-02-13 08:50 - 2011-03-05 11:43 - 00000000 ___RD () C:\Users\marvin\Dropbox
2015-02-13 08:50 - 2011-03-05 11:41 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Dropbox
2015-02-12 18:06 - 2013-07-15 07:20 - 00000000 ____D () C:\Users\marvin\AppData\Local\Windows Live
2015-02-12 18:05 - 2011-01-12 12:52 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\vlc
2015-02-10 14:28 - 2013-12-24 18:43 - 00000000 ____D () C:\Users\marvin\Documents\Transportschaeden
2015-02-06 10:05 - 2011-01-01 16:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 10:05 - 2011-01-01 16:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 11:24 - 2012-04-05 08:00 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:24 - 2012-04-05 08:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 11:24 - 2011-10-01 09:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-12-20 23:08 - 2012-12-20 23:08 - 0000063 _____ () C:\Users\Marvin\AppData\Roaming\history.Word.pwcdat
2014-04-02 18:45 - 2014-04-02 18:45 - 0038424 _____ () C:\Users\Marvin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-04-02 18:39 - 2014-05-14 16:20 - 0009318 _____ () C:\Users\Marvin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML
2011-12-27 15:27 - 2014-09-17 07:41 - 0005632 _____ () C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-14 13:50 - 2011-04-14 13:50 - 0000017 _____ () C:\Users\Marvin\AppData\Local\resmon.resmoncfg
2011-06-11 14:30 - 2011-06-11 14:30 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{06D79572-812A-473F-8B50-1FED958E5004}
2011-05-05 10:25 - 2011-05-05 10:25 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{074A590B-8CB8-4614-9D22-C89C65A72FFF}
2011-05-02 11:42 - 2011-05-02 11:42 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{0A4D009F-1B2A-4222-89CE-F0AA84372B4C}
2011-06-20 07:35 - 2011-06-20 07:35 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{26463968-2256-4067-8BA3-408CC4559ED0}
2011-06-09 22:16 - 2011-06-09 22:16 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{2CBA0092-36A5-43AC-B7CB-6BEBD3FC9B43}
2011-06-30 10:08 - 2011-06-30 10:08 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{31C48999-68FF-4558-BA2F-A9D067050E8F}
2011-11-05 09:39 - 2011-11-05 09:39 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{3A46C7DB-8ACE-4162-8D1C-F846062A168B}
2011-07-01 17:30 - 2011-07-01 17:30 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{4525EDC8-AE25-4C88-BB9B-653D04AB163F}
2011-07-21 07:04 - 2011-07-21 07:04 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{45283ED6-130F-4CF6-9992-695D28CA99DD}
2011-06-28 11:15 - 2011-06-28 11:15 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{4D5D268F-27FA-47A4-97E2-3804524D0AE5}
2011-06-14 09:08 - 2011-06-14 09:08 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{61FA5BC1-99AE-4438-A5CA-65F687C6B857}
2011-07-08 17:23 - 2011-07-08 17:23 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{6A3CB07C-208F-436E-911D-A6F7315A24A5}
2011-07-04 16:48 - 2011-07-04 16:48 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{7AE2434F-78DC-4C56-B36E-A444B8E9BB8F}
2011-06-09 11:49 - 2011-06-09 11:49 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{B5CB7573-B9BA-47FC-8950-723F5986EAA3}
2011-05-16 06:41 - 2011-05-16 06:41 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{BFE05D03-A409-4CC8-A150-9A103D22B406}
2011-07-14 11:23 - 2011-07-14 11:23 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{C5E92C2A-D0A1-4314-AEE3-7AD7A61328C5}
2011-07-20 12:23 - 2011-07-20 12:23 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{CE54DA7A-713B-4A68-8543-AA9D38EBD6D2}
2011-05-02 11:42 - 2011-05-02 11:42 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{D15E6101-0306-4232-A252-E82F5F29A91B}
2011-07-01 11:00 - 2011-07-01 11:00 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{D1FA38E8-7D60-4641-8F90-BBFE0AA4770B}
2011-07-15 07:13 - 2011-07-15 07:13 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{DD95009A-B3E4-478A-A09E-4B52054C45F0}
2011-06-18 06:11 - 2011-06-18 06:11 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{E29AD001-5E0A-447B-B0AF-2BA9BC2AEC4E}
2012-01-19 09:40 - 2012-01-19 09:40 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{F684614D-82AA-44FA-ABD6-053F74A21973}
2011-07-19 19:17 - 2011-07-19 19:17 - 0000000 _____ () C:\Users\Marvin\AppData\Local\{F8E944AF-FB86-4247-8CF7-9926D0DE10D8}
2013-05-30 13:30 - 2013-05-30 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-27 21:27 - 2010-12-27 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
C:\Users\marvin\AppData\Local\Temp\APNSetup.exe
C:\Users\marvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyelynv.dll
C:\Users\marvin\AppData\Local\Temp\FreeScreenVideoRecorder.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.466.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.575.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.794.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.806.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.903.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.144.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.180.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.344.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.449.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.467.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.520.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.540.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.555.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.654.exe
C:\Users\marvin\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.6.732.exe
C:\Users\marvin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\marvin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\marvin\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\marvin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\marvin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 08:37

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Marvin at 2015-03-07 13:33:54
Running from C:\Users\marvin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ROL Secure (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: ROL Secure (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 3 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM-x32\...\Adobe Acrobat  8 Standard - Italiano, Español, Nederlands_831) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard - Italiano, Español, Nederlands) (Version: 8.3.1 - Adobe Systems)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced PDF Repair v2.0 (HKLM-x32\...\Advanced PDF Repair v2.0) (Version:  - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bit4Id - miniLector (HKLM-x32\...\Bit4Id - miniLector) (Version: 3.0 - Bit4id)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Computer Security 14.99.105.0 (release) (x32 Version: 14.99.105.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON PX810FW Series (HKLM\...\EPSON PX810FW Series) (Version:  - SEIKO EPSON Corporation)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version:  - )
EasyBits GO (HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Game Organizer) (Version:  - EasyBits Media)
eDocPrintPro (HKLM\...\{BAC11FF6-53BC-432B-84AD-9141C19F2352}) (Version: 3.20.1 - MAY Computer)
Epson Benutzerhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Useg) (Version:  - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.60.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version:  - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch) (Version:  - )
EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Free Audio CD Burner version 2.0.21.1031 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.21.1031 - DVDVideoSoft Ltd.)
Free DWG Viewer 7.1 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.1 - IGC)
Free Screen Video Recorder version 2.5.39.1122 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.39.1122 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.0 - Ellora Assets Corporation)
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.134 (x32 Version: 1.02.134 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-921190-1051346105-2666659791-1000\...\Google Chrome) (Version: 8.0.552.215 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
gs_x64 (HKLM\...\{344BD061-2564-422E-860F-9E5DC49983AE}) (Version: 9.10 - MAY Computer)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intr@Web Stand-Alone 13.0.0.0 (HKLM-x32\...\Intr@Web Stand-Alone 13.0.0.0) (Version: 13.0.0.0 - Sogei S.p.A.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kernel for Outlook PST Repair Evaluation ver 10.10.01 (HKLM-x32\...\Kernel for Outlook PST Repair - Evaluation Version_is1) (Version:  - Nucleus Data Recovery .com)
Kernel For PDF Repair Evaluation ver 9.11.01 (HKLM-x32\...\Kernel For PDF Repair Evaluation version_is1) (Version:  - Nucleus Data Recovery .com)
Mein Gutscheincode Finder 1.0.0.0 (HKLM-x32\...\{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1) (Version: 1.0.0.0 - Conversion One GmbH)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0407-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nitro Reader 3 (HKLM\...\{553BDFDD-CEE9-4833-97FB-B4C8BF81FFAD}) (Version: 3.5.5.2 - Nitro)
Nokia Software Updater (HKLM-x32\...\{889D48DA-457F-4C8B-9095-6458F2793B12}) (Version: 3.0.605 - Nokia Corporation)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (x32 Version: 3.4.49.0 - Nokia) Hidden
NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Online Safety 2.99.2307.1728 (x32 Version: 2.99.2307.1728 - F-Secure Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook)
PDF Fixer (HKLM-x32\...\PDF Fixer) (Version: 1.0 - PCVARE Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Recovery Toolbox for Word 1.1 (HKLM-x32\...\Recovery Toolbox for Word_is1) (Version:  - Recovery Toolbox, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
ROL Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 41035) (Version: 1.99.192.0 - F-Secure Corporation)
ROL Secure Launch pad (x32 Version: 1.99.192.0 - F-Secure Corporation) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1801}) (Version: 12.24.1.53 - APN, LLC)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Softonic toolbar  on IE (HKLM-x32\...\Softonic) (Version:  - Softonic) <==== ATTENTION
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SolidWorks eDrawings 2013 x64 (HKLM\...\{C218FF91-5C92-4DEC-AA05-322A9D065EE4}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysInfoTools PDF Repair v1.0 (HKLM-x32\...\{B6CA247E-DB92-4F38-B0BC-C5C93E5A3914}_is1) (Version:  - SysInfoTools)
Unigine Heaven Benchmark v2.0 (HKLM-x32\...\{5E9709F3-B39F-4133-AE60-3EC634971E75}) (Version: 2.0 - Unigine Corp.)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Watchtower Library 2004 - Deutsche Ausgabe (HKLM-x32\...\{3112AC55-B32E-4FE8-81D9-D55374961D5B}) (Version:  - )
Watchtower Library 2007 - Deutsch (HKLM-x32\...\{E1E02530-0475-4A86-9071-5524C64CF4CB}) (Version: 9.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - Deutsch (HKLM-x32\...\{8BE514E8-4486-4730-8B68-FA15EEDC942E}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Word Password DEMO version 15.0 (HKLM-x32\...\{BABBE752-6969-42EC-8EAC-4D07604BCD58}_is1) (Version: 15.0 - LastBit.com)
Word Password Recovery Lastic 1.1 (HKLM-x32\...\Word Password Recovery Lastic_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-921190-1051346105-2666659791-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-02-2015 10:38:54 Geplanter Prüfpunkt
09-02-2015 11:28:45 Geplanter Prüfpunkt
17-02-2015 09:54:33 Geplanter Prüfpunkt
24-02-2015 11:37:47 Geplanter Prüfpunkt
04-03-2015 13:37:16 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05697B83-4949-4368-8B24-133394F6C920} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29] (Adobe Systems Incorporated)
Task: {11637952-1AAF-47F0-B99F-35F4358E54D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {342B828C-8CAE-4210-A3E6-AB7C0781DFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43B02A80-5DE4-4895-8C55-E4DD70B7DA4B} - System32\Tasks\{108C941C-308A-467B-A730-09E7C54A5CFB} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {554D857C-0D3C-4DC9-B80C-6E38EE80128F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {55CF7C53-A9BE-4397-ABA2-38DB6F4BA60B} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5944B75D-7124-4BA3-B638-F06EB5520F3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7566BAB7-99B8-4631-B67B-DBD278DD5A14} - System32\Tasks\{F6C27C40-9C4A-476D-A0DB-9E3F6438D981} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {A443A926-D7C2-43A7-A065-7FDA6C489615} - System32\Tasks\{372BBC43-B6A1-4427-BE02-50ECC45EE383} => pcalua.exe -a C:\Users\Marvin\Desktop\Setup.exe -d C:\Users\Marvin\Desktop
Task: {ABBBE6EA-AA4E-457F-BB5C-94EB08A46940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {ADC89731-447A-4ECD-B38B-C3361A31230D} - System32\Tasks\{BE987430-777E-472C-BAB6-099B2F4B0F14} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe [2011-08-30] (Adobe Systems Incorporated)
Task: {AF436C3F-6EC0-479B-8BE7-DD95E4C37B79} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-19 20:33 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00340480 _____ () C:\Windows\system32\siecaces.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00229376 _____ () C:\Windows\system32\gmp4_2_1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\marvin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML:OECustomProperty
AlternateDataStreams: C:\Users\marvin\Documents\Architekten:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Attestati:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Bedienungsanleitungen:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Bilder:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\conmoto:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Cribis PDF:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Documenti PaperPort:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\esclusiva Kasak.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Image Converter Plus:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Marvin privat:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Meine Scans:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Oranier Ersatzteile:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Preislisten:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\prestagionale scan jotul 2008.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Progetto Fuoco 2008 allestimenti:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 07-08:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 08-09:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 2006:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 2009:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Prospekte 2010:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Rechnungen Online:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Samsung PC Studio:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\SightSpeed Recordings:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\SolidWorks Visual Studio Tools for Applications:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Stovax:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\stufe in maiolica gas-Dateien:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Unzipped:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Vertreter:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Visual Studio 2005:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Website 2008 temp-Ordner:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Werbung und Marketing:Roxio EMC Stream
AlternateDataStreams: C:\Users\marvin\Documents\Willach:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-921190-1051346105-2666659791-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-921190-1051346105-2666659791-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-921190-1051346105-2666659791-501 - Limited - Disabled)
Marvin (S-1-5-21-921190-1051346105-2666659791-1000 - Administrator - Enabled) => C:\Users\Marvin
UpdatusUser (S-1-5-21-921190-1051346105-2666659791-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 01:34:01 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2015-03-07  13:34:01+02:00  MARVIN-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/07/2015 11:14:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 363623

Error: (03/07/2015 11:14:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 363623

Error: (03/07/2015 11:14:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2015 11:14:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 362624

Error: (03/07/2015 11:14:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 362624

Error: (03/07/2015 11:14:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2015 11:14:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 361626

Error: (03/07/2015 11:14:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 361626

Error: (03/07/2015 11:14:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/07/2015 01:17:10 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe -Embedding740{B801CA65-A1FC-11D0-85AD-444553540000}

Error: (03/07/2015 09:17:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/06/2015 03:58:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 49.

Error: (03/06/2015 03:58:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 49.

Error: (03/06/2015 10:28:33 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe -Embedding740{B801CA65-A1FC-11D0-85AD-444553540000}

Error: (03/06/2015 07:58:47 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/05/2015 08:14:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 09:03:00 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe -Embedding740{B801CA65-A1FC-11D0-85AD-444553540000}

Error: (03/04/2015 08:18:12 AM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume3\users\Marvin\Desktop\windows6.1-KB976932-X64.exe

Error: (03/04/2015 08:13:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (03/05/2015 00:47:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 00:57:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18751 seconds with 9540 seconds of active time.  This session ended with a crash.

Error: (01/17/2015 02:55:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15738 seconds with 5820 seconds of active time.  This session ended with a crash.

Error: (10/21/2014 07:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45807 seconds with 15780 seconds of active time.  This session ended with a crash.

Error: (09/10/2014 11:35:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/10/2014 07:53:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/25/2014 04:49:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34243 seconds with 7380 seconds of active time.  This session ended with a crash.

Error: (08/04/2014 04:00:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30055 seconds with 12360 seconds of active time.  This session ended with a crash.

Error: (07/24/2014 10:17:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8083 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (07/14/2014 10:01:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 843 seconds with 600 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-01-19 13:41:28.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dxgi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-15 07:45:31.242
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-15 07:45:31.195
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:54:47.524
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:54:47.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:53:44.680
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:53:44.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-11 08:13:59.170
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-11 08:13:59.139
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-08 08:13:49.076
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 4087.12 MB
Available physical RAM: 2152.25 MB
Total Pagefile: 8172.37 MB
Available Pagefile: 4992.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:230.92 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:375.48 GB) NTFS
Drive e: (ORANIER) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00040336)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 07.03.2015, 18:51   #4
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Search App by Ask

    Softonic toolbar on IE


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.03.2015, 12:38   #5
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Ich habe ReVo Uninstaller durchgeführt.

Bei Malwarebytes Anti-Rootkit hingegen habe ich Probleme.
Die Suche läuft bis zu einem gewissen Punkt, aber dann geht nichts mehr weiter.
Habe den PC neu gestartet und nochmals versucht. Wieder dasselbe (die Datei, bei der die Anlayse stoppt ist aber nicht dieselbe!). --> siehe screenshot

TDSSKiller habe ich noch nicht durchgeführt, weil ich nicht weiss, ob Malwarebytes Anti-Rootkit unbedingt schon vorher durchgeführt sein muss?

Miniaturansicht angehängter Grafiken
SPAM wird von meiner Mail aus an meine Kontakte versendet-screen.jpg  

Alt 09.03.2015, 18:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Lass MBAR weg und mach bitte TDSSKiller
__________________
--> SPAM wird von meiner Mail aus an meine Kontakte versendet

Alt 10.03.2015, 08:27   #7
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Also TDSSkiller findet nichts

Hier das Resultat des Scans

Code:
ATTFilter
08:15:10.0517 0x1f98  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:15:14.0805 0x1f98  ============================================================
08:15:14.0805 0x1f98  Current date / time: 2015/03/10 08:15:14.0805
08:15:14.0805 0x1f98  SystemInfo:
08:15:14.0805 0x1f98  
08:15:14.0805 0x1f98  OS Version: 6.1.7600 ServicePack: 0.0
08:15:14.0805 0x1f98  Product type: Workstation
08:15:14.0806 0x1f98  ComputerName: -------
08:15:14.0806 0x1f98  UserName:  -------
08:15:14.0806 0x1f98  Windows directory: C:\Windows
08:15:14.0806 0x1f98  System windows directory: C:\Windows
08:15:14.0806 0x1f98  Running under WOW64
08:15:14.0806 0x1f98  Processor architecture: Intel x64
08:15:14.0806 0x1f98  Number of processors: 8
08:15:14.0806 0x1f98  Page size: 0x1000
08:15:14.0806 0x1f98  Boot type: Normal boot
08:15:14.0806 0x1f98  ============================================================
08:15:17.0951 0x1f98  KLMD registered as C:\Windows\system32\drivers\07704281.sys
08:15:18.0357 0x1f98  System UUID: {392348E3-8DE0-E91F-F0E0-4EE195CAC4CC}
08:15:19.0338 0x1f98  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:19.0345 0x1f98  ============================================================
08:15:19.0345 0x1f98  \Device\Harddisk0\DR0:
08:15:19.0345 0x1f98  MBR partitions:
08:15:19.0345 0x1f98  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:15:19.0345 0x1f98  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
08:15:19.0345 0x1f98  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x4FD15000
08:15:19.0345 0x1f98  ============================================================
08:15:19.0379 0x1f98  C: <-> \Device\Harddisk0\DR0\Partition2
08:15:19.0411 0x1f98  D: <-> \Device\Harddisk0\DR0\Partition3
08:15:19.0411 0x1f98  ============================================================
08:15:19.0411 0x1f98  Initialize success
08:15:19.0411 0x1f98  ============================================================
08:16:30.0323 0x1ee8  ============================================================
08:16:30.0323 0x1ee8  Scan started
08:16:30.0323 0x1ee8  Mode: Manual; SigCheck; TDLFS; 
08:16:30.0323 0x1ee8  ============================================================
08:16:30.0323 0x1ee8  KSN ping started
08:16:32.0975 0x1ee8  KSN ping finished: true
08:16:35.0454 0x1ee8  ================ Scan system memory ========================
08:16:35.0454 0x1ee8  System memory - ok
08:16:35.0455 0x1ee8  ================ Scan services =============================
08:16:35.0567 0x1ee8  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
08:16:35.0889 0x1ee8  1394ohci - ok
08:16:35.0935 0x1ee8  [ CEDDA5E0599A595911BE1210E16C0D2E, 03306758B522AFFA48C6E89F2A73D0F8424E923E3F5475E96E55E8919DB37A6C ] A38CCID         C:\Windows\system32\DRIVERS\a38ccid.sys
08:16:36.0097 0x1ee8  A38CCID - ok
08:16:36.0140 0x1ee8  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
08:16:36.0230 0x1ee8  ACPI - ok
08:16:36.0258 0x1ee8  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
08:16:36.0455 0x1ee8  AcpiPmi - ok
08:16:36.0585 0x1ee8  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:16:36.0768 0x1ee8  AdobeFlashPlayerUpdateSvc - ok
08:16:36.0838 0x1ee8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:16:36.0935 0x1ee8  adp94xx - ok
08:16:36.0975 0x1ee8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:16:37.0059 0x1ee8  adpahci - ok
08:16:37.0086 0x1ee8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:16:37.0113 0x1ee8  adpu320 - ok
08:16:37.0171 0x1ee8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:16:37.0403 0x1ee8  AeLookupSvc - ok
08:16:37.0475 0x1ee8  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\Windows\system32\drivers\afd.sys
08:16:37.0659 0x1ee8  AFD - ok
08:16:37.0690 0x1ee8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
08:16:37.0763 0x1ee8  agp440 - ok
08:16:37.0790 0x1ee8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
08:16:37.0928 0x1ee8  ALG - ok
08:16:37.0963 0x1ee8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
08:16:38.0036 0x1ee8  aliide - ok
08:16:38.0050 0x1ee8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
08:16:38.0125 0x1ee8  amdide - ok
08:16:38.0162 0x1ee8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:16:38.0297 0x1ee8  AmdK8 - ok
08:16:38.0315 0x1ee8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:16:38.0493 0x1ee8  AmdPPM - ok
08:16:38.0532 0x1ee8  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:16:38.0562 0x1ee8  amdsata - ok
08:16:38.0617 0x1ee8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:16:38.0655 0x1ee8  amdsbs - ok
08:16:38.0690 0x1ee8  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:16:38.0746 0x1ee8  amdxata - ok
08:16:38.0792 0x1ee8  [ 03FBB7C5EA4EF153F10282614B9771CB, 0E1FC4144AA83383F265000E9BB8837603DC821661A2D74A1CF3261496037B8A ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
08:16:39.0013 0x1ee8  AppHostSvc - ok
08:16:39.0069 0x1ee8  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
08:16:39.0263 0x1ee8  AppID - ok
08:16:39.0288 0x1ee8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:16:39.0528 0x1ee8  AppIDSvc - ok
08:16:39.0558 0x1ee8  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
08:16:39.0681 0x1ee8  Appinfo - ok
08:16:39.0807 0x1ee8  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:16:39.0822 0x1ee8  Apple Mobile Device Service - ok
08:16:39.0874 0x1ee8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:16:39.0943 0x1ee8  arc - ok
08:16:39.0954 0x1ee8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:16:39.0968 0x1ee8  arcsas - ok
08:16:40.0019 0x1ee8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:16:40.0104 0x1ee8  AsyncMac - ok
08:16:40.0121 0x1ee8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
08:16:40.0162 0x1ee8  atapi - ok
08:16:40.0212 0x1ee8  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:16:40.0550 0x1ee8  AudioEndpointBuilder - ok
08:16:40.0583 0x1ee8  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:16:40.0946 0x1ee8  AudioSrv - ok
08:16:41.0002 0x1ee8  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:16:41.0383 0x1ee8  AxInstSV - ok
08:16:41.0483 0x1ee8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:16:41.0791 0x1ee8  b06bdrv - ok
08:16:41.0868 0x1ee8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:16:42.0058 0x1ee8  b57nd60a - ok
08:16:42.0121 0x1ee8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:16:42.0296 0x1ee8  BDESVC - ok
08:16:42.0327 0x1ee8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:16:42.0515 0x1ee8  Beep - ok
08:16:42.0566 0x1ee8  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
08:16:42.0839 0x1ee8  BFE - ok
08:16:42.0910 0x1ee8  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
08:16:43.0187 0x1ee8  BITS - ok
08:16:43.0209 0x1ee8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:16:43.0308 0x1ee8  blbdrive - ok
08:16:43.0373 0x1ee8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:16:43.0473 0x1ee8  Bonjour Service - ok
08:16:43.0513 0x1ee8  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:16:43.0606 0x1ee8  bowser - ok
08:16:43.0633 0x1ee8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:16:43.0757 0x1ee8  BrFiltLo - ok
08:16:43.0770 0x1ee8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:16:43.0896 0x1ee8  BrFiltUp - ok
08:16:43.0931 0x1ee8  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\Windows\System32\browser.dll
08:16:44.0065 0x1ee8  Browser - ok
08:16:44.0152 0x1ee8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:16:44.0332 0x1ee8  Brserid - ok
08:16:44.0350 0x1ee8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:16:44.0475 0x1ee8  BrSerWdm - ok
08:16:44.0500 0x1ee8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:16:44.0665 0x1ee8  BrUsbMdm - ok
08:16:44.0683 0x1ee8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:16:44.0830 0x1ee8  BrUsbSer - ok
08:16:44.0850 0x1ee8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:16:45.0033 0x1ee8  BTHMODEM - ok
08:16:45.0066 0x1ee8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
08:16:45.0218 0x1ee8  bthserv - ok
08:16:45.0250 0x1ee8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:16:45.0395 0x1ee8  cdfs - ok
08:16:45.0423 0x1ee8  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:16:45.0568 0x1ee8  cdrom - ok
08:16:45.0595 0x1ee8  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:16:45.0742 0x1ee8  CertPropSvc - ok
08:16:45.0760 0x1ee8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:16:46.0027 0x1ee8  circlass - ok
08:16:46.0064 0x1ee8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
08:16:46.0146 0x1ee8  CLFS - ok
08:16:46.0199 0x1ee8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:16:46.0223 0x1ee8  clr_optimization_v2.0.50727_32 - ok
08:16:46.0287 0x1ee8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:16:46.0378 0x1ee8  clr_optimization_v2.0.50727_64 - ok
08:16:46.0450 0x1ee8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:16:46.0493 0x1ee8  clr_optimization_v4.0.30319_32 - ok
08:16:46.0564 0x1ee8  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:16:46.0595 0x1ee8  clr_optimization_v4.0.30319_64 - ok
08:16:46.0650 0x1ee8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:16:46.0770 0x1ee8  CmBatt - ok
08:16:46.0803 0x1ee8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
08:16:46.0894 0x1ee8  cmdide - ok
08:16:46.0951 0x1ee8  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:16:47.0154 0x1ee8  CNG - ok
08:16:47.0168 0x1ee8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:16:47.0239 0x1ee8  Compbatt - ok
08:16:47.0258 0x1ee8  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:16:47.0406 0x1ee8  CompositeBus - ok
08:16:47.0434 0x1ee8  COMSysApp - ok
08:16:47.0463 0x1ee8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:16:47.0542 0x1ee8  crcdisk - ok
08:16:47.0560 0x1ee8  Crypkey License - ok
08:16:47.0598 0x1ee8  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:16:47.0700 0x1ee8  CryptSvc - ok
08:16:47.0757 0x1ee8  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:16:47.0953 0x1ee8  DcomLaunch - ok
08:16:48.0019 0x1ee8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:16:48.0221 0x1ee8  defragsvc - ok
08:16:48.0245 0x1ee8  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:16:48.0387 0x1ee8  DfsC - ok
08:16:48.0431 0x1ee8  [ 41AC348DBD378F618CB4FDEE54270692, A4080C9FF314F52C52E2207E5F7B745A003E931FA42E67E742D34477B5CC0166 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
08:16:48.0496 0x1ee8  dg_ssudbus - ok
08:16:48.0543 0x1ee8  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:16:48.0739 0x1ee8  Dhcp - ok
08:16:48.0795 0x1ee8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
08:16:48.0959 0x1ee8  discache - ok
08:16:49.0023 0x1ee8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:16:49.0075 0x1ee8  Disk - ok
08:16:49.0117 0x1ee8  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:16:49.0239 0x1ee8  Dnscache - ok
08:16:49.0287 0x1ee8  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:16:49.0447 0x1ee8  dot3svc - ok
08:16:49.0470 0x1ee8  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
08:16:49.0621 0x1ee8  DPS - ok
08:16:49.0645 0x1ee8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:16:49.0761 0x1ee8  drmkaud - ok
08:16:49.0850 0x1ee8  [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:16:50.0027 0x1ee8  DXGKrnl - ok
08:16:50.0069 0x1ee8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
08:16:50.0230 0x1ee8  EapHost - ok
08:16:50.0501 0x1ee8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:16:50.0788 0x1ee8  ebdrv - ok
08:16:50.0823 0x1ee8  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\Windows\System32\lsass.exe
08:16:50.0938 0x1ee8  EFS - ok
08:16:51.0028 0x1ee8  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:16:51.0288 0x1ee8  ehRecvr - ok
08:16:51.0336 0x1ee8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
08:16:51.0470 0x1ee8  ehSched - ok
08:16:51.0531 0x1ee8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:16:51.0734 0x1ee8  elxstor - ok
08:16:51.0789 0x1ee8  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
08:16:51.0802 0x1ee8  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
08:16:54.0296 0x1ee8  Detect skipped due to KSN trusted
08:16:54.0296 0x1ee8  EpsonBidirectionalService - ok
08:16:54.0372 0x1ee8  [ CA10F4B22F03A06B20AFF48019BD195B, B9E834016861F4068793BFFC869C90BDBBD08713508CCE0CCDBD94DF96C38C8F ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
08:16:54.0534 0x1ee8  EpsonCustomerResearchParticipation - ok
08:16:54.0571 0x1ee8  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
08:16:54.0629 0x1ee8  EpsonScanSvc - ok
08:16:54.0649 0x1ee8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
08:16:54.0783 0x1ee8  ErrDev - ok
08:16:54.0847 0x1ee8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
08:16:55.0005 0x1ee8  EventSystem - ok
08:16:55.0026 0x1ee8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:16:55.0181 0x1ee8  exfat - ok
08:16:55.0407 0x1ee8  [ 476F455E9ACD598FD2D82A7F2896F040, 13D4EBAEC9F9259F14EBC4F61DCED6755AB254681B7FD9CBBFABDB1C05DD0726 ] F-Secure Gatekeeper C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
08:16:55.0456 0x1ee8  F-Secure Gatekeeper - ok
08:16:55.0547 0x1ee8  [ 2B3714CB78B4561A205805E770D9B7F9, 43F91FF80167665D708724DA34DF1F7F9BEC4C425C0D3723776D0008048EE4C0 ] F-Secure HIPS   C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
08:16:55.0572 0x1ee8  F-Secure HIPS - ok
08:16:55.0625 0x1ee8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:16:55.0732 0x1ee8  fastfat - ok
08:16:55.0795 0x1ee8  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
08:16:56.0001 0x1ee8  Fax - ok
08:16:56.0026 0x1ee8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:16:56.0155 0x1ee8  fdc - ok
08:16:56.0194 0x1ee8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
08:16:56.0459 0x1ee8  fdPHost - ok
08:16:56.0477 0x1ee8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:16:56.0646 0x1ee8  FDResPub - ok
08:16:56.0665 0x1ee8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:16:56.0713 0x1ee8  FileInfo - ok
08:16:56.0749 0x1ee8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:16:56.0918 0x1ee8  Filetrace - ok
08:16:57.0093 0x1ee8  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:16:57.0296 0x1ee8  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
08:16:59.0904 0x1ee8  Detect skipped due to KSN trusted
08:16:59.0904 0x1ee8  FLEXnet Licensing Service - ok
08:16:59.0914 0x1ee8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:17:00.0032 0x1ee8  flpydisk - ok
08:17:00.0075 0x1ee8  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:17:00.0153 0x1ee8  FltMgr - ok
08:17:00.0206 0x1ee8  [ 97223981A9214F1B4997E9075ABB6BF5, 9DFBAC65F0F3299182404A289B15745043A6211FDC3244BD2B9C1C4AA174B274 ] FontCache       C:\Windows\system32\FntCache.dll
08:17:00.0436 0x1ee8  FontCache - ok
08:17:00.0466 0x1ee8  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:17:00.0541 0x1ee8  FontCache3.0.0.0 - ok
08:17:00.0625 0x1ee8  [ D0BA07DE5F5B6A262939D94EF8D6494D, D47E2052D87484AC35C8C224A2183B31722236E27AA42675A8F6DCC40C8DE672 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
08:17:00.0706 0x1ee8  Freemake Improver - detected UnsignedFile.Multi.Generic ( 1 )
08:17:03.0319 0x1ee8  Detect skipped due to KSN trusted
08:17:03.0319 0x1ee8  Freemake Improver - ok
08:17:03.0369 0x1ee8  [ F59F2C574AA5D84477EB89F87C938F16, 0F3905D56440F9216911F7338061CFB8BEF243DDF9DC1E5D57254874EBBFA629 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
08:17:03.0508 0x1ee8  fsbts - ok
08:17:03.0583 0x1ee8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:17:03.0661 0x1ee8  FsDepends - ok
08:17:03.0705 0x1ee8  [ 30E2F8DE27C2375B36D24D546105333B, 806B627A3EE54920EBA99427A59A4353FA7F03F2D4B86C9F2CCB42790BE7CD36 ] fshoster        C:\Program Files (x86)\ROL Secure\fshoster32.exe
08:17:03.0737 0x1ee8  fshoster - ok
08:17:03.0839 0x1ee8  [ C15EB9A166C0A2B051F618EF517C075F, 92D19CC6BFDE063453EC468C38EBCC801B06636923AEF59C81B7A3854179C514 ] FSMA            C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE
08:17:03.0873 0x1ee8  FSMA - ok
08:17:03.0988 0x1ee8  [ B5DCB9A95EF5FA3FFD536778D94BC246, FDADE8EECD9523D9E0AA117E5CE27C6A98911809F88631BACAA1DA82ED41B924 ] fsni            C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys
08:17:04.0019 0x1ee8  fsni - ok
08:17:04.0060 0x1ee8  [ 277A41EB7D2DAA7105DF85BFC2F1C9AD, 59141146C7292C4B9ABC4D019B07E6A3EEB759DB97B629046F168B944459208D ] FSORSPClient    C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe
08:17:04.0114 0x1ee8  FSORSPClient - ok
08:17:04.0149 0x1ee8  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
08:17:04.0233 0x1ee8  fssfltr - ok
08:17:04.0325 0x1ee8  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:17:04.0596 0x1ee8  fsssvc - ok
08:17:04.0661 0x1ee8  [ E34D552D6CA4A1F61D003A44210BDD93, 87A26D36E220DD0E0C5AED5CFAAC4C4255CBEFA9D7C36072224E8A16F5DF6F1D ] fsvista         C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
08:17:04.0695 0x1ee8  fsvista - ok
08:17:04.0750 0x1ee8  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:17:04.0841 0x1ee8  Fs_Rec - ok
08:17:04.0902 0x1ee8  [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:17:04.0963 0x1ee8  fvevol - ok
08:17:05.0010 0x1ee8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:17:05.0071 0x1ee8  gagp30kx - ok
08:17:05.0093 0x1ee8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:17:05.0156 0x1ee8  GEARAspiWDM - ok
08:17:05.0213 0x1ee8  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:17:05.0439 0x1ee8  gpsvc - ok
08:17:05.0540 0x1ee8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:17:05.0671 0x1ee8  gupdate - ok
08:17:05.0701 0x1ee8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:17:05.0723 0x1ee8  gupdatem - ok
08:17:05.0788 0x1ee8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:17:05.0830 0x1ee8  gusvc - ok
08:17:05.0854 0x1ee8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:17:06.0001 0x1ee8  hcw85cir - ok
08:17:06.0059 0x1ee8  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:17:06.0242 0x1ee8  HdAudAddService - ok
08:17:06.0273 0x1ee8  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:17:06.0473 0x1ee8  HDAudBus - ok
08:17:06.0490 0x1ee8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:17:06.0698 0x1ee8  HidBatt - ok
08:17:06.0722 0x1ee8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:17:06.0830 0x1ee8  HidBth - ok
08:17:06.0847 0x1ee8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:17:06.0971 0x1ee8  HidIr - ok
08:17:07.0004 0x1ee8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
08:17:07.0157 0x1ee8  hidserv - ok
08:17:07.0191 0x1ee8  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:17:07.0324 0x1ee8  HidUsb - ok
08:17:07.0349 0x1ee8  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:17:07.0535 0x1ee8  hkmsvc - ok
08:17:07.0556 0x1ee8  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:17:07.0733 0x1ee8  HomeGroupListener - ok
08:17:07.0821 0x1ee8  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:17:07.0971 0x1ee8  HomeGroupProvider - ok
08:17:08.0001 0x1ee8  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
08:17:08.0030 0x1ee8  HpSAMD - ok
08:17:08.0150 0x1ee8  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:17:08.0387 0x1ee8  HTTP - ok
08:17:08.0413 0x1ee8  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:17:08.0497 0x1ee8  hwpolicy - ok
08:17:08.0522 0x1ee8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:17:08.0667 0x1ee8  i8042prt - ok
08:17:08.0785 0x1ee8  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:17:08.0958 0x1ee8  iaStorV - ok
08:17:09.0029 0x1ee8  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:17:09.0198 0x1ee8  idsvc - ok
08:17:09.0228 0x1ee8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:17:09.0291 0x1ee8  iirsp - ok
08:17:09.0333 0x1ee8  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
08:17:09.0566 0x1ee8  IKEEXT - ok
08:17:09.0615 0x1ee8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
08:17:09.0693 0x1ee8  intelide - ok
08:17:09.0724 0x1ee8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:17:09.0931 0x1ee8  intelppm - ok
08:17:09.0970 0x1ee8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:17:10.0140 0x1ee8  IPBusEnum - ok
08:17:10.0158 0x1ee8  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:17:10.0307 0x1ee8  IpFilterDriver - ok
08:17:10.0365 0x1ee8  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:17:10.0655 0x1ee8  iphlpsvc - ok
08:17:10.0673 0x1ee8  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:17:10.0869 0x1ee8  IPMIDRV - ok
08:17:10.0930 0x1ee8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:17:11.0106 0x1ee8  IPNAT - ok
08:17:11.0198 0x1ee8  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:17:11.0314 0x1ee8  iPod Service - ok
08:17:11.0334 0x1ee8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:17:11.0523 0x1ee8  IRENUM - ok
08:17:11.0531 0x1ee8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
08:17:11.0583 0x1ee8  isapnp - ok
08:17:11.0626 0x1ee8  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:17:11.0677 0x1ee8  iScsiPrt - ok
08:17:11.0709 0x1ee8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:17:11.0773 0x1ee8  kbdclass - ok
08:17:11.0802 0x1ee8  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:17:11.0924 0x1ee8  kbdhid - ok
08:17:11.0941 0x1ee8  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\Windows\system32\lsass.exe
08:17:11.0983 0x1ee8  KeyIso - ok
08:17:12.0061 0x1ee8  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:17:12.0110 0x1ee8  KSecDD - ok
08:17:12.0151 0x1ee8  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:17:12.0209 0x1ee8  KSecPkg - ok
08:17:12.0229 0x1ee8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:17:12.0375 0x1ee8  ksthunk - ok
08:17:12.0437 0x1ee8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:17:12.0628 0x1ee8  KtmRm - ok
08:17:12.0655 0x1ee8  [ 033B4AED2C5519072C0D81E00804D003, 6C450A604C382416C482FED43098B4E95BD61B480B0CEFD728A269446AF18708 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
08:17:12.0737 0x1ee8  L1C - ok
08:17:12.0775 0x1ee8  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:17:12.0918 0x1ee8  LanmanServer - ok
08:17:12.0951 0x1ee8  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:17:13.0064 0x1ee8  LanmanWorkstation - ok
08:17:13.0122 0x1ee8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:17:13.0256 0x1ee8  lltdio - ok
08:17:13.0287 0x1ee8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:17:13.0470 0x1ee8  lltdsvc - ok
08:17:13.0484 0x1ee8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:17:13.0604 0x1ee8  lmhosts - ok
08:17:13.0631 0x1ee8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:17:13.0659 0x1ee8  LSI_FC - ok
08:17:13.0707 0x1ee8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:17:13.0735 0x1ee8  LSI_SAS - ok
08:17:13.0768 0x1ee8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:17:13.0794 0x1ee8  LSI_SAS2 - ok
08:17:13.0834 0x1ee8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:17:13.0920 0x1ee8  LSI_SCSI - ok
08:17:14.0021 0x1ee8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:17:14.0253 0x1ee8  luafv - ok
08:17:14.0293 0x1ee8  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
08:17:14.0362 0x1ee8  mbamchameleon - ok
08:17:14.0384 0x1ee8  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
08:17:14.0429 0x1ee8  MBAMSwissArmy - ok
08:17:14.0461 0x1ee8  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:17:14.0639 0x1ee8  Mcx2Svc - ok
08:17:14.0709 0x1ee8  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:17:14.0785 0x1ee8  MDM - detected UnsignedFile.Multi.Generic ( 1 )
08:17:17.0404 0x1ee8  Detect skipped due to KSN trusted
08:17:17.0404 0x1ee8  MDM - ok
08:17:17.0446 0x1ee8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:17:17.0525 0x1ee8  megasas - ok
08:17:17.0550 0x1ee8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:17:17.0661 0x1ee8  MegaSR - ok
08:17:17.0696 0x1ee8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
08:17:18.0048 0x1ee8  MMCSS - ok
08:17:18.0066 0x1ee8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
08:17:18.0232 0x1ee8  Modem - ok
08:17:18.0274 0x1ee8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:17:18.0418 0x1ee8  monitor - ok
08:17:18.0450 0x1ee8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:17:18.0518 0x1ee8  mouclass - ok
08:17:18.0536 0x1ee8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:17:18.0658 0x1ee8  mouhid - ok
08:17:18.0683 0x1ee8  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:17:18.0718 0x1ee8  mountmgr - ok
08:17:18.0819 0x1ee8  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:17:18.0893 0x1ee8  MozillaMaintenance - ok
08:17:18.0921 0x1ee8  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
08:17:19.0001 0x1ee8  mpio - ok
08:17:19.0046 0x1ee8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:17:19.0178 0x1ee8  mpsdrv - ok
08:17:19.0411 0x1ee8  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:17:19.0755 0x1ee8  MpsSvc - ok
08:17:19.0792 0x1ee8  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:17:19.0953 0x1ee8  MRxDAV - ok
08:17:19.0991 0x1ee8  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:17:20.0148 0x1ee8  mrxsmb - ok
08:17:20.0180 0x1ee8  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:17:20.0340 0x1ee8  mrxsmb10 - ok
08:17:20.0390 0x1ee8  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:17:20.0567 0x1ee8  mrxsmb20 - ok
08:17:20.0620 0x1ee8  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
08:17:20.0687 0x1ee8  msahci - ok
08:17:20.0707 0x1ee8  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
08:17:20.0734 0x1ee8  msdsm - ok
08:17:20.0779 0x1ee8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
08:17:20.0984 0x1ee8  MSDTC - ok
08:17:21.0014 0x1ee8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:17:21.0151 0x1ee8  Msfs - ok
08:17:21.0174 0x1ee8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:17:21.0420 0x1ee8  mshidkmdf - ok
08:17:21.0444 0x1ee8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
08:17:21.0491 0x1ee8  msisadrv - ok
08:17:21.0533 0x1ee8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:17:21.0753 0x1ee8  MSiSCSI - ok
08:17:21.0758 0x1ee8  msiserver - ok
08:17:21.0793 0x1ee8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:17:21.0920 0x1ee8  MSKSSRV - ok
08:17:21.0941 0x1ee8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:17:22.0083 0x1ee8  MSPCLOCK - ok
08:17:22.0101 0x1ee8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:17:22.0249 0x1ee8  MSPQM - ok
08:17:22.0283 0x1ee8  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:17:22.0485 0x1ee8  MsRPC - ok
08:17:22.0502 0x1ee8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:17:22.0597 0x1ee8  mssmbios - ok
08:17:22.0638 0x1ee8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:17:22.0811 0x1ee8  MSTEE - ok
08:17:22.0824 0x1ee8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:17:23.0019 0x1ee8  MTConfig - ok
08:17:23.0065 0x1ee8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:17:23.0156 0x1ee8  Mup - ok
08:17:23.0233 0x1ee8  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
08:17:23.0492 0x1ee8  napagent - ok
08:17:23.0548 0x1ee8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:17:23.0770 0x1ee8  NativeWifiP - ok
08:17:23.0857 0x1ee8  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
08:17:24.0007 0x1ee8  NAUpdate - ok
08:17:24.0065 0x1ee8  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:17:24.0362 0x1ee8  NDIS - ok
08:17:24.0407 0x1ee8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:17:24.0657 0x1ee8  NdisCap - ok
08:17:24.0677 0x1ee8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:17:24.0841 0x1ee8  NdisTapi - ok
08:17:24.0882 0x1ee8  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:17:25.0072 0x1ee8  Ndisuio - ok
08:17:25.0119 0x1ee8  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:17:25.0314 0x1ee8  NdisWan - ok
08:17:25.0343 0x1ee8  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:17:25.0484 0x1ee8  NDProxy - ok
08:17:25.0567 0x1ee8  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
08:17:25.0724 0x1ee8  Netaapl - ok
08:17:25.0748 0x1ee8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:17:25.0883 0x1ee8  NetBIOS - ok
08:17:25.0932 0x1ee8  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:17:26.0094 0x1ee8  NetBT - ok
08:17:26.0118 0x1ee8  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\Windows\system32\lsass.exe
08:17:26.0174 0x1ee8  Netlogon - ok
08:17:26.0289 0x1ee8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
08:17:26.0494 0x1ee8  Netman - ok
08:17:26.0540 0x1ee8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:26.0574 0x1ee8  NetMsmqActivator - ok
08:17:26.0580 0x1ee8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:26.0651 0x1ee8  NetPipeActivator - ok
08:17:26.0691 0x1ee8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
08:17:26.0917 0x1ee8  netprofm - ok
08:17:27.0217 0x1ee8  [ 074B8A2277D3373E0D4F03E7611A2316, 89F37C24D69E98AD3FADEC412FF58946DCEF362F2FE81276D007C49F891D4523 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
08:17:27.0542 0x1ee8  netr28ux - ok
08:17:27.0573 0x1ee8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:27.0638 0x1ee8  NetTcpActivator - ok
08:17:27.0648 0x1ee8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:17:27.0671 0x1ee8  NetTcpPortSharing - ok
08:17:27.0730 0x1ee8  [ 2263727032E9B19231A706046B8C82D3, AAAE23FF8164BC03F9C331C324F4C4AC7298535CC0BBBB14E9319D009D92D9E1 ] NetworkX        C:\Windows\system32\ckldrv.sys
08:17:27.0781 0x1ee8  NetworkX - ok
08:17:27.0804 0x1ee8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:17:27.0831 0x1ee8  nfrd960 - ok
08:17:27.0973 0x1ee8  [ BDEE86431510E7D0C3AD7E7C6BEB14F9, 9F2C4AFF6BF17952A56CC603C4F1A81AF574E9F54BDE2302732FBD628A152785 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
08:17:28.0013 0x1ee8  NitroReaderDriverReadSpool3 - ok
08:17:28.0061 0x1ee8  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:17:28.0254 0x1ee8  NlaSvc - ok
08:17:28.0269 0x1ee8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:17:28.0391 0x1ee8  Npfs - ok
08:17:28.0411 0x1ee8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
08:17:28.0578 0x1ee8  nsi - ok
08:17:28.0602 0x1ee8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:17:28.0773 0x1ee8  nsiproxy - ok
08:17:28.0951 0x1ee8  [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:17:29.0267 0x1ee8  Ntfs - ok
08:17:29.0293 0x1ee8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
08:17:29.0456 0x1ee8  Null - ok
08:17:30.0826 0x1ee8  [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:17:33.0812 0x1ee8  nvlddmkm - ok
08:17:33.0881 0x1ee8  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:17:33.0972 0x1ee8  nvraid - ok
08:17:34.0019 0x1ee8  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:17:34.0113 0x1ee8  nvstor - ok
08:17:34.0195 0x1ee8  [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:17:34.0369 0x1ee8  nvsvc - ok
08:17:34.0627 0x1ee8  [ AA130938A27BB80A8B6438EF83232275, 7C5A4863CD22413723C9F7658855E34088A2F89DF740531ED7986F67A30935E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:17:35.0052 0x1ee8  nvUpdatusService - ok
08:17:35.0093 0x1ee8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
08:17:35.0196 0x1ee8  nv_agp - ok
08:17:35.0285 0x1ee8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:17:35.0431 0x1ee8  odserv - ok
08:17:35.0451 0x1ee8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:17:35.0539 0x1ee8  ohci1394 - ok
08:17:35.0604 0x1ee8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:17:35.0648 0x1ee8  ose - ok
08:17:35.0683 0x1ee8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:17:35.0832 0x1ee8  p2pimsvc - ok
08:17:35.0882 0x1ee8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
08:17:36.0049 0x1ee8  p2psvc - ok
08:17:36.0109 0x1ee8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:17:36.0232 0x1ee8  Parport - ok
08:17:36.0283 0x1ee8  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:17:36.0320 0x1ee8  partmgr - ok
08:17:36.0383 0x1ee8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:17:36.0520 0x1ee8  PcaSvc - ok
08:17:36.0542 0x1ee8  pccsmcfd - ok
08:17:36.0575 0x1ee8  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
08:17:36.0618 0x1ee8  pci - ok
08:17:36.0642 0x1ee8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
08:17:36.0693 0x1ee8  pciide - ok
08:17:36.0716 0x1ee8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:17:36.0750 0x1ee8  pcmcia - ok
08:17:36.0790 0x1ee8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:17:36.0847 0x1ee8  pcw - ok
08:17:36.0912 0x1ee8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:17:37.0284 0x1ee8  PEAUTH - ok
08:17:37.0643 0x1ee8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:17:37.0842 0x1ee8  PerfHost - ok
08:17:37.0984 0x1ee8  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
08:17:38.0336 0x1ee8  pla - ok
08:17:38.0404 0x1ee8  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:17:38.0602 0x1ee8  PlugPlay - ok
08:17:38.0636 0x1ee8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:17:38.0752 0x1ee8  PNRPAutoReg - ok
08:17:38.0807 0x1ee8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:17:38.0914 0x1ee8  PNRPsvc - ok
08:17:39.0039 0x1ee8  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:17:39.0298 0x1ee8  PolicyAgent - ok
08:17:39.0368 0x1ee8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
08:17:39.0483 0x1ee8  Power - ok
08:17:39.0524 0x1ee8  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:17:39.0714 0x1ee8  PptpMiniport - ok
08:17:39.0748 0x1ee8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:17:39.0923 0x1ee8  Processor - ok
08:17:40.0067 0x1ee8  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\Windows\system32\profsvc.dll
08:17:40.0208 0x1ee8  ProfSvc - ok
08:17:40.0227 0x1ee8  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:17:40.0282 0x1ee8  ProtectedStorage - ok
08:17:40.0326 0x1ee8  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:17:40.0487 0x1ee8  Psched - ok
08:17:40.0562 0x1ee8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:17:40.0941 0x1ee8  ql2300 - ok
08:17:40.0980 0x1ee8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:17:41.0038 0x1ee8  ql40xx - ok
08:17:41.0088 0x1ee8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
08:17:41.0231 0x1ee8  QWAVE - ok
08:17:41.0248 0x1ee8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:17:41.0370 0x1ee8  QWAVEdrv - ok
08:17:41.0448 0x1ee8  [ F4C083E290BCBC8DA05C6E2C7F8053B9, 968103B2F49A05B1DE99FA38CEB7B2F5E90B60901B9AF802A908F819DA64822E ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
08:17:41.0521 0x1ee8  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )
08:17:44.0052 0x1ee8  Detect skipped due to KSN trusted
08:17:44.0052 0x1ee8  RalinkRegistryWriter - ok
08:17:44.0129 0x1ee8  [ C3B515559046A89BB0E0F2CEEF73CABC, EC967620BADCA66BEE5DE0A44EC858AE2FB08BED6774673CDB3C1F53B7C7E22B ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
08:17:44.0220 0x1ee8  RalinkRegistryWriter64 - detected UnsignedFile.Multi.Generic ( 1 )
08:17:46.0837 0x1ee8  Detect skipped due to KSN trusted
08:17:46.0838 0x1ee8  RalinkRegistryWriter64 - ok
08:17:47.0034 0x1ee8  [ ACCFA0846D9C7BD6A9F506982B812A5C, FE48D5016C2EBDB95A594D359E9F7873A1EF5C927E109F59755C892B6C3C5506 ] RaMediaServer   C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
08:17:47.0175 0x1ee8  RaMediaServer - ok
08:17:47.0206 0x1ee8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:17:47.0382 0x1ee8  RasAcd - ok
08:17:47.0411 0x1ee8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:17:47.0561 0x1ee8  RasAgileVpn - ok
08:17:47.0595 0x1ee8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
08:17:47.0741 0x1ee8  RasAuto - ok
08:17:47.0770 0x1ee8  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:17:47.0931 0x1ee8  Rasl2tp - ok
08:17:47.0976 0x1ee8  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
08:17:48.0146 0x1ee8  RasMan - ok
08:17:48.0168 0x1ee8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:17:48.0310 0x1ee8  RasPppoe - ok
08:17:48.0334 0x1ee8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:17:48.0562 0x1ee8  RasSstp - ok
08:17:48.0626 0x1ee8  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:17:48.0872 0x1ee8  rdbss - ok
08:17:48.0895 0x1ee8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:17:49.0085 0x1ee8  rdpbus - ok
08:17:49.0116 0x1ee8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:17:49.0325 0x1ee8  RDPCDD - ok
08:17:49.0351 0x1ee8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:17:49.0543 0x1ee8  RDPENCDD - ok
08:17:49.0551 0x1ee8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:17:49.0775 0x1ee8  RDPREFMP - ok
08:17:49.0850 0x1ee8  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:17:49.0987 0x1ee8  RDPWD - ok
08:17:50.0041 0x1ee8  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:17:50.0071 0x1ee8  rdyboost - ok
08:17:50.0106 0x1ee8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:17:50.0306 0x1ee8  RemoteAccess - ok
08:17:50.0375 0x1ee8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:17:50.0529 0x1ee8  RemoteRegistry - ok
08:17:50.0564 0x1ee8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:17:50.0723 0x1ee8  RpcEptMapper - ok
08:17:50.0743 0x1ee8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
08:17:50.0986 0x1ee8  RpcLocator - ok
08:17:51.0030 0x1ee8  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
08:17:51.0151 0x1ee8  RpcSs - ok
08:17:51.0185 0x1ee8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:17:51.0300 0x1ee8  rspndr - ok
08:17:51.0329 0x1ee8  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\Windows\system32\lsass.exe
08:17:51.0378 0x1ee8  SamSs - ok
08:17:51.0425 0x1ee8  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
08:17:51.0468 0x1ee8  sbp2port - ok
08:17:51.0525 0x1ee8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:17:51.0687 0x1ee8  SCardSvr - ok
08:17:51.0710 0x1ee8  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:17:51.0865 0x1ee8  scfilter - ok
08:17:52.0046 0x1ee8  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\Windows\system32\schedsvc.dll
08:17:52.0447 0x1ee8  Schedule - ok
08:17:52.0501 0x1ee8  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:17:52.0594 0x1ee8  SCPolicySvc - ok
08:17:52.0629 0x1ee8  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:17:52.0769 0x1ee8  SDRSVC - ok
08:17:52.0821 0x1ee8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:17:53.0051 0x1ee8  secdrv - ok
08:17:53.0108 0x1ee8  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
08:17:53.0318 0x1ee8  seclogon - ok
08:17:53.0351 0x1ee8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
08:17:53.0404 0x1ee8  SENS - ok
08:17:53.0447 0x1ee8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:17:53.0603 0x1ee8  SensrSvc - ok
08:17:53.0662 0x1ee8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:17:53.0799 0x1ee8  Serenum - ok
08:17:53.0823 0x1ee8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:17:53.0921 0x1ee8  Serial - ok
08:17:53.0934 0x1ee8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:17:54.0012 0x1ee8  sermouse - ok
08:17:54.0071 0x1ee8  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:17:54.0217 0x1ee8  SessionEnv - ok
08:17:54.0273 0x1ee8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:17:54.0430 0x1ee8  sffdisk - ok
08:17:54.0463 0x1ee8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:17:54.0643 0x1ee8  sffp_mmc - ok
08:17:54.0661 0x1ee8  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:17:54.0796 0x1ee8  sffp_sd - ok
08:17:54.0832 0x1ee8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:17:55.0058 0x1ee8  sfloppy - ok
08:17:55.0101 0x1ee8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:17:55.0291 0x1ee8  SharedAccess - ok
08:17:55.0378 0x1ee8  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:17:55.0565 0x1ee8  ShellHWDetection - ok
08:17:55.0625 0x1ee8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:17:55.0660 0x1ee8  SiSRaid2 - ok
08:17:55.0690 0x1ee8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:17:55.0743 0x1ee8  SiSRaid4 - ok
08:17:55.0930 0x1ee8  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:17:56.0042 0x1ee8  SkypeUpdate - ok
08:17:56.0067 0x1ee8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:17:56.0257 0x1ee8  Smb - ok
08:17:56.0308 0x1ee8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:17:56.0416 0x1ee8  SNMPTRAP - ok
08:17:56.0454 0x1ee8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:17:56.0551 0x1ee8  spldr - ok
08:17:56.0604 0x1ee8  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\Windows\System32\spoolsv.exe
08:17:56.0797 0x1ee8  Spooler - ok
08:17:57.0034 0x1ee8  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
08:17:57.0388 0x1ee8  sppsvc - ok
08:17:57.0419 0x1ee8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:17:57.0603 0x1ee8  sppuinotify - ok
08:17:57.0642 0x1ee8  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:17:57.0848 0x1ee8  srv - ok
08:17:57.0885 0x1ee8  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:17:58.0140 0x1ee8  srv2 - ok
08:17:58.0171 0x1ee8  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:17:58.0325 0x1ee8  srvnet - ok
08:17:58.0349 0x1ee8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:17:58.0495 0x1ee8  SSDPSRV - ok
08:17:58.0531 0x1ee8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:17:58.0728 0x1ee8  SstpSvc - ok
08:17:58.0770 0x1ee8  [ B4C983DA20E2970E21893BF0E4EE2AD8, 473D0E5339A8914775A03F76A805DAD4727FC045E3984F85F54BB92D5214E06F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
08:17:58.0851 0x1ee8  ssudmdm - ok
08:17:58.0892 0x1ee8  [ 609380EF89848478E8142E99112B8ADF, D44041D3365FB282CA6CF1905EC3CD8DDA49BE7707FCBBDB0D2C73175237B956 ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
08:17:58.0935 0x1ee8  ssudserd - ok
08:17:59.0041 0x1ee8  [ A9D26626BEADF5A0641BF6B5095EF309, EABC711466FECA20058D7E24CA2593059E1F113B38A2E7574822E48BFBBF4146 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:17:59.0184 0x1ee8  Stereo Service - ok
08:17:59.0210 0x1ee8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:17:59.0267 0x1ee8  stexstor - ok
08:17:59.0303 0x1ee8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
08:17:59.0481 0x1ee8  StillCam - ok
08:17:59.0550 0x1ee8  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
08:17:59.0769 0x1ee8  stisvc - ok
08:17:59.0792 0x1ee8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:17:59.0853 0x1ee8  swenum - ok
08:17:59.0883 0x1ee8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
08:18:00.0067 0x1ee8  swprv - ok
08:18:00.0379 0x1ee8  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
08:18:01.0251 0x1ee8  SysMain - ok
08:18:01.0281 0x1ee8  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:18:01.0412 0x1ee8  TabletInputService - ok
08:18:01.0449 0x1ee8  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:18:01.0644 0x1ee8  TapiSrv - ok
08:18:01.0697 0x1ee8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
08:18:01.0856 0x1ee8  TBS - ok
08:18:01.0991 0x1ee8  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:18:02.0307 0x1ee8  Tcpip - ok
08:18:02.0402 0x1ee8  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:18:02.0890 0x1ee8  TCPIP6 - ok
08:18:02.0921 0x1ee8  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:18:03.0041 0x1ee8  tcpipreg - ok
08:18:03.0080 0x1ee8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:18:03.0195 0x1ee8  TDPIPE - ok
08:18:03.0246 0x1ee8  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:18:03.0438 0x1ee8  TDTCP - ok
08:18:03.0457 0x1ee8  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:18:03.0615 0x1ee8  tdx - ok
08:18:03.0646 0x1ee8  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:18:03.0705 0x1ee8  TermDD - ok
08:18:03.0787 0x1ee8  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
08:18:04.0050 0x1ee8  TermService - ok
08:18:04.0083 0x1ee8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
08:18:04.0224 0x1ee8  Themes - ok
08:18:04.0249 0x1ee8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
08:18:04.0320 0x1ee8  THREADORDER - ok
08:18:04.0363 0x1ee8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
08:18:04.0496 0x1ee8  TrkWks - ok
08:18:04.0618 0x1ee8  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:18:04.0765 0x1ee8  TrustedInstaller - ok
08:18:04.0781 0x1ee8  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:18:04.0921 0x1ee8  tssecsrv - ok
08:18:04.0992 0x1ee8  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:18:05.0283 0x1ee8  tunnel - ok
08:18:05.0302 0x1ee8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:18:05.0378 0x1ee8  uagp35 - ok
08:18:05.0413 0x1ee8  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:18:05.0601 0x1ee8  udfs - ok
08:18:05.0651 0x1ee8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:18:05.0780 0x1ee8  UI0Detect - ok
08:18:05.0813 0x1ee8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
08:18:05.0896 0x1ee8  uliagpkx - ok
08:18:05.0930 0x1ee8  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:18:06.0055 0x1ee8  umbus - ok
08:18:06.0071 0x1ee8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:18:06.0179 0x1ee8  UmPass - ok
08:18:06.0256 0x1ee8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
08:18:06.0453 0x1ee8  upnphost - ok
08:18:06.0493 0x1ee8  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
08:18:06.0588 0x1ee8  USBAAPL64 - ok
08:18:06.0644 0x1ee8  [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
08:18:06.0732 0x1ee8  usbaudio - ok
08:18:06.0793 0x1ee8  [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:18:06.0942 0x1ee8  usbccgp - ok
08:18:06.0997 0x1ee8  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
08:18:07.0189 0x1ee8  usbcir - ok
08:18:07.0226 0x1ee8  [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:18:07.0384 0x1ee8  usbehci - ok
08:18:07.0436 0x1ee8  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:18:07.0601 0x1ee8  usbhub - ok
08:18:07.0630 0x1ee8  [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:18:07.0729 0x1ee8  usbohci - ok
08:18:07.0755 0x1ee8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:18:07.0864 0x1ee8  usbprint - ok
08:18:07.0897 0x1ee8  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:18:08.0013 0x1ee8  usbscan - ok
08:18:08.0052 0x1ee8  [ 0F0C72A657C622286013788B886968AD, A1492B07BD76E60E5228FBCFB73F96CA5B7AA0E2110EB27C72803A618C88C51E ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
08:18:08.0197 0x1ee8  usbser - ok
08:18:08.0250 0x1ee8  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:18:08.0420 0x1ee8  USBSTOR - ok
08:18:08.0464 0x1ee8  [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:18:08.0595 0x1ee8  usbuhci - ok
08:18:08.0642 0x1ee8  [ E388D1507E779D0B499A1D87476E4230, 9818AA09BFBCB5C26B13EF1B0F3702678CA5C5C284A9480E7DF31AFD9DC93197 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
08:18:08.0746 0x1ee8  usb_rndisx - ok
08:18:08.0800 0x1ee8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
08:18:08.0911 0x1ee8  UxSms - ok
08:18:08.0930 0x1ee8  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\Windows\system32\lsass.exe
08:18:08.0940 0x1ee8  VaultSvc - ok
08:18:08.0990 0x1ee8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
08:18:09.0049 0x1ee8  vdrvroot - ok
08:18:09.0074 0x1ee8  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
08:18:09.0259 0x1ee8  vds - ok
08:18:09.0277 0x1ee8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:18:09.0397 0x1ee8  vga - ok
08:18:09.0403 0x1ee8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:18:09.0548 0x1ee8  VgaSave - ok
08:18:09.0601 0x1ee8  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
08:18:09.0648 0x1ee8  vhdmp - ok
08:18:09.0669 0x1ee8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
08:18:09.0728 0x1ee8  viaide - ok
08:18:09.0760 0x1ee8  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
08:18:09.0789 0x1ee8  volmgr - ok
08:18:09.0858 0x1ee8  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:18:09.0928 0x1ee8  volmgrx - ok
08:18:09.0965 0x1ee8  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:18:10.0083 0x1ee8  volsnap - ok
08:18:10.0115 0x1ee8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:18:10.0132 0x1ee8  vsmraid - ok
08:18:10.0237 0x1ee8  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
08:18:10.0661 0x1ee8  VSS - ok
08:18:10.0685 0x1ee8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:18:10.0846 0x1ee8  vwifibus - ok
08:18:10.0963 0x1ee8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:18:11.0180 0x1ee8  vwififlt - ok
08:18:11.0226 0x1ee8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:18:11.0343 0x1ee8  vwifimp - ok
08:18:11.0459 0x1ee8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
08:18:11.0691 0x1ee8  W32Time - ok
08:18:11.0790 0x1ee8  [ 06D2B9BC146BB0F45F45FF7A296D50C4, A182C30FBA200673132D43E679F17C8F986ADA39B043A73857640C9D587E0DC5 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
08:18:11.0980 0x1ee8  W3SVC - ok
08:18:12.0000 0x1ee8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:18:12.0033 0x1ee8  WacomPen - ok
08:18:12.0094 0x1ee8  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:18:12.0262 0x1ee8  WANARP - ok
08:18:12.0275 0x1ee8  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:18:12.0318 0x1ee8  Wanarpv6 - ok
08:18:12.0398 0x1ee8  [ 06D2B9BC146BB0F45F45FF7A296D50C4, A182C30FBA200673132D43E679F17C8F986ADA39B043A73857640C9D587E0DC5 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
08:18:12.0507 0x1ee8  WAS - ok
08:18:12.0604 0x1ee8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:18:12.0666 0x1ee8  WatAdminSvc - ok
08:18:12.0758 0x1ee8  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
08:18:13.0181 0x1ee8  wbengine - ok
08:18:13.0210 0x1ee8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:18:13.0346 0x1ee8  WbioSrvc - ok
08:18:13.0441 0x1ee8  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:18:13.0645 0x1ee8  wcncsvc - ok
08:18:13.0708 0x1ee8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:18:13.0856 0x1ee8  WcsPlugInService - ok
08:18:13.0899 0x1ee8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:18:14.0128 0x1ee8  Wd - ok
08:18:14.0185 0x1ee8  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:18:14.0318 0x1ee8  Wdf01000 - ok
08:18:14.0359 0x1ee8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:18:14.0490 0x1ee8  WdiServiceHost - ok
08:18:14.0497 0x1ee8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:18:14.0574 0x1ee8  WdiSystemHost - ok
08:18:14.0606 0x1ee8  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\Windows\System32\webclnt.dll
08:18:14.0742 0x1ee8  WebClient - ok
08:18:14.0811 0x1ee8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:18:14.0976 0x1ee8  Wecsvc - ok
08:18:15.0008 0x1ee8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:18:15.0160 0x1ee8  wercplsupport - ok
08:18:15.0186 0x1ee8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:18:15.0331 0x1ee8  WerSvc - ok
08:18:15.0354 0x1ee8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:18:15.0489 0x1ee8  WfpLwf - ok
08:18:15.0529 0x1ee8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:18:15.0554 0x1ee8  WIMMount - ok
08:18:15.0591 0x1ee8  WinDefend - ok
08:18:15.0597 0x1ee8  WinHttpAutoProxySvc - ok
08:18:15.0767 0x1ee8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:18:15.0968 0x1ee8  Winmgmt - ok
08:18:16.0216 0x1ee8  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:18:16.0719 0x1ee8  WinRM - ok
08:18:16.0769 0x1ee8  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:18:16.0952 0x1ee8  WinUsb - ok
08:18:17.0064 0x1ee8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:18:17.0498 0x1ee8  Wlansvc - ok
08:18:17.0558 0x1ee8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:18:17.0602 0x1ee8  wlcrasvc - ok
08:18:17.0885 0x1ee8  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:18:18.0424 0x1ee8  wlidsvc - ok
08:18:18.0450 0x1ee8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:18:18.0544 0x1ee8  WmiAcpi - ok
08:18:18.0576 0x1ee8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:18:18.0713 0x1ee8  wmiApSrv - ok
08:18:18.0741 0x1ee8  WMPNetworkSvc - ok
08:18:18.0754 0x1ee8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:18:18.0894 0x1ee8  WPCSvc - ok
08:18:18.0913 0x1ee8  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:18:19.0045 0x1ee8  WPDBusEnum - ok
08:18:19.0090 0x1ee8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:18:19.0241 0x1ee8  ws2ifsl - ok
08:18:19.0298 0x1ee8  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\Windows\System32\wscsvc.dll
08:18:19.0390 0x1ee8  wscsvc - ok
08:18:19.0427 0x1ee8  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
08:18:19.0560 0x1ee8  WSDPrintDevice - ok
08:18:19.0609 0x1ee8  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
08:18:19.0690 0x1ee8  WSDScan - ok
08:18:19.0695 0x1ee8  WSearch - ok
08:18:19.0939 0x1ee8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:18:20.0399 0x1ee8  wuauserv - ok
08:18:20.0443 0x1ee8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:18:20.0557 0x1ee8  WudfPf - ok
08:18:20.0603 0x1ee8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:18:20.0740 0x1ee8  WUDFRd - ok
08:18:20.0776 0x1ee8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:18:20.0877 0x1ee8  wudfsvc - ok
08:18:20.0910 0x1ee8  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:18:21.0079 0x1ee8  WwanSvc - ok
08:18:21.0117 0x1ee8  ================ Scan global ===============================
08:18:21.0140 0x1ee8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:18:21.0185 0x1ee8  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
08:18:21.0234 0x1ee8  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
08:18:21.0282 0x1ee8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:18:21.0321 0x1ee8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:18:21.0337 0x1ee8  [ Global ] - ok
08:18:21.0339 0x1ee8  ================ Scan MBR ==================================
08:18:21.0345 0x1ee8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:18:22.0378 0x1ee8  \Device\Harddisk0\DR0 - ok
08:18:22.0379 0x1ee8  ================ Scan VBR ==================================
08:18:22.0385 0x1ee8  [ 81234EF3C05DBE2301F4FC95E9FEDB83 ] \Device\Harddisk0\DR0\Partition1
08:18:22.0454 0x1ee8  \Device\Harddisk0\DR0\Partition1 - ok
08:18:22.0474 0x1ee8  [ 2E9ACB280E19410B255F008AC50934D0 ] \Device\Harddisk0\DR0\Partition2
08:18:22.0519 0x1ee8  \Device\Harddisk0\DR0\Partition2 - ok
08:18:22.0543 0x1ee8  [ CB25FDCCD226C7DBC9793608D977F52B ] \Device\Harddisk0\DR0\Partition3
08:18:22.0562 0x1ee8  \Device\Harddisk0\DR0\Partition3 - ok
08:18:22.0563 0x1ee8  ================ Scan generic autorun ======================
08:18:22.0704 0x1ee8  [ C02B401242B4D1639AC921DC2029D5FF, D8C3D79DCCAC60892700C9D668A54DAAD835C6E22C477422D6BF1070D1AF5198 ] C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe
08:18:23.0585 0x1ee8  ApplyEsf-eDocPrintPro - detected UnsignedFile.Multi.Generic ( 1 )
08:18:26.0210 0x1ee8  Detect skipped due to KSN trusted
08:18:26.0210 0x1ee8  ApplyEsf-eDocPrintPro - ok
08:18:26.0264 0x1ee8  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
08:18:26.0395 0x1ee8  iTunesHelper - ok
08:18:26.0587 0x1ee8  [ 46D3D19A4745B67DCA6692AFAB0E136D, 4CC62A94C62B7D1DBE592AF29D4251F3A8A13FE3F55A3A8A7DC6495D990093E4 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
08:18:26.0828 0x1ee8  EEventManager - ok
08:18:26.0887 0x1ee8  [ 635DFB2E71D6359E07977E74703ED47E, C45F9208304421A5992C2A16B2B29D12C20C9E314850E1A23264B9162E671C02 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
08:18:27.0110 0x1ee8  FUFAXSTM - ok
08:18:27.0164 0x1ee8  [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
08:18:27.0199 0x1ee8  APSDaemon - ok
08:18:27.0268 0x1ee8  [ C9A9D02D6C1C4D0F9148153B733B4209, 2D1A0E61219398E694BA69FBB0FE82C5143C26737BE23809BA21CF5F1640A62E ] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe
08:18:27.0295 0x1ee8  NSU_agent - ok
08:18:27.0353 0x1ee8  [ FBDC0E172AA0D341FF0084A3DBFD00F5, 5B452DFD516CE88EBCBE5AC6CB7649767FBD68FFF85D62783278FD5670C1D550 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
08:18:27.0437 0x1ee8  FUFAXRCV - ok
08:18:27.0487 0x1ee8  [ 30E2F8DE27C2375B36D24D546105333B, 806B627A3EE54920EBA99427A59A4353FA7F03F2D4B86C9F2CCB42790BE7CD36 ] C:\Program Files (x86)\ROL Secure\fshoster32.exe
08:18:27.0513 0x1ee8  F-Secure Hoster (41035) - ok
08:18:27.0607 0x1ee8  [ 8D2E3694A6E416C30589183A2D32B17D, 7969A325C435A0A9A92A4FA8C6B95391472DC5A3907635842B10DD005C34FDD1 ] C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE
08:18:27.0698 0x1ee8  F-Secure Manager - ok
08:18:27.0783 0x1ee8  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:18:27.0977 0x1ee8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:18:30.0587 0x1ee8  Detect skipped due to KSN trusted
08:18:30.0587 0x1ee8  QuickTime Task - ok
08:18:30.0652 0x1ee8  [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:18:30.0724 0x1ee8  SunJavaUpdateSched - ok
08:18:30.0805 0x1ee8  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:18:31.0369 0x1ee8  Sidebar - ok
08:18:31.0393 0x1ee8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:18:31.0544 0x1ee8  mctadmin - ok
08:18:31.0588 0x1ee8  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:18:31.0783 0x1ee8  Sidebar - ok
08:18:31.0794 0x1ee8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:18:31.0826 0x1ee8  mctadmin - ok
08:18:31.0856 0x1ee8  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:18:32.0057 0x1ee8  Sidebar - ok
08:18:32.0084 0x1ee8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:18:32.0157 0x1ee8  mctadmin - ok
08:18:32.0158 0x1ee8  Waiting for KSN requests completion. In queue: 14
08:18:33.0158 0x1ee8  Waiting for KSN requests completion. In queue: 7
08:18:34.0158 0x1ee8  Waiting for KSN requests completion. In queue: 7
08:18:35.0201 0x1ee8  AV detected via SS2: ROL Secure, C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fsavwsch.exe ( 9.10.15260.0 ), 0x41000 ( enabled : updated )
08:18:35.0206 0x1ee8  Win FW state via NFP2: enabled
08:18:37.0711 0x1ee8  ============================================================
08:18:37.0711 0x1ee8  Scan finished
08:18:37.0711 0x1ee8  ============================================================
08:18:37.0724 0x19b4  Detected object count: 0
08:18:37.0724 0x19b4  Actual detected object count: 0
08:20:44.0001 0x1f8c  Deinitialize success
         

P.s.: Ich habe festgestellt dass ich die geposteten FRST Logfiles nicht ändern kann. Gibt es darin keine potentiell gefährlichen Informationen, die jemand nutzen könnte, der den Inhalt dieses Forums aufruft?

Alt 10.03.2015, 19:47   #8
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Nö, ausser vielleicht dem Realnamen als Usernamen, aber ansonsten ist da nix wildes drin


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.03.2015, 20:46   #9
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Habe das Programm laufen lassen (hat meine Geduld ganz schön strapaziert , vor allem weil nicht zu verstehen war, ob das Programm blockiert ist oder im Hintergrund noch was läuft.) Wie auch immer, ich habe nicht gearbeitet und auch die Maus nicht bewegt. Nach etwa 10 Minuten hat sich der Bildschirm verdunkelt (Stromsprmodus oder so ähnlich). Ich habe einige Minuten zugewartet, bis der Rechner nicht mehr zu arbeiten schien und dann 2x die Leerzeichen-Taste gedrückt, damit der Bildschirm wieder aktiv ist.

Das Programm lief noch immer, aber ich denke, das sollte kein Problem gewesen sein.
Hier also das Resultat:

Combofix Logfile:
Code:
ATTFilter
ComboFix 15-03-09.01 - XXXX 10.03.2015  20:00:03.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4087.2425 [GMT 1:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
AV: ROL Secure *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: ROL Secure *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\AdobePDF.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-10 bis 2015-03-10  ))))))))))))))))))))))))))))))
.
.
2015-03-10 19:13 . 2015-03-10 19:13	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-03-10 19:13 . 2015-03-10 19:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-10 19:13 . 2015-03-10 19:13	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-03-09 09:16 . 2015-03-09 09:16	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-09 09:16 . 2015-03-10 07:31	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-09 09:16 . 2015-03-10 07:30	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-09 09:14 . 2015-03-09 09:14	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-09 08:35 . 2015-03-09 08:35	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-03-07 12:32 . 2015-03-07 12:34	--------	d-----w-	C:\FRST
2015-03-06 07:21 . 2015-03-06 07:21	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-02-23 07:19 . 2015-02-23 07:19	--------	d-----w-	c:\program files (x86)\iTunes
2015-02-23 07:19 . 2015-02-23 07:19	--------	d-----w-	c:\program files\iPod
2015-02-23 07:19 . 2015-02-23 07:20	--------	d-----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 07:19 . 2015-02-23 07:20	--------	d-----w-	c:\program files\iTunes
2015-02-13 11:13 . 2007-03-23 15:55	35928	----a-w-	c:\windows\system32\AdobePDF64.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-06 07:20 . 2015-01-16 07:56	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 10:24 . 2012-04-05 07:00	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 10:24 . 2011-10-01 08:59	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"F-Secure Hoster (41035)"="c:\program files (x86)\ROL Secure\fshoster32.exe" [2013-12-11 191528]
"F-Secure Manager"="c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2014-10-14 310312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
.
c:\users\marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - .lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CI1T0V405KC;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-3 110592]
CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2010-12-13 155136]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe -s [2014-8-1 12660072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\ROL Secure\fshoster32.exe;c:\program files (x86)\ROL Secure\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 fsni;fsni;c:\program files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys;c:\program files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25994746
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 25994746
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:24]
.
2015-03-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 05:54]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 05:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\marvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplyEsf-eDocPrintPro"="c:\program files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe" [2014-04-17 2566144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {3C90111F-03C3-4522-96FE-DEA700CC0517} - hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
DPF: {EE0D7DAF-0F59-4245-924C-488EE3339CA1} - hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
FF - ProfilePath - c:\users\marvin\AppData\Roaming\Mozilla\Firefox\Profiles\i0fz98y8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN65823296474436112&UM=&q=
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 1875d5c80000000000004487fc8b29e2
FF - user.js: extensions.Softonic.instlDay - 15501
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.321:16
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng - 
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - (no file)
Wow6432Node-HKCU-Run-Akidynivi - c:\users\Marvin\AppData\Roaming\Koet\ilti.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\ROL Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,22,93,
   5f,f3,8a,4a,11,82,a3,4f,45,e1,ad,ef,8e
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=hex:51,66,7a,6c,4c,1d,3b,1b,98,4c,3b,
   9f,83,c7,7f,13,a0,db,eb,44,96,10,a6,e8
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,c7,6c,
   b6,57,b2,20,18,9f,78,43,19,ed,51,5a,0d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,4f,90,
   b6,6a,74,bb,1e,92,70,b6,ab,86,5d,07,8a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,17,d8,
   c3,73,fe,34,13,a1,7f,db,79,c2,82,cb,b4
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,3b,1b,ae,d7,3e,
   00,26,0b,a7,19,bd,69,f9,ed,d3,6d,61,16
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,89,15,
   e7,6c,96,41,1e,a2,30,d1,b5,2a,91,16,1e
"{7057B18B-A9DC-4A3E-9A6F-773828BE3E27}"=hex:51,66,7a,6c,4c,1d,3b,1b,9b,a6,47,
   68,ea,f3,51,1a,87,64,30,64,2b,f9,7d,3a
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c9,fa,
   a5,53,98,bf,41,a1,e6,47,fc,ca,4d,f6,12
"{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}"=hex:51,66,7a,6c,4c,1d,3b,1b,20,e6,0c,
   38,aa,b8,33,1e,ba,34,8a,45,7e,a8,e5,b3
"{45BBE08D-81C5-4A67-AF20-B2A077C67747}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,f7,ab,
   5d,f3,db,08,1a,b2,2b,f5,fc,74,81,34,5a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,80,04,
   6e,c6,8c,43,16,ab,e0,93,86,f2,9e,6e,5e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c3,20,
   88,34,16,d0,1a,93,c7,16,38,75,4f,20,db
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,f6,cd,
   87,59,d9,69,18,b6,14,53,09,c8,a8,b1,94
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:92,c4,7a,b3,1f,6a,cf,01
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,9e,ed,f1,6b,8b,96,47,b9,08,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,9e,ed,f1,6b,8b,96,47,b9,08,89,\
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="85bb6ba3-79b2-4673-b0f5-e989f9f7bcc1"
"AuthorizationCode"="T1Z4vMNLrH3IDBvfp41bsfn4fkhnl9NRzchiPq11r5PgFbJBNgyzFQ"
"41035_AgentIdentifier"="85bb6ba3-79b2-4673-b0f5-e989f9f7bcc1"
"41035_AuthorizationCode"="T1Z4vMNLrH3IDBvfp41bsfn4fkhnl9NRzchiPq11r5PgFbJBNgyzFQ"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-10  20:27:58
ComboFix-quarantined-files.txt  2015-03-10 19:27
.
Vor Suchlauf: 13 Verzeichnis(se), 248.375.877.632 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 248.877.322.240 Bytes frei
.
- - End Of File - - 8633A7D68A70AE724C82826B263AB221
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]


Übrigens. Diese Woche habe ich noch keine solche dubiosen Mails erhalten. Hat vielleicht Revo Uninstaller oder sonst etwas schon Wirkung gezeigt?? Andererseits gab es sonst auch schon Mal 3-4 Tage Ruhe, bis es dann wieder von Neuem anfing. Oder ist mein ganzes Adressbuch schon durch und ich hab deshalb endgültig Ruhe?

Alt 11.03.2015, 10:40   #10
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Du musst das Passwort vom Account ändern, die Passwörter werden meist online gehackt, ohne Zutun auf dem Rechner. Wir entfernen trotzdem die Adware die zu sehen ist.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.03.2015, 17:37   #11
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Das Password vom E-Mail-Account meinst du doch, oder?
Nicht, dass vom Router für die Internetverbindung?

Ich finde es nur verwunderlich, dass gleich alle 3 Passwörter von den 3 verschiedenen Mail-Adressen zusammen gehackt wurden?
mato@mato.de
familie@mato.de
frau@mato.de

HILFEE!!!

Habe jetzt Malwarebytes Anti-Malware laufen lassen, alles in Quarantäne verschoben und Neustart gemacht.
Ich kann mich jetzt nur nuch als Administrator anmelden, aber darin ist nichts installiert.
Mein Benutzer lässt sich nicht mehr anmelden!! Gebe ich ein falsches Passwort ein erkennt er es, gebe ich das korrekte Passwort ein, scheint es den Bruchteil einer Sekunde eine Anmeldung zu geben, aber dann erscheint sofort die Schrift "ABMELDEN" und ich komme wieder auf den Startbildschirm mit der Benutzerauswahl zurück.

Ich habe versucht unter dem Administrator-Benutzer mit Malwarebytes Anti-Malware alle in Quarantäne verschobene Daten wiederherzustellen. Trotzdem bleibt alles unverändert. Ich kann mich nicht mehr mit meinem Benutzer anmelden!!

HILFEE!!!

Die MBAM.TXT enthält nur folgenden TExt, nichts weiter:

Malwarebytes Anti-Malware
www.malwarebytes.org

Geändert von mato (11.03.2015 um 17:44 Uhr)

Alt 12.03.2015, 09:18   #12
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Kannste mit FRST aus dem Admin Konto scannen? Und das MBAM log enthält echt nicht mehr?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.03.2015, 09:53   #13
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Also folgendes Update:

1) Heute sind wieder 2 dieser Mails angekommen. Das Problem besteht also weiter
2) Ich habe jetzt versucht mein Benutzerkonto im abgesicherten Modus zu starten. Ich hoffe es ist ein gutes Zeichen, dass ich mein Konto im abgesicherten Modus, auch im abgesicherten Modus mit Netzwerktreibern und auch im abgesicherten Modus mit Eingabeaufforderungen starten kann.

3) Im abgesicherten Modus unter meinem Benutzerkonto kann ich auch nicht an ein inhaltsreicheres Logfile ran. Folgendes glaube ich ist wenig hilfreich:

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Remediation Database, 2013.10.16.1, 2015.3.9.1,
Update, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Update, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.11.4,
Scan, 03/11/2015 Í??, SYSTEM, MARVIN-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 15 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 677-Malwareerkennung,
(end)

4) mit FRST kann ich aus dem Admin Konto scannen. Hier das Resultat:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Administrator (administrator) on MARVIN-PC on 12-03-2015 09:55:30
Running from C:\Users\Administrator\Desktop
Loaded Profiles: UpdatusUser & Administrator (Available profiles: Marvin & UpdatusUser & Administrator)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJAE.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(Siemens IT Solutions and Services GmbH) C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [2566144 2014-04-17] (May Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2011-12-13] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [F-Secure Hoster (41035)] => C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-921190-1051346105-2666659791-500\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EIT&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EIT&apn_dbr=ie_9.0.8112.16476&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&itbv=12.23.0.15&doi=2015-01-16&psv=&pt=tb
HKU\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> {C7BE57D7-037B-4C7F-BFCF-C1740E1AC7DC} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^IT&gct=&itbv=12.23.0.15&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^IT&apn_dbr=ie_9.0.8112.16476&doi=2015-01-16&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2014-12-09] (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: No Name -> {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} ->  No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Raiffeisen ROL Secure Total Care -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2014-12-09] (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -> C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2015-03-11] (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2015-03-11] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-921190-1051346105-2666659791-500 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3C90111F-03C3-4522-96FE-DEA700CC0517} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EE0D7DAF-0F59-4245-924C-488EE3339CA1} hxxp://weblabeling.gls-italy.com/GlsLabelManager.CAB
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-06-13] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-06-18] (Nitro PDF)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2012-05-16] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{b4208cd3-a949-4cce-a44a-a5e217608fe5}] - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: ROL Secure Total Care - C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-28]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/ROL Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\Marvin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [653888 2013-09-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-27] (Macrovision Europe Ltd.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-26] (Freemake) [File not signed]
R2 fshoster; C:\Program Files (x86)\ROL Secure\fshoster32.exe [191528 2013-12-11] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\ROL Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-06-18] (Nitro PDF Software)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [45824 2009-12-15] (Advanced Card Systems Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-02-24] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71112 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2014-04-07] ()
R3 fsni; C:\Program Files (x86)\ROL Secure\apps\CCF_Scanning\bin\fsni64.sys [89640 2014-12-09] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 09:55 - 2015-03-12 09:56 - 00023461 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-03-12 09:54 - 2015-03-12 09:54 - 02095616 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-03-12 09:24 - 2015-03-12 09:25 - 00000532 _____ () C:\Users\marvin\Desktop\mbam11.txt
2015-03-12 08:32 - 2015-03-12 08:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-03-11 19:05 - 2015-03-11 19:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\OpenOffice
2015-03-11 18:19 - 2015-03-11 18:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nitro PDF
2015-03-11 17:19 - 2015-03-11 17:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-03-11 13:12 - 2015-03-11 13:16 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoftTB
2015-03-11 13:12 - 2015-03-11 13:12 - 00000000 ____D () C:\Users\marvin\AppData\Roaming\Mozilla
2015-03-11 13:01 - 2015-03-11 13:01 - 00000020 ___SH () C:\Users\marvin\ntuser.ini
2015-03-11 12:13 - 2015-03-11 12:13 - 00001058 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-11 12:13 - 2015-03-11 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-11 12:13 - 2015-03-11 12:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-11 12:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-11 12:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-10 19:58 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-10 19:58 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-10 19:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-10 19:58 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-10 19:57 - 2015-03-10 20:28 - 00000000 ____D () C:\Qoobox
2015-03-10 19:57 - 2015-03-10 20:23 - 00000000 ____D () C:\Windows\erdnt
2015-03-09 10:16 - 2015-03-12 09:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 10:16 - 2015-03-11 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-09 10:16 - 2015-03-11 12:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 10:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 09:35 - 2015-03-09 09:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-07 13:32 - 2015-03-12 09:55 - 00000000 ____D () C:\FRST
2015-03-06 14:31 - 2015-03-06 14:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-23 08:20 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-23 08:19 - 2015-02-23 08:20 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 08:19 - 2015-02-23 08:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-13 12:13 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 09:51 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:51 - 2009-07-14 05:45 - 00014832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:47 - 2010-12-24 20:05 - 01642972 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 09:43 - 2011-07-21 07:22 - 00149792 _____ () C:\Windows\error.log
2015-03-12 09:43 - 2011-04-14 22:06 - 00195861 _____ () C:\Windows\setupact.log
2015-03-12 09:43 - 2011-01-01 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 09:43 - 2010-12-24 20:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-12 09:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 09:42 - 2011-07-21 07:22 - 00035449 _____ () C:\Windows\errord.log
2015-03-12 09:28 - 2010-12-24 22:01 - 00000000 ____D () C:\Users\marvin
2015-03-12 09:10 - 2011-01-01 16:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 08:32 - 2010-12-25 17:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 08:24 - 2012-04-05 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 19:47 - 2011-12-01 07:47 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2015-03-11 18:19 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-11 18:12 - 2009-07-14 18:58 - 00054252 _____ () C:\Windows\system32\perfh007.dat
2015-03-11 18:12 - 2009-07-14 18:58 - 00016384 _____ () C:\Windows\system32\perfc007.dat
2015-03-11 18:12 - 2009-07-14 06:13 - 00064968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 17:20 - 2011-05-29 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-03-11 13:04 - 2011-08-01 13:06 - 00078576 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 13:00 - 2011-07-12 08:21 - 00302174 _____ () C:\Windows\PFRO.log
2015-03-11 12:58 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 12:57 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2015-03-11 12:24 - 2011-02-15 12:24 - 00000254 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-03-10 20:15 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-09 10:02 - 2013-05-30 13:30 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-09 10:01 - 2013-05-30 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-09 09:49 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 09:16 - 2013-05-05 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 08:27 - 2014-05-07 19:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-06 08:20 - 2015-01-16 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-06 08:20 - 2015-01-16 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 08:19 - 2010-12-28 19:05 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-23 08:19 - 2013-01-06 11:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 08:06 - 2010-12-27 21:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-13 12:13 - 2010-12-27 20:41 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Standard.lnk
2015-02-13 12:13 - 2010-12-27 20:41 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk

==================== Files in the root of some directories =======

2013-05-30 13:30 - 2013-05-30 13:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-27 21:27 - 2010-12-27 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 08:37

==================== End Of Log ============================
         
--- --- ---


und

Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Administrator at 2015-03-12 09:56:20
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ROL Secure (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: ROL Secure (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Free Video Converter 3 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version:  - 4Free Studio)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM-x32\...\Adobe Acrobat  8 Standard - Italiano, Español, Nederlands_831) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard - Italiano, Español, Nederlands) (Version: 8.3.1 - Adobe Systems)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced PDF Repair v2.0 (HKLM-x32\...\Advanced PDF Repair v2.0) (Version:  - )
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bit4Id - miniLector (HKLM-x32\...\Bit4Id - miniLector) (Version: 3.0 - Bit4id)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardOS API (HKLM\...\{8E814717-DE49-4A4A-BD12-39102F9C9FD0}) (Version: 3.3.018 - Siemens IT Solutions and Services GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Computer Security 14.99.105.0 (release) (x32 Version: 14.99.105.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Druckerdeinstallation für EPSON PX810FW Series (HKLM\...\EPSON PX810FW Series) (Version:  - SEIKO EPSON Corporation)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version:  - )
eDocPrintPro (HKLM\...\{BAC11FF6-53BC-432B-84AD-9141C19F2352}) (Version: 3.20.1 - MAY Computer)
Epson Benutzerhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Useg) (Version:  - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.60.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch XP-800 Series (HKLM-x32\...\XP-800 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version:  - )
Epson Printer Software Downloader (x32 Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (HKLM-x32\...\Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch) (Version:  - )
EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
Free Audio CD Burner version 2.0.21.1031 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.21.1031 - DVDVideoSoft Ltd.)
Free DWG Viewer 7.1 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.1 - IGC)
Free Screen Video Recorder version 2.5.39.1122 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.39.1122 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.0 - Ellora Assets Corporation)
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.134 (x32 Version: 1.02.134 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
gs_x64 (HKLM\...\{344BD061-2564-422E-860F-9E5DC49983AE}) (Version: 9.10 - MAY Computer)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Intr@Web Stand-Alone 13.0.0.0 (HKLM-x32\...\Intr@Web Stand-Alone 13.0.0.0) (Version: 13.0.0.0 - Sogei S.p.A.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kernel for Outlook PST Repair Evaluation ver 10.10.01 (HKLM-x32\...\Kernel for Outlook PST Repair - Evaluation Version_is1) (Version:  - Nucleus Data Recovery .com)
Kernel For PDF Repair Evaluation ver 9.11.01 (HKLM-x32\...\Kernel For PDF Repair Evaluation version_is1) (Version:  - Nucleus Data Recovery .com)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0407-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nitro Reader 3 (HKLM\...\{553BDFDD-CEE9-4833-97FB-B4C8BF81FFAD}) (Version: 3.5.5.2 - Nitro)
Nokia Software Updater (HKLM-x32\...\{889D48DA-457F-4C8B-9095-6458F2793B12}) (Version: 3.0.605 - Nokia Corporation)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.4.49.0 - Nokia)
Nokia Suite (x32 Version: 3.4.49.0 - Nokia) Hidden
NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Online Safety 2.99.2307.1728 (x32 Version: 2.99.2307.1728 - F-Secure Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook)
PDF Fixer (HKLM-x32\...\PDF Fixer) (Version: 1.0 - PCVARE Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Recovery Toolbox for Word 1.1 (HKLM-x32\...\Recovery Toolbox for Word_is1) (Version:  - Recovery Toolbox, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ROL Secure Launch pad (HKLM-x32\...\F-Secure ServiceEnabler 41035) (Version: 1.99.192.0 - F-Secure Corporation)
ROL Secure Launch pad (x32 Version: 1.99.192.0 - F-Secure Corporation) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SolidWorks eDrawings 2013 x64 (HKLM\...\{C218FF91-5C92-4DEC-AA05-322A9D065EE4}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysInfoTools PDF Repair v1.0 (HKLM-x32\...\{B6CA247E-DB92-4F38-B0BC-C5C93E5A3914}_is1) (Version:  - SysInfoTools)
Unigine Heaven Benchmark v2.0 (HKLM-x32\...\{5E9709F3-B39F-4133-AE60-3EC634971E75}) (Version: 2.0 - Unigine Corp.)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Watchtower Library 2004 - Deutsche Ausgabe (HKLM-x32\...\{3112AC55-B32E-4FE8-81D9-D55374961D5B}) (Version:  - )
Watchtower Library 2007 - Deutsch (HKLM-x32\...\{E1E02530-0475-4A86-9071-5524C64CF4CB}) (Version: 9.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - Deutsch (HKLM-x32\...\{8BE514E8-4486-4730-8B68-FA15EEDC942E}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-02-2015 09:54:33 Geplanter Prüfpunkt
24-02-2015 11:37:47 Geplanter Prüfpunkt
04-03-2015 13:37:16 Geplanter Prüfpunkt
09-03-2015 09:37:15 Revo Uninstaller's restore point - Search App by Ask
09-03-2015 09:40:33 Revo Uninstaller's restore point - Shopping App by Ask
09-03-2015 09:41:50 Revo Uninstaller's restore point - Softonic toolbar  on IE
09-03-2015 09:43:28 Revo Uninstaller's restore point - HP FWUpdateEDO2
09-03-2015 09:44:06 Revo Uninstaller's restore point - Feedback Tool
09-03-2015 09:45:35 Revo Uninstaller's restore point - Mein Gutscheincode Finder 1.0.0.0
09-03-2015 09:46:10 Revo Uninstaller's restore point - Word Password DEMO version 15.0
09-03-2015 09:53:11 Revo Uninstaller's restore point - Word Password Recovery Lastic 1.1
09-03-2015 09:59:57 Revo Uninstaller's restore point - HP Update
09-03-2015 10:00:09 Removed HP Update.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-10 20:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05697B83-4949-4368-8B24-133394F6C920} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29] (Adobe Systems Incorporated)
Task: {11637952-1AAF-47F0-B99F-35F4358E54D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {342B828C-8CAE-4210-A3E6-AB7C0781DFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43B02A80-5DE4-4895-8C55-E4DD70B7DA4B} - System32\Tasks\{108C941C-308A-467B-A730-09E7C54A5CFB} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {554D857C-0D3C-4DC9-B80C-6E38EE80128F} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {55CF7C53-A9BE-4397-ABA2-38DB6F4BA60B} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {5944B75D-7124-4BA3-B638-F06EB5520F3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {7566BAB7-99B8-4631-B67B-DBD278DD5A14} - System32\Tasks\{F6C27C40-9C4A-476D-A0DB-9E3F6438D981} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {A443A926-D7C2-43A7-A065-7FDA6C489615} - System32\Tasks\{372BBC43-B6A1-4427-BE02-50ECC45EE383} => pcalua.exe -a C:\Users\Marvin\Desktop\Setup.exe -d C:\Users\Marvin\Desktop
Task: {ABBBE6EA-AA4E-457F-BB5C-94EB08A46940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {ADC89731-447A-4ECD-B38B-C3361A31230D} - System32\Tasks\{BE987430-777E-472C-BAB6-099B2F4B0F14} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe [2011-08-30] (Adobe Systems Incorporated)
Task: {AF436C3F-6EC0-479B-8BE7-DD95E4C37B79} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-19 20:33 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00340480 _____ () C:\Windows\system32\siecaces.dll
2008-12-05 11:39 - 2008-12-05 11:39 - 00229376 _____ () C:\Windows\system32\gmp4_2_1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-921190-1051346105-2666659791-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-921190-1051346105-2666659791-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-921190-1051346105-2666659791-501 - Limited - Disabled)
Marvin (S-1-5-21-921190-1051346105-2666659791-1000 - Administrator - Enabled) => C:\Users\Marvin
UpdatusUser (S-1-5-21-921190-1051346105-2666659791-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 09:56:25 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2015-03-12  09:56:25+02:00  MARVIN-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 7af3f20e098b8c1d48a663b5a853b5950a159aae

Error: (03/12/2015 09:43:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:40:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:39:05 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:36:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:36:30 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:20:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:15:15 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:15:15 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT-AUTORITÄT)
Description: Die Klassenregistrierungsdatei kann nicht geladen werden.
 DETAIL - Das System kann die angegebene Datei nicht finden.

Error: (03/12/2015 09:12:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 12.0.6691.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f30

Startzeit: 01d05c9a9cf59fe2

Endzeit: 5085

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

Berichts-ID: 71c12837-c88f-11e4-8c87-4487fc8b29e2


System errors:
=============
Error: (03/12/2015 09:44:26 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/12/2015 09:40:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
DfsC
discache
NetBIOS
NetBT
NetworkX
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Epson Scanner Service" ist vom Dienst "Windows-Bilderfassung (WIA)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/12/2015 09:40:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (03/11/2015 11:19:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9395 seconds with 5820 seconds of active time.  This session ended with a crash.

Error: (03/05/2015 00:47:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/04/2015 00:57:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18751 seconds with 9540 seconds of active time.  This session ended with a crash.

Error: (01/17/2015 02:55:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15738 seconds with 5820 seconds of active time.  This session ended with a crash.

Error: (10/21/2014 07:27:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45807 seconds with 15780 seconds of active time.  This session ended with a crash.

Error: (09/10/2014 11:35:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/10/2014 07:53:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/25/2014 04:49:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34243 seconds with 7380 seconds of active time.  This session ended with a crash.

Error: (08/04/2014 04:00:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30055 seconds with 12360 seconds of active time.  This session ended with a crash.

Error: (07/24/2014 10:17:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8083 seconds with 3360 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-10 20:10:57.372
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-10 20:10:57.298
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-19 13:41:28.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dxgi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-15 07:45:31.242
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-15 07:45:31.195
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:54:47.524
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:54:47.493
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:53:44.680
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-12 07:53:44.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-11 08:13:59.170
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\fses.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 4087.12 MB
Available physical RAM: 2217.69 MB
Total Pagefile: 8172.37 MB
Available Pagefile: 5879.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:215.17 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:377.5 GB) NTFS
Drive e: (ORANIER) (CDROM) (Total:1.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00040336)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Geändert von mato (12.03.2015 um 10:00 Uhr)

Alt 12.03.2015, 19:37   #14
schrauber
/// the machine
/// TB-Ausbilder
 

SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Downloade dir bitte Rogue Killer von hier.
  • Speichere das Tool auf deinem Desktop !
  • Schließe alle laufenden Programme.
  • Starte die RogueKiller.exe
  • Warte bis Prescan abgeschlossen erscheint und klicke dann auf Scannen.
  • Wenn der Scan beendet wurde, klicke auf Bericht und poste diesen hier.
  • Du findest die Logdatei RKreport[1].txt auch auf deinem Desktop.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.03.2015, 21:57   #15
mato
 
SPAM wird von meiner Mail aus an meine Kontakte versendet - Standard

SPAM wird von meiner Mail aus an meine Kontakte versendet



Nach dem Download des Programms unter dem angegebenen Link, kam eine Notiz die Version sei überholt und ich wurde auf die Seite des Entwicklers gebracht. Habe dann dort die Version (Local) Portable 64 bits heruntergeladen und den scan laufen lassen.
Zugegeben: IE war während dem Scan noch offen. Hoffe das verfälscht nichts.

Hier das File

Code:
ATTFilter
RogueKiller V10.5.4.0 (x64) [Mar 12 2015] by Adlice Software
Mail : hxxp://www.adlice.com/contact/
Feedback : hxxp://forum.adlice.com
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com

Betriebssystem : Windows 7 (6.1.7600 ) 64 bits version
gestarted in : normaler Modus
User : Administrator [Administrator]
Started from : C:\Users\Administrator\Desktop\RogueKillerX64.exe
Modus : Scannen -- Datum : 03/12/2015  21:53:59

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} -> Gefunden
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} -> Gefunden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EIT&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EIT&apn_dbr=ie_9.0.8112.16476&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&itbv=12.23.0.15&doi=2015-01-16&psv=&pt=tb  -> Gefunden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-921190-1051346105-2666659791-500\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5EIT&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EIT&apn_dbr=ie_9.0.8112.16476&apn_uid=18719B77-C530-4FDF-902C-6A4BE4E76AFB&itbv=12.23.0.15&doi=2015-01-16&psv=&pt=tb  -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{982E6B0C-B572-4436-A596-D15252CCDDF6} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{982E6B0C-B572-4436-A596-D15252CCDDF6} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Gefunden
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{982E6B0C-B572-4436-A596-D15252CCDDF6} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Gefunden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Gefunden
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Gefunden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Gefunden
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 1 ¤¤¤
[Hj.Name][Datei] Tintenwarnungen überwachen - .lnk -- D:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [LNK@] C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CI1T0V405KC;CONNECTION=USB;MONITOR=1; -> Gefunden

¤¤¤ Host Dateien : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 4 (Driver: geladen) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\??\C:\Program Files (x86)\ROL Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\rol secure\apps\computersecurity\hips\fshook32.dll @ 0x74615350 (jmp 0x744c3344)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\rol secure\apps\computersecurity\hips\fshook32.dll @ 0x74615350 (jmp 0x74573344)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateUserProcess : c:\program files (x86)\rol secure\apps\computersecurity\hips\fshook32.dll @ 0x74615350 (jmp 0x74503344)

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] ddd5f93721360178b27f37d3d42fdeee
[BSP] 8531e45a81582aeb5c8cd5bd651b88f4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
         

Antwort

Themen zu SPAM wird von meiner Mail aus an meine Kontakte versendet
bat, bericht, cmd, dll, eigene kontakte, email, exe, folge, frage, gesendet, html, job, links, mail, malware, netzwerk, online, outlook, pdf, quarantäne, rechner, scr, spam, system, tmp, vbs, virus, wma



Ähnliche Themen: SPAM wird von meiner Mail aus an meine Kontakte versendet


  1. web.de versendet selbstständig Spam E-Mails an Kontakte
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (10)
  2. Nach öffnen eines E-Mail Inhaltes wurden an alle Kontakte eine E-Mail versendet
    Log-Analyse und Auswertung - 27.04.2015 (27)
  3. Yahoo: Gefälschte Mailadresse versendet Mails an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (5)
  4. Mein GMX-Account versendet Spam an alle meine Kontakte
    Log-Analyse und Auswertung - 10.12.2014 (10)
  5. Meine Yahoo! Mail versendet Spam eMails
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (1)
  6. Über meine Mail-Adreße wird Spam versendet
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (11)
  7. Yahoo-Mail-Account versendet Spam-Mails an Kontakte aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (3)
  8. EMAIL versendet SPAM an Kontakte
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (3)
  9. Spam-Mail von meiner web.de-E-Mail-Adresse an alle Kontakte gesendet
    Log-Analyse und Auswertung - 22.02.2012 (27)
  10. Google Mail Konto: Spam-Email an alle meine Kontakte versendet
    Überwachung, Datenschutz und Spam - 22.11.2011 (1)
  11. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)
  12. Facebook versendet an alle meine Kontakte Spam mails
    Log-Analyse und Auswertung - 15.08.2011 (1)
  13. Google Mail Konto: Spam-Email an alle meine Kontakte versendet
    Überwachung, Datenschutz und Spam - 25.04.2011 (0)
  14. Mein AOL E-Mail Account versendet Spammails an meine Kontakte Outlook2007
    Plagegeister aller Art und deren Bekämpfung - 11.04.2011 (18)
  15. Spam-Mails über meine Mail-Adresse auf meine Kontakte geschickt!
    Log-Analyse und Auswertung - 28.11.2010 (1)
  16. Über meine email-Adresse wurde Spam an Kontakte versendet! Malware gefunden!
    Log-Analyse und Auswertung - 16.11.2010 (12)
  17. Es werden Spam Mails von meiner E-Mail Adresse versendet.
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (20)

Zum Thema SPAM wird von meiner Mail aus an meine Kontakte versendet - Ich habe seit gut 1 Monat folgendes Problem. Ich erhalte täglich einige E-mails mit verdächtigen Links, die immer von mir bekannten Kontakten (bzw. von Kontakten aus meinem Adressbuch) an mich - SPAM wird von meiner Mail aus an meine Kontakte versendet...
Archiv
Du betrachtest: SPAM wird von meiner Mail aus an meine Kontakte versendet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.