Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista. Avira findet TR/Fareit.A.686

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.03.2015, 16:04   #1
Lobinski
 
Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Hallo!
Der Echtzeitscanner von Avira hat vorgestern bei mir den Trojaner TR/Fareit.A.686 gefunden.
Nach einem Systemscan wurde der in Quarantäne verschoben.
Würde gerne wissen, was nun zu tun ist. Habe außer dem Systemscan nichts weiter unternommen.

defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:44 on 12/03/2015 (Lobinski)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Lobinski (administrator) on LOBENHOFER-PC on 12-03-2015 12:28:28
Running from C:\Users\Lobinski\Downloads
Loaded Profiles: Lobinski & Uni (Available profiles: Lobinski & Uni)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(AlcaTech) C:\Windows\System32\mmrtkrnl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Spotify Ltd) C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4431872 2007-04-10] (Realtek Semiconductor)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [357376 2008-07-22] (shbox.de)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-27] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [Spotify Web Helper] => C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-22] (Spotify Ltd)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [6ad] => C:\Users\Lobinski\AppData\Roaming\7cc7\6ad.js
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {1bf29b54-88c0-11de-b931-00030da196c9} - F:\AutoRun.exe
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {1bf29b56-88c0-11de-b931-00030da196c9} - F:\AutoRun.exe
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {69a21391-6aef-11e3-b8a9-00030da196c9} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {9ceb5d3c-8802-11de-8972-00030da196c9} - F:\AutoRun.exe
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {9ceb5d4e-8802-11de-8972-00030da196c9} - G:\AutoRun.exe
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {a8bf1d23-8739-11de-984b-00030da196c9} - F:\AutoRun.exe
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\MountPoints2: {a8bf1d45-8739-11de-984b-00030da196c9} - F:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2909785519-3025136298-1131319659-1000] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=14469&l=dis
HKU\S-1-5-21-2909785519-3025136298-1131319659-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000 -> {B7AAB74F-3ED1-43CA-8BBD-008694E79CC6} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2909785519-3025136298-1131319659-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2909785519-3025136298-1131319659-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-02-19] (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default
FF Homepage: hxxp://www.setgame.com/set/daily_puzzle
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909785519-3025136298-1131319659-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lobinski\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2909785519-3025136298-1131319659-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\user.js [2009-04-19]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-03-10] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-03-10] (Citrix Systems, Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: QuickStores-Toolbar - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\quickstores@quickstores.de [2010-08-23]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-02]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-09-07]
FF Extension: DownloadHelper - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: CoolPreviews - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(10) [2009-05-30]
FF Extension: eBay Sidebar for Firefox - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2011-05-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-22]
FF Extension: CoolPreviews - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2011-06-17]
FF Extension: Adblock Plus - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-03-06]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-09]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-12-23] (Samsung Electronics) [File not signed]
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 12:28 - 2015-03-12 12:30 - 00027676 _____ () C:\Users\Lobinski\Downloads\FRST.txt
2015-03-12 12:28 - 2015-03-12 12:28 - 00000000 ____D () C:\FRST
2015-03-12 12:27 - 2015-03-12 12:27 - 01135104 _____ (Farbar) C:\Users\Lobinski\Downloads\FRST.exe
2015-03-12 09:44 - 2015-03-12 09:45 - 00000478 _____ () C:\Users\Lobinski\Downloads\defogger_disable.log
2015-03-12 09:44 - 2015-03-12 09:44 - 00000000 _____ () C:\Users\Lobinski\defogger_reenable
2015-03-12 09:42 - 2015-03-12 09:42 - 00050477 _____ () C:\Users\Lobinski\Downloads\Defogger.exe
2015-03-06 13:08 - 2015-03-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-02 00:36 - 2015-03-02 00:36 - 00000519 _____ () C:\Users\Uni\Desktop\Arbeit - Verknüpfung.lnk
2015-02-25 23:09 - 2015-02-26 12:25 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-22 13:15 - 2015-02-22 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-22 13:11 - 2015-02-22 13:11 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-02-22 13:10 - 2015-02-22 13:15 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-22 13:10 - 2015-02-22 13:14 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-22 13:07 - 2015-02-22 13:07 - 03312608 _____ (DVDVideoSoft Ltd. ) C:\Users\Lobinski\Downloads\FreeStudio.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 12:30 - 2008-09-12 17:47 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{839B324E-F799-4CCE-9BCE-16EE4649FF3E}.job
2015-03-12 12:28 - 2010-04-19 20:59 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DFA6C29-CEBF-46ED-9FEF-DC25F2419506}.job
2015-03-12 12:27 - 2013-01-11 13:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 11:59 - 2008-09-12 16:15 - 01944380 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 10:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 10:45 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:44 - 2008-09-12 17:28 - 00000000 ____D () C:\Users\Lobinski
2015-03-12 09:08 - 2013-08-15 09:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 09:08 - 2008-07-15 02:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 09:08 - 2006-11-02 11:23 - 00000272 _____ () C:\Windows\win.ini
2015-03-12 09:03 - 2010-09-30 22:43 - 00000000 ___RD () C:\Users\Lobinski\Documents\My Dropbox
2015-03-12 09:03 - 2010-09-30 22:34 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\Dropbox
2015-03-12 08:51 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-12 08:45 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 20:34 - 2014-12-11 17:05 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-11 20:34 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-09 17:22 - 2014-08-07 16:47 - 00000680 _____ () C:\Users\Lobinski\AppData\Local\d3d9caps.dat
2015-03-08 22:09 - 2009-04-13 12:57 - 00000000 ____D () C:\ProgramData\FreePDF
2015-03-08 22:08 - 2009-04-13 13:00 - 00010126 _____ () C:\fpRedmon.log
2015-03-08 17:44 - 2012-05-08 08:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 10:42 - 2014-08-05 10:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 10:41 - 2012-12-30 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 10:41 - 2012-12-30 16:05 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 13:56 - 2012-12-30 16:05 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 13:56 - 2012-12-30 16:05 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-27 08:29 - 2014-05-21 12:32 - 00004388 _____ () C:\Windows\PFRO.log
2015-02-24 03:23 - 2009-10-03 10:08 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 13:32 - 2011-07-18 20:59 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\DVDVideoSoft
2015-02-22 13:05 - 2008-10-19 15:23 - 00000000 ____D () C:\ProgramData\eMule
2015-02-17 18:54 - 2013-10-31 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-16 23:10 - 2008-01-21 08:16 - 00006650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 13:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 12:50 - 2010-09-30 22:34 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2008-09-12 19:28 - 2011-01-23 11:18 - 0000208 _____ () C:\Users\Lobinski\AppData\Roaming\wklnhst.dat
2014-08-07 16:47 - 2015-03-09 17:22 - 0000680 _____ () C:\Users\Lobinski\AppData\Local\d3d9caps.dat
2008-09-19 18:57 - 2012-08-05 15:40 - 0242176 _____ () C:\Users\Lobinski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-14 11:12 - 2008-09-14 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Lobinski\AppData\Local\Temp\avgnt.exe
C:\Users\Lobinski\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5gjrdu.dll
C:\Users\Lobinski\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Lobinski\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Lobinski\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Lobinski\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Lobinski\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Lobinski\AppData\Local\Temp\stubhelper.dll
C:\Users\Uni\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Uni\AppData\Local\Temp\AskSLib.dll
C:\Users\Uni\AppData\Local\Temp\avgnt.exe
C:\Users\Uni\AppData\Local\Temp\uqkqyp7c.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-12 08:50

==================== End Of Log ============================
         
FRST Additions:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Lobinski at 2015-03-12 12:30:50
Running from C:\Users\Lobinski\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8AD67572-0AE2-0CAC-CD8B-17FBAC973901}) (Version: 3.0.643.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AudibleManager (HKLM\...\AudibleManager) (Version: 4759644.48.2147303424.4759644 - Audible, Inc.)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BPM-Studio 4 Demo (HKLM\...\{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}) (Version: 4.9.91 - AlcaTech)
calibre (HKLM\...\{0DF82C0A-38A7-4213-B3D7-9E7179F80065}) (Version: 0.8.6 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - )
ccc-core-static (Version: 2007.1011.2229.38348 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Cisco AnyConnect VPN Client (HKLM\...\{44257960-C5CC-45BA-8E83-524E4A0F3FD5}) (Version: 2.5.3054 - Cisco Systems, Inc.)
Citrix Online Plug-in - Web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert Image To PDF (HKLM\...\Convert Image To PDF_is1) (Version:  - Softinterface, Inc.)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dopcatcher 1.5 (HKLM\...\{F5019E6B-99D6-47FB-8144-989173D67987}_is1) (Version: 1.5 - ADOn-Media Ltd.)
Dropbox (HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623u) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Free Studio version 6.5.0.219 (HKLM\...\Free Studio_is1) (Version: 6.5.0.219 - DVDVideoSoft Ltd.)
FreePDF XP (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
FSCLounge (HKLM\...\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}) (Version: 1.0.0 - Fujitsu Siemens Computers)
GNU Backgammon (Version 1_04_000, 20141021) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 4.1.7 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.7 - )
L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator X Demo (HKLM\...\InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}) (Version: 1.00.0000 - Microsoft Game Studios)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.300.05.03.40 - Huawei Technologies Co.,Ltd)
Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version:  - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MP4 To MP3 Converter V3.0 (HKLM\...\MP4 To MP3 Converter_is1) (Version:  - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{854C47D1-C2A0-4492-8655-C3F8D49C1031}) (Version: 8.3.161 - Nero AG)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDV (HKLM\...\{B804C424-B66D-447A-84BD-C6B88C392C3A}) (Version: 2.0.2120 - CyberLink Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.00.62.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1670 Series (HKLM\...\Samsung ML-1670 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skins (Version: 2007.1011.2229.38348 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steinberg Cubase LE (HKLM\...\Steinberg Cubase LE) (Version:  - )
SystemDiagnostics (HKLM\...\{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}) (Version: 2.00.0002 - Fujitsu Siemens Computers       )
TuxGuitar 1.2 (HKLM\...\TuxGuitar_0) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WZebra 4.2.4 (HKLM\...\WZebra_is1) (Version:  - Gunnar Andersson & Lars Ivansson)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{22F853F3-CB3A-D0B3-CC19-096EBE2D2C2A}\InprocServer32 -> C:\Windows\system32\appwiz.cpl (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{3C93B40C-6599-4CAF-8A40-2B972A0BD849}\InprocServer32 -> C:\Program Files\CyberLink\PowerDV\Kernel\PowerDV\DVCLAud.ax (CyberLink Corp.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Lobinski\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{7EDBD0FF-C865-A30A-585B-07030795B053}\InprocServer32 -> C:\Windows\system32\appwiz.cpl (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{7EDBD0FF-C865-A30A-585B-07030795B053}\localserver32 -> C:\Windows\MSAgent\agentsvr.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{98067DB1-E080-8B4A-31F0-FFC410C20729}\InprocServer32 -> C:\Windows\system32\rasgcw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{A537AB7D-8DC0-895C-6C4B-F08DA0708673}\InprocServer32 -> C:\Windows\system32\rasgcw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{A966E6E0-4283-E140-492C-9730515A3EBC}\InprocServer32 -> C:\Windows\system32\rasgcw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{CB51B6D1-ED35-1F58-4698-3E6EE8F7FC0C}\InprocServer32 -> C:\Windows\system32\rasgcw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{CE6D8DCD-910D-CB56-D5EE-9D1F2BE164EA}\InprocServer32 -> C:\Program Files\CyberLink\PowerDV\Kernel\PowerDV\DVCLAud.ax (CyberLink Corp.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-03-2015 11:44:11 Windows Update
08-03-2015 03:00:26 Windows Update
08-03-2015 18:52:36 Geplanter Prüfpunkt
09-03-2015 14:18:30 Windows Update
10-03-2015 09:05:32 Windows Update
10-03-2015 10:34:42 Windows Update
11-03-2015 08:23:20 Windows Update
12-03-2015 08:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D6BFE6F-4FFC-49D8-8344-A0C50F7D49BB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2909785519-3025136298-1131319659-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3400EA72-A2F6-4742-A08B-AD37E4449996} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {480B22F9-262F-404A-ABA6-04238D5C0AA8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {50C632AF-CD2C-4923-85E0-4235E0D5C798} - System32\Tasks\{4A951B82-51D7-480F-B93A-BB337E2F0025} => pcalua.exe -a C:\Users\Lobinski\Downloads\igowin.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8D6FD7C6-0C55-4430-89EE-B8A148295E46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A24E5DCD-905B-4A34-8696-75403A366218} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2909785519-3025136298-1131319659-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A3AA123D-13B9-4202-923B-52EF16B8BCFA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A60B7A58-0290-44EA-9065-F55D6E6D37A2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2909785519-3025136298-1131319659-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B792DC24-4740-48A3-91E4-33287F107AB7} - System32\Tasks\{BE4C01D8-FA1E-4650-9CEF-11DD0C9E16D3} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {C79BE66A-D4C0-4B35-8E0C-429639C7CE6C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Lobinski => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {C921177D-14AD-4021-9CF6-5AEEA33EA78C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2909785519-3025136298-1131319659-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FDA96905-D15E-4E91-8818-FCDACE40CC1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7DFA6C29-CEBF-46ED-9FEF-DC25F2419506}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{839B324E-F799-4CCE-9BCE-16EE4649FF3E}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-31 15:19 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2009-04-13 12:57 - 2008-02-25 21:23 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2012-02-15 14:07 - 2011-01-27 09:33 - 00026624 _____ () C:\Windows\System32\ssb7mlm.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-07-15 02:46 - 2006-07-20 01:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2008-07-15 02:29 - 2007-10-11 23:02 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-12-17 18:12 - 2010-12-17 18:12 - 00332288 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 08:47 - 2015-03-12 08:47 - 00043008 _____ () c:\users\lobinski\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5gjrdu.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-02-15 14:07 - 2011-08-31 01:49 - 00684032 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssb7mdu.dll
2015-02-05 20:27 - 2015-02-05 20:27 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2909785519-3025136298-1131319659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Uni\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2909785519-3025136298-1131319659-500 - Administrator - Disabled)
Gast (S-1-5-21-2909785519-3025136298-1131319659-501 - Limited - Disabled)
Lobinski (S-1-5-21-2909785519-3025136298-1131319659-1000 - Administrator - Enabled) => C:\Users\Lobinski
Uni (S-1-5-21-2909785519-3025136298-1131319659-1001 - Administrator - Enabled) => C:\Users\Uni

==================== Faulty Device Manager Devices =============

Name: ADS Instant HDTV PCI
Description: ADS Instant HDTV PCI
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ADS Technologies
Service: Ph3xIB32
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 09:07:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/12/2015 09:07:57 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/12/2015 08:46:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 08:45:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/11/2015 02:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa8d4, Ausnahmecode 0xc0000005, Fehleroffset 0x000678b8,
Prozess-ID 0x1d20, Anwendungsstartzeit iexplore.exe0.

Error: (03/11/2015 01:01:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/11/2015 01:00:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2403960

Error: (03/11/2015 01:00:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2403960

Error: (03/11/2015 01:00:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2015 01:00:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2401292


System errors:
=============
Error: (03/12/2015 08:46:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (03/11/2015 08:34:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (03/10/2015 11:04:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/10/2015 11:00:56 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BM-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BA37F77F-E9C2-4665-A83F-1F54CF019943-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/10/2015 04:43:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053

Error: (03/10/2015 04:43:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst

Error: (03/10/2015 04:42:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (03/10/2015 04:41:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 10.03.2015 um 11:41:10 unerwartet heruntergefahren.

Error: (03/10/2015 09:01:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (03/09/2015 10:41:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (03/12/2015 09:07:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/12/2015 09:07:57 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/12/2015 08:46:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 08:45:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/11/2015 02:42:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.189994ccf92fbmshtml.dll8.0.6001.189994ccfa8d4c0000005000678b81d2001d05bf3f2637810

Error: (03/11/2015 01:01:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/11/2015 01:00:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2403960

Error: (03/11/2015 01:00:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2403960

Error: (03/11/2015 01:00:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/11/2015 01:00:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2401292


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 58%
Total physical RAM: 3069.51 MB
Available physical RAM: 1259.05 MB
Total Pagefile: 6367.29 MB
Available Pagefile: 4154.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.02 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:9.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:131.89 GB) (Free:55.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: C3BFE2AD)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=92.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=131.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-12 21:30:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: u6zvk6i3.exe; Driver: C:\Users\Lobinski\AppData\Local\Temp\pflcquob.sys


---- System - GMER 2.1 ----

SSDT   8CF333AE                                                                                              ZwCreateSection
SSDT   8CF33386                                                                                              ZwCreateSymbolicLinkObject
SSDT   8CF3338B                                                                                              ZwLoadDriver
SSDT   8CF33381                                                                                              ZwOpenSection
SSDT   8CF333B8                                                                                              ZwRequestWaitReplyPort
SSDT   8CF333B3                                                                                              ZwSetContextThread
SSDT   8CF333BD                                                                                              ZwSetSecurityObject
SSDT   8CF33390                                                                                              ZwSetSystemInformation
SSDT   8CF333C2                                                                                              ZwSystemDebugControl
SSDT   8CF3334F                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                         82AB9978 4 Bytes  [AE, 33, F3, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 21D                                                                         82AB9980 4 Bytes  [86, 33, F3, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 37D                                                                         82AB9AE0 4 Bytes  [8B, 33, F3, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 3FD                                                                         82AB9B60 4 Bytes  [81, 33, F3, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                         82AB9C9C 4 Bytes  [B8, 33, F3, 8C]
.text  ...                                                                                                   

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Real\RealPlayer\Update\realsched.exe[3400] kernel32.dll!SetUnhandledExceptionFilter  770EA84F 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57                           
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet)       

---- EOF - GMER 2.1 ----
         
Avira Echtzeitscanner-Report:

Code:
ATTFilter
Exportierte Ereignisse:

11.03.2015 14:44 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Lobinski\AppData\Local\Temp\Low\4063.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Fareit.A.686' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
Avira Systemscan-Report:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 12. März 2015  09:24


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : LOBENHOFER-PC

Versionsinformationen:
BUILD.DAT      : 15.0.8.650     91859 Bytes  25.02.2015 17:54:00
AVSCAN.EXE     : 15.0.8.650   1014064 Bytes  04.03.2015 12:56:08
AVSCANRC.DLL   : 15.0.8.650     63792 Bytes  04.03.2015 12:56:08
LUKE.DLL       : 15.0.8.650     60664 Bytes  04.03.2015 12:56:59
AVSCPLR.DLL    : 15.0.8.650     94456 Bytes  04.03.2015 12:56:09
REPAIR.DLL     : 15.0.8.650    366328 Bytes  04.03.2015 12:56:06
REPAIR.RDF     : 1.0.6.16      786458 Bytes  11.03.2015 13:25:52
AVREG.DLL      : 15.0.8.650    264496 Bytes  04.03.2015 12:56:06
AVLODE.DLL     : 15.0.8.650    645368 Bytes  04.03.2015 12:56:05
AVLODE.RDF     : 14.0.4.54      78895 Bytes  05.12.2014 17:06:42
XBV00017.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00018.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00019.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00020.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00021.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:48
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 15:47:49
XBV00100.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:09
XBV00101.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:09
XBV00102.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:09
XBV00103.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:09
XBV00104.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:09
XBV00105.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:09
XBV00106.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00107.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00108.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00109.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00110.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00111.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00112.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00113.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00114.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00115.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00116.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00117.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00118.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00119.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00120.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00121.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00122.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00123.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:10
XBV00124.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00125.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00126.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00127.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00128.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00129.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00130.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00131.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00132.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00133.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00134.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00135.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00136.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:11
XBV00137.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00138.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00139.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00140.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00141.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00142.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00143.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00144.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00145.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00146.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00147.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:12
XBV00148.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00149.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00150.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00151.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00152.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00153.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00154.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00155.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00156.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00157.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00158.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00159.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00160.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00161.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00162.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00163.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00164.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00165.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00166.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:13
XBV00167.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00168.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00169.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00170.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00171.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00172.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00173.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00174.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00175.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00176.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00177.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00178.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00179.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00180.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00181.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00182.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00183.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00184.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00185.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00186.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00187.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00188.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:14
XBV00189.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00190.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00191.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00192.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00193.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00194.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00195.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00196.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00197.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00198.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00199.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00200.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00201.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00202.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00203.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00204.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00205.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00206.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00207.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:15
XBV00208.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:16
XBV00209.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:16
XBV00210.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00211.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00212.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00213.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00214.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00215.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00216.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:17
XBV00217.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00218.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00219.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00220.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00221.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00222.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00223.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00224.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00225.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00226.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:18
XBV00227.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00228.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00229.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00230.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00231.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00232.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00233.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00234.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:19
XBV00235.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00236.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00237.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00238.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00239.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00240.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00241.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00242.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00243.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00244.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00245.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00246.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:20
XBV00247.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00248.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00249.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00250.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00251.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00252.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00253.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00254.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00255.VDF   : 8.11.213.176     2048 Bytes  05.03.2015 15:44:21
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 15:05:54
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 18:51:11
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 08:15:33
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:14:43
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 16:06:52
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 20:09:42
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 21:40:01
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 10:04:48
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 15:47:48
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 12:56:53
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 14:33:01
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 17:05:45
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 15:51:49
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 20:35:54
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 16:16:09
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 12:57:11
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 15:44:06
XBV00042.VDF   : 8.11.213.202     3584 Bytes  05.03.2015 15:44:06
XBV00043.VDF   : 8.11.213.204     2048 Bytes  05.03.2015 15:44:06
XBV00044.VDF   : 8.11.213.230    40960 Bytes  05.03.2015 15:44:06
XBV00045.VDF   : 8.11.214.2     29184 Bytes  05.03.2015 21:44:11
XBV00046.VDF   : 8.11.214.28    25088 Bytes  05.03.2015 09:11:24
XBV00047.VDF   : 8.11.214.30    14848 Bytes  05.03.2015 09:11:24
XBV00048.VDF   : 8.11.214.32     3072 Bytes  05.03.2015 09:11:24
XBV00049.VDF   : 8.11.214.34     2048 Bytes  06.03.2015 09:11:24
XBV00050.VDF   : 8.11.214.38    39424 Bytes  06.03.2015 09:11:24
XBV00051.VDF   : 8.11.214.40     6656 Bytes  06.03.2015 09:11:24
XBV00052.VDF   : 8.11.214.42     4608 Bytes  06.03.2015 09:11:24
XBV00053.VDF   : 8.11.214.44     5120 Bytes  06.03.2015 15:11:33
XBV00054.VDF   : 8.11.214.46    23552 Bytes  06.03.2015 15:11:33
XBV00055.VDF   : 8.11.214.48     3072 Bytes  06.03.2015 15:11:33
XBV00056.VDF   : 8.11.214.50    25600 Bytes  06.03.2015 15:11:33
XBV00057.VDF   : 8.11.214.72     2048 Bytes  06.03.2015 15:11:34
XBV00058.VDF   : 8.11.214.92    48128 Bytes  06.03.2015 21:11:21
XBV00059.VDF   : 8.11.214.112    12800 Bytes  06.03.2015 21:11:22
XBV00060.VDF   : 8.11.214.114     2560 Bytes  06.03.2015 21:11:22
XBV00061.VDF   : 8.11.214.136    32256 Bytes  06.03.2015 10:46:03
XBV00062.VDF   : 8.11.214.138     2048 Bytes  06.03.2015 10:46:03
XBV00063.VDF   : 8.11.214.140     2048 Bytes  07.03.2015 10:46:03
XBV00064.VDF   : 8.11.214.144    34304 Bytes  07.03.2015 16:46:26
XBV00065.VDF   : 8.11.214.146     2048 Bytes  07.03.2015 16:46:26
XBV00066.VDF   : 8.11.214.168    33792 Bytes  07.03.2015 16:46:26
XBV00067.VDF   : 8.11.214.188    71168 Bytes  08.03.2015 16:52:17
XBV00068.VDF   : 8.11.214.190     2048 Bytes  08.03.2015 16:52:17
XBV00069.VDF   : 8.11.214.192     2048 Bytes  08.03.2015 16:52:17
XBV00070.VDF   : 8.11.214.212     2048 Bytes  08.03.2015 16:52:17
XBV00071.VDF   : 8.11.214.232    28672 Bytes  08.03.2015 16:52:17
XBV00072.VDF   : 8.11.214.252    69120 Bytes  09.03.2015 13:20:19
XBV00073.VDF   : 8.11.215.14     3584 Bytes  09.03.2015 13:20:20
XBV00074.VDF   : 8.11.215.32     7168 Bytes  09.03.2015 13:20:20
XBV00075.VDF   : 8.11.215.50    12800 Bytes  09.03.2015 13:20:20
XBV00076.VDF   : 8.11.215.52     5120 Bytes  09.03.2015 13:20:20
XBV00077.VDF   : 8.11.215.70    17920 Bytes  09.03.2015 19:20:13
XBV00078.VDF   : 8.11.215.90     2048 Bytes  09.03.2015 19:20:13
XBV00079.VDF   : 8.11.215.110     2048 Bytes  09.03.2015 19:20:13
XBV00080.VDF   : 8.11.215.132    29696 Bytes  09.03.2015 08:07:24
XBV00081.VDF   : 8.11.215.134    11264 Bytes  09.03.2015 08:07:24
XBV00082.VDF   : 8.11.215.136    11264 Bytes  09.03.2015 08:07:24
XBV00083.VDF   : 8.11.215.138    12288 Bytes  10.03.2015 08:07:25
XBV00084.VDF   : 8.11.215.140    35840 Bytes  10.03.2015 08:07:25
XBV00085.VDF   : 8.11.215.158     6144 Bytes  10.03.2015 15:48:05
XBV00086.VDF   : 8.11.215.174     5632 Bytes  10.03.2015 15:48:05
XBV00087.VDF   : 8.11.215.190     8704 Bytes  10.03.2015 15:48:06
XBV00088.VDF   : 8.11.215.206    19968 Bytes  10.03.2015 15:48:06
XBV00089.VDF   : 8.11.215.222    12800 Bytes  10.03.2015 15:48:06
XBV00090.VDF   : 8.11.215.226     2048 Bytes  10.03.2015 15:48:06
XBV00091.VDF   : 8.11.215.230    14336 Bytes  10.03.2015 15:48:06
XBV00092.VDF   : 8.11.215.234    26112 Bytes  10.03.2015 21:58:58
XBV00093.VDF   : 8.11.215.236    11776 Bytes  10.03.2015 07:27:17
XBV00094.VDF   : 8.11.215.240    22016 Bytes  11.03.2015 07:27:17
XBV00095.VDF   : 8.11.215.242     2048 Bytes  11.03.2015 07:27:17
XBV00096.VDF   : 8.11.215.244     2048 Bytes  11.03.2015 07:27:17
XBV00097.VDF   : 8.11.216.4      7680 Bytes  11.03.2015 13:25:44
XBV00098.VDF   : 8.11.216.20    12800 Bytes  11.03.2015 13:25:44
XBV00099.VDF   : 8.11.216.36    19968 Bytes  11.03.2015 13:25:44
LOCAL000.VDF   : 8.11.216.36 123972096 Bytes  11.03.2015 13:26:47
Engineversion  : 8.3.30.0  
AEVDF.DLL      : 8.3.1.6       133992 Bytes  20.08.2014 17:17:20
AESCRIPT.DLL   : 8.2.2.56      554920 Bytes  13.02.2015 11:50:12
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 15:07:49
AESBX.DLL      : 8.2.20.34    1615784 Bytes  04.03.2015 12:55:59
AERDL.DLL      : 8.2.1.20      731040 Bytes  11.02.2015 16:43:07
AEPACK.DLL     : 8.4.0.62      793456 Bytes  21.02.2015 11:17:51
AEOFFICE.DLL   : 8.3.1.14      354216 Bytes  10.03.2015 15:48:05
AEMOBILE.DLL   : 8.1.7.0       281456 Bytes  10.03.2015 15:48:05
AEHEUR.DLL     : 8.1.4.1578   8137584 Bytes  06.03.2015 15:11:33
AEHELP.DLL     : 8.3.1.0       278728 Bytes  04.06.2014 10:04:41
AEGEN.DLL      : 8.1.7.40      456608 Bytes  20.12.2014 02:01:00
AEEXP.DLL      : 8.4.2.70      255904 Bytes  06.02.2015 15:05:39
AEEMU.DLL      : 8.1.3.4       399264 Bytes  07.08.2014 15:47:40
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  10.03.2015 15:48:05
AECORE.DLL     : 8.3.4.0       243624 Bytes  17.12.2014 11:58:53
AEBB.DLL       : 8.1.2.0        60448 Bytes  07.08.2014 15:47:40
AVWINLL.DLL    : 15.0.8.650     25904 Bytes  04.03.2015 12:55:53
AVPREF.DLL     : 15.0.8.650     52016 Bytes  04.03.2015 12:56:06
AVREP.DLL      : 15.0.8.650    221432 Bytes  04.03.2015 12:56:06
AVARKT.DLL     : 15.0.8.650    227120 Bytes  04.03.2015 12:56:00
AVEVTLOG.DLL   : 15.0.8.650    183600 Bytes  04.03.2015 12:56:03
SQLITE3.DLL    : 15.0.8.650    455472 Bytes  04.03.2015 12:57:07
AVSMTP.DLL     : 15.0.8.650     79096 Bytes  04.03.2015 12:56:09
NETNT.DLL      : 15.0.8.650     15152 Bytes  04.03.2015 12:57:00
RCIMAGE.DLL    : 15.0.8.650   4864816 Bytes  04.03.2015 12:55:53
RCTEXT.DLL     : 15.0.8.650     75056 Bytes  04.03.2015 12:55:53

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 12. März 2015  09:24

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'Defogger.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSPPSVC.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WINWORD.EXE' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.EXE' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wfcrun32.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'NPSAgent.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PicasaMediaDetector.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'CDASrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'concentr.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mmrtkrnl.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'TestHandler.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'rndlresolversvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'FsUsbExService.Exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5392' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <SYSTEM>
    [0] Archivtyp: RSRC
    --> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe
        [1] Archivtyp: RSRC
      --> C:\Program Files\Dropbox\DropboxProxy.exe
          [2] Archivtyp: RSRC
        --> C:\Google\picasa2.exe
            [3] Archivtyp: RSRC
          --> C:\Program Files\Dropbox\DropboxProxy.exe
              [4] Archivtyp: RSRC
            --> C:\Users\Lobinski\AppData\Local\Temp\eeda.zip
                [5] Archivtyp: ZIP
              --> readme/readme.js
                  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Lobinski\AppData\Local\Temp\eeda.zip
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3
C:\Users\Lobinski\AppData\Local\Temp\Low\700C.tmp
  [FUND]      Ist das Trojanische Pferd TR/Fareit.A.686
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Lobinski\AppData\Local\Temp\Low\700C.tmp
  [FUND]      Ist das Trojanische Pferd TR/Fareit.A.686
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5637d5d9.qua' verschoben!
C:\Users\Lobinski\AppData\Local\Temp\eeda.zip
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ef4fa33.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 12. März 2015  12:20
Benötigte Zeit:  2:55:35 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  30000 Verzeichnisse wurden überprüft
 670499 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 670496 Dateien ohne Befall
   7721 Archive wurden durchsucht
      1 Warnungen
      2 Hinweise
 835342 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Mit allerbesten Grüßen und vielen Dank im Voraus schonmal,
Lobinski

Alt 13.03.2015, 16:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 13.03.2015, 17:37   #3
Lobinski
 
Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



HI.
Danke für die fixe Antwort.
Malewarebytes sagt: Nichts gefunden, kein cleanup notwendig.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.13.06
  rootkit: v2015.02.25.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18999
Lobinski :: LOBENHOFER-PC [administrator]

13.03.2015 16:19:38
mbar-log-2015-03-13 (16-19-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 382163
Time elapsed: 36 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Ich mach jetzt troztdem die TDSSKiller-Geschichte.

Dank und Gruß,
Lobinski

TDSS hat was gefunden:

Code:
ATTFilter
17:22:59.0503 0x0b7c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:23:57.0938 0x0b7c  ============================================================
17:23:57.0938 0x0b7c  Current date / time: 2015/03/13 17:23:57.0938
17:23:57.0938 0x0b7c  SystemInfo:
17:23:57.0939 0x0b7c  
17:23:57.0939 0x0b7c  OS Version: 6.0.6002 ServicePack: 2.0
17:23:57.0939 0x0b7c  Product type: Workstation
17:23:57.0939 0x0b7c  ComputerName: LOBENHOFER-PC
17:23:57.0939 0x0b7c  UserName: Lobinski
17:23:57.0939 0x0b7c  Windows directory: C:\Windows
17:23:57.0939 0x0b7c  System windows directory: C:\Windows
17:23:57.0940 0x0b7c  Processor architecture: Intel x86
17:23:57.0940 0x0b7c  Number of processors: 2
17:23:57.0940 0x0b7c  Page size: 0x1000
17:23:57.0940 0x0b7c  Boot type: Normal boot
17:23:57.0940 0x0b7c  ============================================================
17:23:58.0155 0x0b7c  KLMD registered as C:\Windows\system32\drivers\89009045.sys
17:23:59.0271 0x0b7c  System UUID: {D2040489-81E1-074D-DAE4-08AD24F4D91E}
17:24:01.0331 0x0b7c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:24:01.0334 0x0b7c  ============================================================
17:24:01.0335 0x0b7c  \Device\Harddisk0\DR0:
17:24:01.0335 0x0b7c  MBR partitions:
17:24:01.0335 0x0b7c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xB869800
17:24:01.0335 0x0b7c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC9FE000, BlocksNum 0x107C7170
17:24:01.0335 0x0b7c  ============================================================
17:24:01.0368 0x0b7c  C: <-> \Device\Harddisk0\DR0\Partition1
17:24:01.0415 0x0b7c  D: <-> \Device\Harddisk0\DR0\Partition2
17:24:01.0416 0x0b7c  ============================================================
17:24:01.0417 0x0b7c  Initialize success
17:24:01.0417 0x0b7c  ============================================================
17:25:04.0893 0x05a0  ============================================================
17:25:04.0893 0x05a0  Scan started
17:25:04.0893 0x05a0  Mode: Manual; SigCheck; TDLFS; 
17:25:04.0893 0x05a0  ============================================================
17:25:04.0893 0x05a0  KSN ping started
17:25:18.0387 0x05a0  KSN ping finished: true
17:25:19.0120 0x05a0  ================ Scan system memory ========================
17:25:19.0120 0x05a0  System memory - ok
17:25:19.0120 0x05a0  ================ Scan services =============================
17:25:19.0401 0x05a0  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:25:19.0651 0x05a0  ACPI - ok
17:25:19.0807 0x05a0  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:19.0838 0x05a0  AdobeARMservice - ok
17:25:19.0947 0x05a0  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:25:19.0994 0x05a0  AdobeFlashPlayerUpdateSvc - ok
17:25:20.0087 0x05a0  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:25:20.0150 0x05a0  adp94xx - ok
17:25:20.0212 0x05a0  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:25:20.0259 0x05a0  adpahci - ok
17:25:20.0290 0x05a0  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:25:20.0321 0x05a0  adpu160m - ok
17:25:20.0353 0x05a0  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:25:20.0384 0x05a0  adpu320 - ok
17:25:20.0431 0x05a0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:25:20.0587 0x05a0  AeLookupSvc - ok
17:25:20.0649 0x05a0  [ A201207363AA900ABF1A388468688570, C772D8546BBA93553AFCD553B7CF50C252B1F8B45A4A415014B48308F1D7ECD6 ] AFD             C:\Windows\system32\drivers\afd.sys
17:25:20.0743 0x05a0  AFD - ok
17:25:20.0789 0x05a0  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:25:20.0821 0x05a0  agp440 - ok
17:25:20.0867 0x05a0  [ 0DEE2B628D4C6E23285BB91EFFDABFDE, 58F14336AA1642D97D4EA540166FDCFA7B9125062E4350F0DD51D235E395ED00 ] ahcix86s        C:\Windows\system32\drivers\ahcix86s.sys
17:25:20.0961 0x05a0  ahcix86s - ok
17:25:20.0992 0x05a0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:25:21.0023 0x05a0  aic78xx - ok
17:25:21.0055 0x05a0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
17:25:21.0242 0x05a0  ALG - ok
17:25:21.0273 0x05a0  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
17:25:21.0304 0x05a0  aliide - ok
17:25:21.0335 0x05a0  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:25:21.0367 0x05a0  amdagp - ok
17:25:21.0382 0x05a0  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
17:25:21.0413 0x05a0  amdide - ok
17:25:21.0429 0x05a0  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:25:21.0523 0x05a0  AmdK7 - ok
17:25:21.0554 0x05a0  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:25:21.0632 0x05a0  AmdK8 - ok
17:25:21.0741 0x05a0  [ 963F57EDF1A5C72AC66173F3B7CB329B, 0934361B0A55F4C082D70F264FAB5D36BAC482C135275AE552D442E64B3D5C1D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:25:21.0788 0x05a0  AntiVirSchedulerService - ok
17:25:21.0850 0x05a0  [ 963F57EDF1A5C72AC66173F3B7CB329B, 0934361B0A55F4C082D70F264FAB5D36BAC482C135275AE552D442E64B3D5C1D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:25:21.0897 0x05a0  AntiVirService - ok
17:25:21.0959 0x05a0  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
17:25:22.0022 0x05a0  Appinfo - ok
17:25:22.0115 0x05a0  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:25:22.0147 0x05a0  Apple Mobile Device - ok
17:25:22.0178 0x05a0  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
17:25:22.0209 0x05a0  arc - ok
17:25:22.0240 0x05a0  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:25:22.0271 0x05a0  arcsas - ok
17:25:22.0396 0x05a0  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:25:22.0443 0x05a0  aspnet_state - ok
17:25:22.0474 0x05a0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:22.0552 0x05a0  AsyncMac - ok
17:25:22.0583 0x05a0  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
17:25:22.0615 0x05a0  atapi - ok
17:25:22.0708 0x05a0  [ B0C272DEF210B149C0BFA0D85600CE4B, 4DA24682D546585720A96019C6B9345EF35445082B28C4E2DAF9EF93FADD39A8 ] athr            C:\Windows\system32\DRIVERS\athr.sys
17:25:22.0880 0x05a0  athr - ok
17:25:22.0973 0x05a0  [ ADFD93663D3BAE4FADC19AD1AE519EE4, D8BA567E9BD2380B4CDC5C17D0DF062781A32BA77C92A8E1BEEE5D88217126BC ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:25:23.0145 0x05a0  Ati External Event Utility - ok
17:25:23.0426 0x05a0  [ 389A2668E0C0C6698A6B565632C7F43A, 2D96408B619FE179FAC0555F02B8C65AD40DF26BD75B802BFBE20AD74619C232 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:25:23.0816 0x05a0  atikmdag - ok
17:25:23.0909 0x05a0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:25:24.0065 0x05a0  AudioEndpointBuilder - ok
17:25:24.0097 0x05a0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:25:24.0268 0x05a0  Audiosrv - ok
17:25:24.0331 0x05a0  [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:25:24.0377 0x05a0  avgntflt - ok
17:25:24.0455 0x05a0  [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:25:24.0487 0x05a0  avipbb - ok
17:25:24.0565 0x05a0  [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
17:25:24.0596 0x05a0  Avira.OE.ServiceHost - ok
17:25:24.0627 0x05a0  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:25:24.0643 0x05a0  avkmgr - ok
17:25:24.0689 0x05a0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:25:24.0799 0x05a0  Beep - ok
17:25:24.0877 0x05a0  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
17:25:25.0001 0x05a0  BFE - ok
17:25:25.0157 0x05a0  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
17:25:25.0329 0x05a0  BITS - ok
17:25:25.0376 0x05a0  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:25:25.0438 0x05a0  blbdrive - ok
17:25:25.0547 0x05a0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:25:25.0594 0x05a0  Bonjour Service - ok
17:25:25.0641 0x05a0  [ 74B442B2BE1260B7588C136177CEAC66, CB489B0BDA6833297707499B3B3A166D1CF4CF4C1D734F0222D696B06C680E87 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:25:25.0719 0x05a0  bowser - ok
17:25:25.0766 0x05a0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:25:25.0828 0x05a0  BrFiltLo - ok
17:25:25.0875 0x05a0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:25:25.0953 0x05a0  BrFiltUp - ok
17:25:26.0015 0x05a0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
17:25:26.0109 0x05a0  Browser - ok
17:25:26.0156 0x05a0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:25:26.0901 0x05a0  Brserid - ok
17:25:26.0932 0x05a0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:25:27.0072 0x05a0  BrSerWdm - ok
17:25:27.0103 0x05a0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:25:27.0275 0x05a0  BrUsbMdm - ok
17:25:27.0306 0x05a0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:25:27.0478 0x05a0  BrUsbSer - ok
17:25:27.0540 0x05a0  [ 6D39C954799B63BA866910234CF7D726, 1D807C3410C01C76E5810D626F23C1CCED3C9C5A65F39267B770C494C8D64114 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
17:25:27.0634 0x05a0  BthEnum - ok
17:25:27.0743 0x05a0  [ 9A966A8E86D1771911AE34A20D11BFF3, FBD5F621A47A3530B325816E71F0C4BCE5CCE731C57DEBD42ACFC8BCAA258656 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:25:27.0868 0x05a0  BTHMODEM - ok
17:25:27.0946 0x05a0  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:25:28.0180 0x05a0  BthPan - ok
17:25:28.0258 0x05a0  [ 5A3ABAA2F8EECE7AEFB942773766E3DB, E10A284B8587EC3B033DDBEAAB9CF0FCC698088BEF4F3B1E6DFCBCD177AF126B ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:25:28.0367 0x05a0  BTHPORT - ok
17:25:28.0461 0x05a0  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
17:25:28.0507 0x05a0  BthServ - ok
17:25:28.0539 0x05a0  [ 94E2941280E3756A5E0BCB467865C43A, 5A7B30F69D645881717BD78066E62337EB4A081F54E6B5898662C4BEBF59925F ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:25:28.0617 0x05a0  BTHUSB - ok
17:25:28.0663 0x05a0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:25:28.0804 0x05a0  cdfs - ok
17:25:28.0975 0x05a0  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:25:29.0100 0x05a0  cdrom - ok
17:25:29.0178 0x05a0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
17:25:29.0287 0x05a0  CertPropSvc - ok
17:25:29.0334 0x05a0  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:25:29.0428 0x05a0  circlass - ok
17:25:29.0490 0x05a0  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
17:25:29.0553 0x05a0  CLFS - ok
17:25:29.0584 0x05a0  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:29.0615 0x05a0  clr_optimization_v2.0.50727_32 - ok
17:25:29.0662 0x05a0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:25:29.0709 0x05a0  clr_optimization_v4.0.30319_32 - ok
17:25:29.0755 0x05a0  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:25:29.0833 0x05a0  CmBatt - ok
17:25:29.0865 0x05a0  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:25:29.0896 0x05a0  cmdide - ok
17:25:29.0927 0x05a0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:25:29.0943 0x05a0  Compbatt - ok
17:25:29.0958 0x05a0  COMSysApp - ok
17:25:29.0974 0x05a0  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:25:29.0989 0x05a0  crcdisk - ok
17:25:30.0021 0x05a0  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:25:30.0114 0x05a0  Crusoe - ok
17:25:30.0177 0x05a0  [ FB27772BEAF8E1D28CCD825C09DA939B, D074A314FB3E6B2248F2DB0A734B98A110F618804449E055B4178BF414826982 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:25:30.0270 0x05a0  CryptSvc - ok
17:25:30.0317 0x05a0  [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
17:25:30.0348 0x05a0  ctxusbm - ok
17:25:30.0442 0x05a0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:25:30.0598 0x05a0  DcomLaunch - ok
17:25:30.0645 0x05a0  [ 218D8AE46C88E82014F5D73D0236D9B2, D404EE45EFC2557182DDD9C1B7244C10FC5AD3080A57CDFBF2C9D3B890F78852 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:25:30.0707 0x05a0  DfsC - ok
17:25:30.0910 0x05a0  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
17:25:31.0378 0x05a0  DFSR - ok
17:25:31.0456 0x05a0  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:25:31.0565 0x05a0  Dhcp - ok
17:25:31.0627 0x05a0  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
17:25:31.0674 0x05a0  disk - ok
17:25:31.0752 0x05a0  [ 30A08728740E71947AE1E073B5CE69B4, 6F313F09E17885A84F546E11215B4B451AAA0FFDF2E7A13211F862FAD18F5C8E ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:25:31.0877 0x05a0  Dnscache - ok
17:25:31.0986 0x05a0  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
17:25:32.0064 0x05a0  dot3svc - ok
17:25:32.0111 0x05a0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
17:25:32.0298 0x05a0  DPS - ok
17:25:32.0376 0x05a0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:25:32.0485 0x05a0  drmkaud - ok
17:25:32.0626 0x05a0  [ 5C7E2097B91D689DED7A6FF90F0F3A25, D2F60DC99F292AAD54FB6F15B70BAC1F16030214260D25DA8C50B4E8DBD3DBAC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:25:32.0751 0x05a0  DXGKrnl - ok
17:25:32.0782 0x05a0  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:25:32.0860 0x05a0  E1G60 - ok
17:25:32.0891 0x05a0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
17:25:32.0953 0x05a0  EapHost - ok
17:25:33.0016 0x05a0  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:25:33.0047 0x05a0  Ecache - ok
17:25:33.0109 0x05a0  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:25:33.0172 0x05a0  ehRecvr - ok
17:25:33.0203 0x05a0  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
17:25:33.0265 0x05a0  ehSched - ok
17:25:33.0297 0x05a0  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
17:25:33.0328 0x05a0  ehstart - ok
17:25:33.0390 0x05a0  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:25:33.0437 0x05a0  elxstor - ok
17:25:33.0531 0x05a0  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:25:33.0671 0x05a0  EMDMgmt - ok
17:25:33.0702 0x05a0  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:25:33.0780 0x05a0  ErrDev - ok
17:25:33.0843 0x05a0  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
17:25:33.0936 0x05a0  EventSystem - ok
17:25:33.0999 0x05a0  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:25:34.0077 0x05a0  exfat - ok
17:25:34.0108 0x05a0  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:25:34.0186 0x05a0  fastfat - ok
17:25:34.0233 0x05a0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:25:34.0295 0x05a0  fdc - ok
17:25:34.0326 0x05a0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
17:25:34.0404 0x05a0  fdPHost - ok
17:25:34.0420 0x05a0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:25:34.0560 0x05a0  FDResPub - ok
17:25:34.0591 0x05a0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:25:34.0623 0x05a0  FileInfo - ok
17:25:34.0654 0x05a0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:25:34.0732 0x05a0  Filetrace - ok
17:25:34.0763 0x05a0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:25:34.0841 0x05a0  flpydisk - ok
17:25:34.0872 0x05a0  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:25:34.0919 0x05a0  FltMgr - ok
17:25:35.0092 0x05a0  [ D49705F25390265CAD9B620F55EA968C, 91E1E943C115E9EDAB4AA4123997EA9E8116CB08F883B589595CB64267A2C786 ] FontCache       C:\Windows\system32\FntCache.dll
17:25:35.0232 0x05a0  FontCache - ok
17:25:35.0294 0x05a0  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:25:35.0326 0x05a0  FontCache3.0.0.0 - ok
17:25:35.0357 0x05a0  [ CBE5F69A5E5B918225F420BA748F3742, 930C81195346239A7843CAE140896698675E8025BF32C3E71D2BDDA53FAB0264 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
17:25:35.0388 0x05a0  FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
17:25:37.0900 0x05a0  Detect skipped due to KSN trusted
17:25:37.0900 0x05a0  FsUsbExDisk - ok
17:25:38.0009 0x05a0  [ 96633419F4A1E37ACB89B45EBCCFE001, 53DC59D8EB89F380BC2DBB009EDFFD66552D68B8606187A75FEF64707267E4F9 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
17:25:38.0040 0x05a0  FsUsbExService - ok
17:25:38.0071 0x05a0  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:25:38.0134 0x05a0  Fs_Rec - ok
17:25:38.0165 0x05a0  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:25:38.0196 0x05a0  gagp30kx - ok
17:25:38.0243 0x05a0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:25:38.0258 0x05a0  GEARAspiWDM - ok
17:25:38.0336 0x05a0  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
17:25:38.0477 0x05a0  gpsvc - ok
17:25:38.0524 0x05a0  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:25:38.0555 0x05a0  gusvc - ok
17:25:38.0617 0x05a0  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:25:38.0742 0x05a0  HdAudAddService - ok
17:25:38.0929 0x05a0  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:25:39.0116 0x05a0  HDAudBus - ok
17:25:39.0163 0x05a0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:25:39.0304 0x05a0  HidBth - ok
17:25:39.0335 0x05a0  [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:25:39.0444 0x05a0  HidIr - ok
17:25:39.0506 0x05a0  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
17:25:39.0600 0x05a0  hidserv - ok
17:25:39.0647 0x05a0  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:25:39.0772 0x05a0  HidUsb - ok
17:25:39.0803 0x05a0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:25:39.0881 0x05a0  hkmsvc - ok
17:25:39.0896 0x05a0  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:25:39.0928 0x05a0  HpCISSs - ok
17:25:39.0990 0x05a0  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:25:40.0099 0x05a0  HTTP - ok
17:25:40.0162 0x05a0  [ 1720966D9C7EA5E2D78B6DB92D2F9171, B43521949F0557C9DC1DEC23A4A31D293FFBE721A937C90A2BCF6FCD1A216ADE ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:25:40.0224 0x05a0  hwdatacard - ok
17:25:40.0271 0x05a0  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:25:40.0286 0x05a0  i2omp - ok
17:25:40.0349 0x05a0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:25:40.0411 0x05a0  i8042prt - ok
17:25:40.0474 0x05a0  [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iaStor          C:\Windows\system32\drivers\iastor.sys
17:25:40.0520 0x05a0  iaStor - ok
17:25:40.0552 0x05a0  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:25:40.0598 0x05a0  iaStorV - ok
17:25:40.0645 0x05a0  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:25:40.0676 0x05a0  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
17:25:43.0204 0x05a0  Detect skipped due to KSN trusted
17:25:43.0204 0x05a0  IDriverT - ok
17:25:43.0375 0x05a0  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:25:43.0625 0x05a0  idsvc - ok
17:25:43.0672 0x05a0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:25:43.0750 0x05a0  iirsp - ok
17:25:43.0828 0x05a0  [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:25:44.0015 0x05a0  IKEEXT - ok
17:25:44.0296 0x05a0  [ 4FA59A84069D9D0991BAE34CC4AFF99C, 1EF0E074F435420A7861D61029D4845FE94DCA02E104023F070FEFA078FAA617 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:25:44.0701 0x05a0  IntcAzAudAddService - ok
17:25:44.0779 0x05a0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
17:25:44.0795 0x05a0  intelide - ok
17:25:44.0857 0x05a0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:25:44.0951 0x05a0  intelppm - ok
17:25:45.0013 0x05a0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:25:45.0145 0x05a0  IPBusEnum - ok
17:25:45.0192 0x05a0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:25:45.0270 0x05a0  IpFilterDriver - ok
17:25:45.0317 0x05a0  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:25:45.0411 0x05a0  iphlpsvc - ok
17:25:45.0426 0x05a0  IpInIp - ok
17:25:45.0457 0x05a0  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:25:45.0582 0x05a0  IPMIDRV - ok
17:25:45.0676 0x05a0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:25:45.0832 0x05a0  IPNAT - ok
17:25:46.0003 0x05a0  [ 81E0DEA3F8F8ED30990A336F42CBA47F, 499B7EF97B9F1615D0C5C8D853CFBF742E631B70B157766EF57849EFE78DE375 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:25:46.0066 0x05a0  iPod Service - ok
17:25:46.0097 0x05a0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:25:46.0175 0x05a0  IRENUM - ok
17:25:46.0237 0x05a0  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:25:46.0269 0x05a0  isapnp - ok
17:25:46.0331 0x05a0  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:25:46.0378 0x05a0  iScsiPrt - ok
17:25:46.0393 0x05a0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:25:46.0425 0x05a0  iteatapi - ok
17:25:46.0471 0x05a0  [ E4B04A0D8B237ECF026D849439F1BCCE, 9ED1958C66E8045FD746344CA4AF46BFE7FC77006BF5E8B9EA5C22504F3DA9AC ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
17:25:46.0534 0x05a0  itecir - ok
17:25:46.0565 0x05a0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:25:46.0596 0x05a0  iteraid - ok
17:25:46.0627 0x05a0  [ C36F3A1A4E8416EF43F30DEAB7701730, 26A151FE87E1AFD18F7A88553E41E27DD3087721974C2B44621629D9029C4D29 ] JRAID           C:\Windows\system32\drivers\jraid.sys
17:25:46.0799 0x05a0  JRAID - ok
17:25:46.0846 0x05a0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:25:46.0877 0x05a0  kbdclass - ok
17:25:46.0924 0x05a0  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:25:47.0033 0x05a0  kbdhid - ok
17:25:47.0080 0x05a0  [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] KeyIso          C:\Windows\system32\lsass.exe
17:25:47.0173 0x05a0  KeyIso - ok
17:25:47.0251 0x05a0  [ 86165728AF9BF72D6442A894FDFB4F8B, 97A95C1856C761C93F43B177995749E45FA066C7FF6E93E6C3F34C1593ED2FB7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:25:47.0329 0x05a0  KSecDD - ok
17:25:47.0610 0x05a0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:25:47.0735 0x05a0  KtmRm - ok
17:25:47.0782 0x05a0  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:25:47.0860 0x05a0  LanmanServer - ok
17:25:47.0891 0x05a0  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:25:47.0969 0x05a0  LanmanWorkstation - ok
17:25:48.0016 0x05a0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:25:48.0094 0x05a0  lltdio - ok
17:25:48.0172 0x05a0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:25:48.0265 0x05a0  lltdsvc - ok
17:25:48.0297 0x05a0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:25:48.0421 0x05a0  lmhosts - ok
17:25:48.0468 0x05a0  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:25:48.0499 0x05a0  LSI_FC - ok
17:25:48.0515 0x05a0  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:25:48.0546 0x05a0  LSI_SAS - ok
17:25:48.0577 0x05a0  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:25:48.0609 0x05a0  LSI_SCSI - ok
17:25:48.0640 0x05a0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:25:48.0702 0x05a0  luafv - ok
17:25:48.0733 0x05a0  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:25:48.0780 0x05a0  Mcx2Svc - ok
17:25:48.0811 0x05a0  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
17:25:48.0843 0x05a0  megasas - ok
17:25:48.0889 0x05a0  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:25:48.0952 0x05a0  MegaSR - ok
17:25:49.0061 0x05a0  Microsoft SharePoint Workspace Audit Service - ok
17:25:49.0092 0x05a0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
17:25:49.0170 0x05a0  MMCSS - ok
17:25:49.0186 0x05a0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
17:25:49.0279 0x05a0  Modem - ok
17:25:49.0311 0x05a0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:25:49.0373 0x05a0  monitor - ok
17:25:49.0404 0x05a0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:25:49.0420 0x05a0  mouclass - ok
17:25:49.0435 0x05a0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:25:49.0529 0x05a0  mouhid - ok
17:25:49.0560 0x05a0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:25:49.0591 0x05a0  MountMgr - ok
17:25:49.0669 0x05a0  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:25:49.0716 0x05a0  MozillaMaintenance - ok
17:25:49.0747 0x05a0  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:25:49.0779 0x05a0  mpio - ok
17:25:49.0810 0x05a0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:25:49.0888 0x05a0  mpsdrv - ok
17:25:49.0950 0x05a0  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:25:50.0059 0x05a0  MpsSvc - ok
17:25:50.0106 0x05a0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:25:50.0137 0x05a0  Mraid35x - ok
17:25:50.0184 0x05a0  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:25:50.0231 0x05a0  MRxDAV - ok
17:25:50.0293 0x05a0  [ 454341E652BDF5E01B0F2140232B073E, EC1DCF18FB95F253D40DC3DFD135F7FFFE6FB558B2A0182C6CD2DDB279AC9991 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:25:50.0371 0x05a0  mrxsmb - ok
17:25:50.0418 0x05a0  [ 2A4901AFF069944FA945ED5BBF4DCDE3, 6577BAFC739484BB21805D2C66A2DE048E2E22BBD27EA065813F5D939229492E ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:25:50.0481 0x05a0  mrxsmb10 - ok
17:25:50.0527 0x05a0  [ 28B3F1AB44BDD4432C041581412F17D9, 61F8AFABB1BCDF1B9FB5A64F21F896B6B34BB26582DABB9889F92D3863CB89EE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:25:50.0559 0x05a0  mrxsmb20 - ok
17:25:50.0605 0x05a0  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:25:50.0621 0x05a0  msahci - ok
17:25:50.0652 0x05a0  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:25:50.0683 0x05a0  msdsm - ok
17:25:50.0715 0x05a0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
17:25:50.0808 0x05a0  MSDTC - ok
17:25:50.0839 0x05a0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:25:50.0917 0x05a0  Msfs - ok
17:25:50.0964 0x05a0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:25:50.0980 0x05a0  msisadrv - ok
17:25:51.0027 0x05a0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:25:51.0120 0x05a0  MSiSCSI - ok
17:25:51.0120 0x05a0  msiserver - ok
17:25:51.0167 0x05a0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:25:51.0229 0x05a0  MSKSSRV - ok
17:25:51.0276 0x05a0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:25:51.0354 0x05a0  MSPCLOCK - ok
17:25:51.0370 0x05a0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:25:51.0448 0x05a0  MSPQM - ok
17:25:51.0495 0x05a0  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:25:51.0526 0x05a0  MsRPC - ok
17:25:51.0541 0x05a0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:25:51.0573 0x05a0  mssmbios - ok
17:25:51.0604 0x05a0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:25:51.0682 0x05a0  MSTEE - ok
17:25:51.0713 0x05a0  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:25:51.0744 0x05a0  Mup - ok
17:25:51.0791 0x05a0  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
17:25:51.0885 0x05a0  napagent - ok
17:25:51.0963 0x05a0  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:25:52.0009 0x05a0  NativeWifiP - ok
17:25:52.0087 0x05a0  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:25:52.0150 0x05a0  NDIS - ok
17:25:52.0197 0x05a0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:25:52.0259 0x05a0  NdisTapi - ok
17:25:52.0290 0x05a0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:25:52.0353 0x05a0  Ndisuio - ok
17:25:52.0384 0x05a0  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:25:52.0446 0x05a0  NdisWan - ok
17:25:52.0477 0x05a0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:25:52.0540 0x05a0  NDProxy - ok
17:25:52.0774 0x05a0  [ B044BB341E164DA6750A9B8E6A5FF6A1, 5E5CB4713BA20971CD09D176CBBE8857EB21A032CAC02A9042E88E5DD15B44D3 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:25:52.0883 0x05a0  Nero BackItUp Scheduler 3 - ok
17:25:52.0914 0x05a0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:25:53.0008 0x05a0  NetBIOS - ok
17:25:53.0055 0x05a0  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:25:53.0133 0x05a0  netbt - ok
17:25:53.0164 0x05a0  [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] Netlogon        C:\Windows\system32\lsass.exe
17:25:53.0195 0x05a0  Netlogon - ok
17:25:53.0257 0x05a0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
17:25:53.0367 0x05a0  Netman - ok
17:25:53.0445 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:25:53.0491 0x05a0  NetMsmqActivator - ok
17:25:53.0523 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:25:53.0554 0x05a0  NetPipeActivator - ok
17:25:53.0601 0x05a0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
17:25:53.0694 0x05a0  netprofm - ok
17:25:53.0741 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:25:53.0772 0x05a0  NetTcpActivator - ok
17:25:53.0788 0x05a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:25:53.0819 0x05a0  NetTcpPortSharing - ok
17:25:53.0850 0x05a0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:25:53.0881 0x05a0  nfrd960 - ok
17:25:53.0913 0x05a0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:25:53.0991 0x05a0  NlaSvc - ok
17:25:54.0100 0x05a0  [ EBA1B4BF2E2375ABDADEDB649F283541, 8B27AE794678C55791F95F34E67E12BAD5BE753F812C49D6511BB657CF453B52 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:25:54.0178 0x05a0  NMIndexingService - ok
17:25:54.0225 0x05a0  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:25:54.0303 0x05a0  Npfs - ok
17:25:54.0334 0x05a0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
17:25:54.0427 0x05a0  nsi - ok
17:25:54.0443 0x05a0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:25:54.0537 0x05a0  nsiproxy - ok
17:25:54.0661 0x05a0  [ 6A4A98CEE84CF9E99564510DDA4BAA47, 18C3D8C0F12761D3B7FC43D9413CF4C4CEBF8CA9BEC521381F40D241B35EA779 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:25:54.0786 0x05a0  Ntfs - ok
17:25:54.0833 0x05a0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:25:54.0958 0x05a0  ntrigdigi - ok
17:25:54.0973 0x05a0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
17:25:55.0051 0x05a0  Null - ok
17:25:55.0083 0x05a0  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:25:55.0114 0x05a0  nvraid - ok
17:25:55.0145 0x05a0  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:25:55.0176 0x05a0  nvstor - ok
17:25:55.0207 0x05a0  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:25:55.0239 0x05a0  nv_agp - ok
17:25:55.0239 0x05a0  NwlnkFlt - ok
17:25:55.0254 0x05a0  NwlnkFwd - ok
17:25:55.0285 0x05a0  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:25:55.0426 0x05a0  ohci1394 - ok
17:25:55.0519 0x05a0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:55.0551 0x05a0  ose - ok
17:25:55.0956 0x05a0  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:25:56.0643 0x05a0  osppsvc - ok
17:25:56.0767 0x05a0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:25:56.0861 0x05a0  p2pimsvc - ok
17:25:56.0939 0x05a0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:25:57.0017 0x05a0  p2psvc - ok
17:25:57.0079 0x05a0  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
17:25:57.0189 0x05a0  Parport - ok
17:25:57.0298 0x05a0  [ 57389FA59A36D96B3EB09D0CB91E9CDC, 05A3E2B155789990517CCFDC57FC3D1E9A596E4F31D86350B8BF0C043DE5EE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:25:57.0329 0x05a0  partmgr - ok
17:25:57.0345 0x05a0  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:25:57.0469 0x05a0  Parvdm - ok
17:25:57.0516 0x05a0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:25:57.0563 0x05a0  PcaSvc - ok
17:25:57.0610 0x05a0  [ 175CC28DCF819F78CAA3FBD44AD9E52A, C00F17040440E5C10439FF8110368A7813BD197E96338FD3703C86E399E27128 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:25:57.0657 0x05a0  pccsmcfd - ok
17:25:57.0703 0x05a0  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
17:25:57.0735 0x05a0  pci - ok
17:25:57.0766 0x05a0  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:25:57.0797 0x05a0  pciide - ok
17:25:57.0828 0x05a0  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:25:57.0859 0x05a0  pcmcia - ok
17:25:57.0953 0x05a0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:25:58.0203 0x05a0  PEAUTH - ok
17:25:58.0359 0x05a0  [ 9F2F541C52CD7A452E235E885F7D95DE, 9FFA4C13027191BE412B1F887F17427F21E75FB46A5F2D78FA65EB22D3C619FC ] Ph3xIB32        C:\Windows\system32\DRIVERS\Ph3xIB32.sys
17:25:58.0577 0x05a0  Ph3xIB32 - ok
17:25:58.0749 0x05a0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
17:25:58.0983 0x05a0  pla - ok
17:25:59.0029 0x05a0  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:25:59.0076 0x05a0  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic ( 1 )
17:26:01.0588 0x05a0  Detect skipped due to KSN trusted
17:26:01.0588 0x05a0  PLFlash DeviceIoControl Service - ok
17:26:01.0666 0x05a0  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:26:01.0759 0x05a0  PlugPlay - ok
17:26:01.0837 0x05a0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:26:01.0931 0x05a0  PNRPAutoReg - ok
17:26:02.0009 0x05a0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:26:02.0103 0x05a0  PNRPsvc - ok
17:26:02.0165 0x05a0  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:26:02.0274 0x05a0  PolicyAgent - ok
17:26:02.0321 0x05a0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:26:02.0399 0x05a0  PptpMiniport - ok
17:26:02.0446 0x05a0  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
17:26:02.0508 0x05a0  Processor - ok
17:26:02.0555 0x05a0  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
17:26:02.0617 0x05a0  ProfSvc - ok
17:26:02.0633 0x05a0  [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:02.0664 0x05a0  ProtectedStorage - ok
17:26:02.0711 0x05a0  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:26:02.0758 0x05a0  PSched - ok
17:26:02.0805 0x05a0  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
17:26:02.0820 0x05a0  PxHelp20 - ok
17:26:02.0945 0x05a0  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:26:03.0085 0x05a0  ql2300 - ok
17:26:03.0132 0x05a0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:26:03.0163 0x05a0  ql40xx - ok
17:26:03.0210 0x05a0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
17:26:03.0288 0x05a0  QWAVE - ok
17:26:03.0319 0x05a0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:26:03.0351 0x05a0  QWAVEdrv - ok
17:26:03.0429 0x05a0  [ 70DBDAB246C18B78E2200D6401D038BE, 18395D084AA9BEAF9C20736C90063CE1F862AF3A80F7752DB4FC0D1870D9996D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
17:26:03.0491 0x05a0  RapiMgr - ok
17:26:03.0538 0x05a0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:26:03.0616 0x05a0  RasAcd - ok
17:26:03.0647 0x05a0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
17:26:03.0741 0x05a0  RasAuto - ok
17:26:03.0772 0x05a0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:03.0834 0x05a0  Rasl2tp - ok
17:26:03.0897 0x05a0  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
17:26:03.0975 0x05a0  RasMan - ok
17:26:04.0021 0x05a0  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:04.0084 0x05a0  RasPppoe - ok
17:26:04.0131 0x05a0  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:26:04.0162 0x05a0  RasSstp - ok
17:26:04.0224 0x05a0  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:26:04.0287 0x05a0  rdbss - ok
17:26:04.0318 0x05a0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:04.0380 0x05a0  RDPCDD - ok
17:26:04.0427 0x05a0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:26:04.0505 0x05a0  rdpdr - ok
17:26:04.0521 0x05a0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:26:04.0583 0x05a0  RDPENCDD - ok
17:26:04.0630 0x05a0  [ 30BFBDFB7F95559EDE971F9DDB9A00BA, 1BDD3FD0ABCF5EA2C4D2618E76AC782894E5A7132700BA4C4226E1F9C7CE547B ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:26:04.0692 0x05a0  RDPWD - ok
17:26:04.0755 0x05a0  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:26:04.0770 0x05a0  RealNetworks Downloader Resolver Service - ok
17:26:04.0817 0x05a0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:26:04.0879 0x05a0  RemoteAccess - ok
17:26:04.0926 0x05a0  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:26:04.0989 0x05a0  RemoteRegistry - ok
17:26:05.0035 0x05a0  [ 6482707F9F4DA0ECBAB43B2E0398A101, 7D57FC36577121D7E26A4F2D46DCA8725D55EC9F75B91DF994DB742BC4FB89C2 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:26:05.0113 0x05a0  RFCOMM - ok
17:26:05.0191 0x05a0  [ C1C132455200AD4704142442C89D0FA4, 2A2F9484CB818DBB783552B128B5E5AFB544FA488C0EE7A60C322111F16FCD16 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:26:05.0223 0x05a0  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
17:26:07.0734 0x05a0  Detect skipped due to KSN trusted
17:26:07.0734 0x05a0  RichVideo - ok
17:26:07.0812 0x05a0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
17:26:07.0843 0x05a0  RpcLocator - ok
17:26:07.0921 0x05a0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
17:26:08.0015 0x05a0  RpcSs - ok
17:26:08.0062 0x05a0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:26:08.0124 0x05a0  rspndr - ok
17:26:08.0171 0x05a0  [ 904FD29EC1FF2709099AE2CD1C09A913, 10ED8B7B6CE499C0C9C645BFB2255590E5BD16FF1F743EE2E9046E861F9B7541 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
17:26:08.0265 0x05a0  RTL8169 - ok
17:26:08.0280 0x05a0  [ 3978F3540329E16C0AC3BCF677E5669F, 2CC9F1C9D9E33F8A0DA72490D74BED9E746FB142EDF78DE2F2A33A34B76D9868 ] SamSs           C:\Windows\system32\lsass.exe
17:26:08.0311 0x05a0  SamSs - ok
17:26:08.0343 0x05a0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:26:08.0374 0x05a0  sbp2port - ok
17:26:08.0421 0x05a0  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:26:08.0483 0x05a0  SCardSvr - ok
17:26:08.0577 0x05a0  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
17:26:08.0686 0x05a0  Schedule - ok
17:26:08.0733 0x05a0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:26:08.0795 0x05a0  SCPolicySvc - ok
17:26:08.0842 0x05a0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:26:08.0904 0x05a0  SDRSVC - ok
17:26:08.0935 0x05a0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:26:09.0045 0x05a0  secdrv - ok
17:26:09.0076 0x05a0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
17:26:09.0154 0x05a0  seclogon - ok
17:26:09.0185 0x05a0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
17:26:09.0279 0x05a0  SENS - ok
17:26:09.0310 0x05a0  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:26:09.0419 0x05a0  Serenum - ok
17:26:09.0450 0x05a0  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
17:26:09.0559 0x05a0  Serial - ok
17:26:09.0591 0x05a0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:26:09.0653 0x05a0  sermouse - ok
17:26:09.0762 0x05a0  [ 9D38320BB32230349379DF5DDBBF7FCE, 8AAA8B0B60E65F596C3276DCCD0D8146B40172B6D509B597EDFDA46AC8A72A4C ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:26:09.0840 0x05a0  ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
17:26:12.0352 0x05a0  Detect skipped due to KSN trusted
17:26:12.0352 0x05a0  ServiceLayer - ok
17:26:12.0445 0x05a0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:26:12.0523 0x05a0  SessionEnv - ok
17:26:12.0539 0x05a0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:26:12.0617 0x05a0  sffdisk - ok
17:26:12.0648 0x05a0  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:26:12.0711 0x05a0  sffp_mmc - ok
17:26:12.0726 0x05a0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:26:12.0789 0x05a0  sffp_sd - ok
17:26:12.0835 0x05a0  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:26:12.0913 0x05a0  sfloppy - ok
17:26:12.0976 0x05a0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:26:13.0054 0x05a0  SharedAccess - ok
17:26:13.0116 0x05a0  [ C818C44C201898399BF999BB6B35D4E3, 8887EDF7F9D16F5D055AA4EE3BE22AD238AF15034671F09124921B66B7890915 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:13.0210 0x05a0  ShellHWDetection - ok
17:26:13.0225 0x05a0  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:26:13.0257 0x05a0  sisagp - ok
17:26:13.0288 0x05a0  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:26:13.0303 0x05a0  SiSRaid2 - ok
17:26:13.0335 0x05a0  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:26:13.0350 0x05a0  SiSRaid4 - ok
17:26:13.0428 0x05a0  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:26:13.0475 0x05a0  SkypeUpdate - ok
17:26:13.0756 0x05a0  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
17:26:14.0302 0x05a0  slsvc - ok
17:26:14.0380 0x05a0  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:26:14.0427 0x05a0  SLUINotify - ok
17:26:14.0458 0x05a0  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:26:14.0536 0x05a0  Smb - ok
17:26:14.0661 0x05a0  [ C8A58FC905C9184FA70E37F71060C64D, 3D913E0F7B02EEAC15971DB15608912A96E4FD9BDFBF09E8F8FA4B6390A9B4DE ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
17:26:14.0879 0x05a0  smserial - ok
17:26:14.0926 0x05a0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:26:14.0973 0x05a0  SNMPTRAP - ok
17:26:15.0019 0x05a0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:26:15.0051 0x05a0  spldr - ok
17:26:15.0113 0x05a0  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
17:26:15.0175 0x05a0  Spooler - ok
17:26:15.0238 0x05a0  [ FF3CBC13DB84D81F56931BC922CC37C4, A84B42E07A213FDC3E04E1F110B65CD587B35CFBEDDE407EB31585C56B97360B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:26:15.0300 0x05a0  srv - ok
17:26:15.0394 0x05a0  [ D15959D9F69F0D39A0153E9C244F20DD, C2516A3003D50B8AB01D79E9BA058DCF891734C6448A278F3CA29AB566ECFB34 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:26:15.0441 0x05a0  srv2 - ok
17:26:15.0472 0x05a0  [ FAA0D553A49E85008C6BB3781987C574, 76CDBAF63F4099D16E051C621379A9F2D47A673FA72F30AA7A9814160F03E15C ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:26:15.0534 0x05a0  srvnet - ok
17:26:15.0581 0x05a0  [ 406776FE3C2B66796BAC1A7AFB9AC8A1, A23D71FA734A0651D32279829793C7127510DB6A0CF51DF1999AF405BC0D3662 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
17:26:15.0643 0x05a0  ssadbus - ok
17:26:15.0675 0x05a0  [ B19532D015A5D295E2AA34BB521202CF, 100AF0DDA8DD5EC6BFF6E8C728BEAA7EF7ECBBF449BC96474885BACEFAC4D871 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
17:26:15.0706 0x05a0  ssadmdfl - ok
17:26:15.0753 0x05a0  [ 2AEBF9108E6F435458B9499C27394DA4, 7FD1DD3092B64D39B9E51C1A34DDD8D0C5B8808A578C1B8C33DE17DA53597E47 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
17:26:15.0799 0x05a0  ssadmdm - ok
17:26:15.0862 0x05a0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:26:15.0940 0x05a0  SSDPSRV - ok
17:26:15.0971 0x05a0  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:26:16.0002 0x05a0  ssmdrv - ok
17:26:16.0033 0x05a0  [ EF3458337D7341A05169CEFC73709264, C9D0AE966CFA02F7B72586C2A6E2AFA9818C9F4856A4E9625B79BC5A886FC193 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
17:26:16.0065 0x05a0  SSPORT - detected UnsignedFile.Multi.Generic ( 1 )
17:26:26.0267 0x05a0  SSPORT ( UnsignedFile.Multi.Generic ) - warning
17:26:29.0730 0x05a0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:26:29.0777 0x05a0  SstpSvc - ok
17:26:29.0808 0x05a0  [ 3F0164FBC0BD1ADBD02DF9759181451A, 8BDAA0373BD16B38407F93FE5C697481D4D88C72B1931D6A7B9F80C0276242B9 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
17:26:29.0839 0x05a0  ss_bbus - ok
17:26:29.0871 0x05a0  [ B89D62206034E5FE573C80A24DD55675, 26D12E2A7CB538DDEEA7B764242E9EAE25E0A46293AE3608E6B7DD71AECBA901 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:26:29.0886 0x05a0  ss_bmdfl - ok
17:26:29.0949 0x05a0  [ 1ED0FCEA586FE2A416EE15196E5631DD, AF1EBAD7D580BF85ACD6C6287892DE4E7A679852887B9E866A032B1DDCF26183 ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:26:29.0964 0x05a0  ss_bmdm - ok
17:26:30.0042 0x05a0  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
17:26:30.0151 0x05a0  stisvc - ok
17:26:30.0183 0x05a0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:26:30.0214 0x05a0  swenum - ok
17:26:30.0261 0x05a0  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
17:26:30.0339 0x05a0  swprv - ok
17:26:30.0370 0x05a0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:26:30.0385 0x05a0  Symc8xx - ok
17:26:30.0417 0x05a0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:26:30.0448 0x05a0  Sym_hi - ok
17:26:30.0479 0x05a0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:26:30.0510 0x05a0  Sym_u3 - ok
17:26:30.0588 0x05a0  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
17:26:30.0697 0x05a0  SysMain - ok
17:26:30.0744 0x05a0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:30.0791 0x05a0  TabletInputService - ok
17:26:30.0853 0x05a0  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:26:30.0947 0x05a0  TapiSrv - ok
17:26:30.0963 0x05a0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
17:26:31.0025 0x05a0  TBS - ok
17:26:31.0134 0x05a0  [ A474879AFA4A596B3A531F3E69730DBF, 54D6810BC6A4C50D1E5F081E2499C7A409C9A0E3D03B5B12782457635BDA8A07 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:26:31.0259 0x05a0  Tcpip - ok
17:26:31.0337 0x05a0  [ A474879AFA4A596B3A531F3E69730DBF, 54D6810BC6A4C50D1E5F081E2499C7A409C9A0E3D03B5B12782457635BDA8A07 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:26:31.0431 0x05a0  Tcpip6 - ok
17:26:31.0477 0x05a0  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:26:31.0509 0x05a0  tcpipreg - ok
17:26:31.0555 0x05a0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:26:31.0618 0x05a0  TDPIPE - ok
17:26:31.0649 0x05a0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:26:31.0743 0x05a0  TDTCP - ok
17:26:31.0789 0x05a0  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:26:31.0836 0x05a0  tdx - ok
17:26:31.0883 0x05a0  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:26:31.0914 0x05a0  TermDD - ok
17:26:31.0977 0x05a0  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
17:26:32.0086 0x05a0  TermService - ok
17:26:32.0179 0x05a0  [ 0309C520AB9F1DBB4BF0F0A4D4DF01BD, 46FAAE85E027D5BCC854B366C5571C17AA74F07BFF2A87B4AA99EC59108DB709 ] TestHandler     C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
17:26:32.0257 0x05a0  TestHandler - detected UnsignedFile.Multi.Generic ( 1 )
17:26:34.0753 0x05a0  Detect skipped due to KSN trusted
17:26:34.0753 0x05a0  TestHandler - ok
17:26:34.0847 0x05a0  [ C818C44C201898399BF999BB6B35D4E3, 8887EDF7F9D16F5D055AA4EE3BE22AD238AF15034671F09124921B66B7890915 ] Themes          C:\Windows\system32\shsvcs.dll
17:26:34.0925 0x05a0  Themes - ok
17:26:34.0941 0x05a0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:26:35.0003 0x05a0  THREADORDER - ok
17:26:35.0034 0x05a0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
17:26:35.0128 0x05a0  TrkWks - ok
17:26:35.0190 0x05a0  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:35.0253 0x05a0  TrustedInstaller - ok
17:26:35.0299 0x05a0  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:35.0362 0x05a0  tssecsrv - ok
17:26:35.0409 0x05a0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:26:35.0440 0x05a0  tunmp - ok
17:26:35.0471 0x05a0  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:26:35.0518 0x05a0  tunnel - ok
17:26:35.0549 0x05a0  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:26:35.0580 0x05a0  uagp35 - ok
17:26:35.0611 0x05a0  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:26:35.0674 0x05a0  udfs - ok
17:26:35.0721 0x05a0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:26:35.0783 0x05a0  UI0Detect - ok
17:26:35.0814 0x05a0  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:26:35.0845 0x05a0  uliagpkx - ok
17:26:35.0878 0x05a0  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:26:35.0924 0x05a0  uliahci - ok
17:26:35.0940 0x05a0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:26:35.0971 0x05a0  UlSata - ok
17:26:35.0987 0x05a0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:26:36.0018 0x05a0  ulsata2 - ok
17:26:36.0049 0x05a0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:26:36.0127 0x05a0  umbus - ok
17:26:36.0174 0x05a0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
17:26:36.0299 0x05a0  upnphost - ok
17:26:36.0346 0x05a0  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:26:36.0408 0x05a0  USBAAPL - ok
17:26:36.0455 0x05a0  [ 32DB9517628FF0D070682AAB61E688F0, F9EF8D0D55DABF00E79B0EFE689C6662430B59093A6C7EACB2069DC70B1FDCC5 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:26:36.0533 0x05a0  usbaudio - ok
17:26:36.0580 0x05a0  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:36.0642 0x05a0  usbccgp - ok
17:26:36.0673 0x05a0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:26:36.0798 0x05a0  usbcir - ok
17:26:36.0845 0x05a0  [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:26:36.0892 0x05a0  usbehci - ok
17:26:36.0938 0x05a0  [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:26:37.0001 0x05a0  usbhub - ok
17:26:37.0032 0x05a0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:26:37.0157 0x05a0  usbohci - ok
17:26:37.0204 0x05a0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:26:37.0266 0x05a0  usbprint - ok
17:26:37.0297 0x05a0  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:26:37.0360 0x05a0  usbscan - ok
17:26:37.0406 0x05a0  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:37.0484 0x05a0  USBSTOR - ok
17:26:37.0500 0x05a0  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:26:37.0578 0x05a0  usbuhci - ok
17:26:37.0625 0x05a0  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:26:37.0687 0x05a0  usbvideo - ok
17:26:37.0734 0x05a0  [ 35C9095FA7076466AFBFC5B9EC4B779E, 6E4F8241020DC3353A802849AB7930C8E4271BD19CFA66EDF2F60038CC53D836 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
17:26:37.0781 0x05a0  usb_rndisx - ok
17:26:37.0828 0x05a0  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
17:26:37.0890 0x05a0  UxSms - ok
17:26:37.0952 0x05a0  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
17:26:38.0046 0x05a0  vds - ok
17:26:38.0108 0x05a0  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:38.0186 0x05a0  vga - ok
17:26:38.0218 0x05a0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:26:38.0280 0x05a0  VgaSave - ok
17:26:38.0311 0x05a0  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:26:38.0342 0x05a0  viaagp - ok
17:26:38.0358 0x05a0  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:26:38.0420 0x05a0  ViaC7 - ok
17:26:38.0452 0x05a0  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
17:26:38.0483 0x05a0  viaide - ok
17:26:38.0514 0x05a0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:26:38.0530 0x05a0  volmgr - ok
17:26:38.0592 0x05a0  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:26:38.0639 0x05a0  volmgrx - ok
17:26:38.0686 0x05a0  [ 147281C01FCB1DF9252DE2A10D5E7093, DF5DCF6FD472F21863DC10B62F7647420B9686607857D08286B618D585E50219 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:26:38.0732 0x05a0  volsnap - ok
17:26:38.0826 0x05a0  [ D6653180D162CB3144FDBC8A651CEBB1, 47E90D29C5FE7B340CFACFA6AC25CED5F21757B81039FB12A20E7CC3BED30969 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:26:38.0888 0x05a0  vpnagent - ok
17:26:38.0951 0x05a0  [ FC94804932CFC35F01B3AE510E3B4D5C, D2335386388FFEC3037189DC8C535A84BFD1D76018D8EAA5FEFB51BA09710321 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
17:26:38.0982 0x05a0  vpnva - ok
17:26:39.0013 0x05a0  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:26:39.0044 0x05a0  vsmraid - ok
17:26:39.0154 0x05a0  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
17:26:39.0341 0x05a0  VSS - ok
17:26:39.0403 0x05a0  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
17:26:39.0497 0x05a0  W32Time - ok
17:26:39.0528 0x05a0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:26:39.0637 0x05a0  WacomPen - ok
17:26:39.0668 0x05a0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:26:39.0731 0x05a0  Wanarp - ok
17:26:39.0746 0x05a0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:26:39.0793 0x05a0  Wanarpv6 - ok
17:26:39.0856 0x05a0  [ 779F9C90D3FE9C70B6FFD8EF035F3E83, 4E38026BA53139B4A10D5E8F00413FAF442A2A42FE1388FCF2155F07BE826750 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
17:26:39.0965 0x05a0  WcesComm - ok
17:26:40.0027 0x05a0  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:26:40.0121 0x05a0  wcncsvc - ok
17:26:40.0152 0x05a0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:26:40.0214 0x05a0  WcsPlugInService - ok
17:26:40.0230 0x05a0  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
17:26:40.0261 0x05a0  Wd - ok
17:26:40.0324 0x05a0  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:26:40.0370 0x05a0  Wdf01000 - ok
17:26:40.0417 0x05a0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:26:40.0495 0x05a0  WdiServiceHost - ok
17:26:40.0495 0x05a0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:26:40.0573 0x05a0  WdiSystemHost - ok
17:26:40.0636 0x05a0  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
17:26:40.0714 0x05a0  WebClient - ok
17:26:40.0745 0x05a0  [ 905214925A88311FCE52F66153DE7610, 5D18C6E835A2EA4108C93D9E6AA976142119860C8FC8ECB2DFA961A241B6E61C ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:26:40.0823 0x05a0  Wecsvc - ok
17:26:40.0854 0x05a0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:26:40.0916 0x05a0  wercplsupport - ok
17:26:40.0963 0x05a0  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:26:41.0041 0x05a0  WerSvc - ok
17:26:41.0104 0x05a0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:26:41.0166 0x05a0  WinDefend - ok
17:26:41.0197 0x05a0  WinHttpAutoProxySvc - ok
17:26:41.0275 0x05a0  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:26:41.0338 0x05a0  Winmgmt - ok
17:26:41.0431 0x05a0  [ 01874D4689C212460FBABF0ECD7CB7F7, 8FC46BAD704A1E057DC4A8DC7374AAB93A96CC4A46E06FF9C2E06A6D62820469 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:26:41.0587 0x05a0  WinRM - ok
17:26:41.0650 0x05a0  [ 676F4B665BDD8053EAA53AC1695B8074, 98521FCB6B6B33DD8BF38A703745053481681C7981DFE5A59116D6BDE187D6F6 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
17:26:41.0696 0x05a0  winusb - ok
17:26:41.0774 0x05a0  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:26:41.0852 0x05a0  Wlansvc - ok
17:26:41.0899 0x05a0  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:26:41.0946 0x05a0  WmiAcpi - ok
17:26:41.0993 0x05a0  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:26:42.0071 0x05a0  wmiApSrv - ok
17:26:42.0196 0x05a0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:26:42.0320 0x05a0  WMPNetworkSvc - ok
17:26:42.0352 0x05a0  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:26:42.0414 0x05a0  WPCSvc - ok
17:26:42.0461 0x05a0  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:26:42.0508 0x05a0  WPDBusEnum - ok
17:26:42.0570 0x05a0  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:26:42.0601 0x05a0  WpdUsb - ok
17:26:42.0710 0x05a0  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:26:42.0788 0x05a0  WPFFontCache_v0400 - ok
17:26:42.0835 0x05a0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:26:42.0898 0x05a0  ws2ifsl - ok
17:26:42.0929 0x05a0  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:26:42.0976 0x05a0  wscsvc - ok
17:26:42.0991 0x05a0  WSearch - ok
17:26:43.0163 0x05a0  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:26:43.0412 0x05a0  wuauserv - ok
17:26:43.0459 0x05a0  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:43.0522 0x05a0  WUDFRd - ok
17:26:43.0568 0x05a0  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:26:43.0646 0x05a0  wudfsvc - ok
17:26:43.0678 0x05a0  ================ Scan global ===============================
17:26:43.0709 0x05a0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
17:26:43.0756 0x05a0  [ 40864DA48A14EBC68A0D6BFD08BA21EB, EF311D4A937ADE53216949CB2E690582883C30B70BFCB89F82433CA2FBF1E24E ] C:\Windows\system32\winsrv.dll
17:26:43.0834 0x05a0  [ 40864DA48A14EBC68A0D6BFD08BA21EB, EF311D4A937ADE53216949CB2E690582883C30B70BFCB89F82433CA2FBF1E24E ] C:\Windows\system32\winsrv.dll
17:26:43.0896 0x05a0  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
17:26:43.0943 0x05a0  [ Global ] - ok
17:26:43.0943 0x05a0  ================ Scan MBR ==================================
17:26:43.0958 0x05a0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:26:44.0894 0x05a0  \Device\Harddisk0\DR0 - ok
17:26:44.0894 0x05a0  ================ Scan VBR ==================================
17:26:44.0910 0x05a0  [ 4BDDB183B6527A99DBBC2ACBD26F3C42 ] \Device\Harddisk0\DR0\Partition1
17:26:44.0957 0x05a0  \Device\Harddisk0\DR0\Partition1 - ok
17:26:44.0957 0x05a0  [ A41DC6A344CC0A291D4717433FF8CC3E ] \Device\Harddisk0\DR0\Partition2
17:26:44.0988 0x05a0  \Device\Harddisk0\DR0\Partition2 - ok
17:26:44.0988 0x05a0  ================ Scan generic autorun ======================
17:26:45.0097 0x05a0  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
17:26:45.0206 0x05a0  Windows Defender - ok
17:26:45.0300 0x05a0  [ 033FF248550305ED52ED2D2844A8A11B, 428AF0600C7658E64C851A8CA1E34208B41FA61CC048A5DC0834C3A2D49F3375 ] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
17:26:45.0316 0x05a0  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
17:26:47.0827 0x05a0  Detect skipped due to KSN trusted
17:26:47.0827 0x05a0  StartCCC - ok
17:26:48.0202 0x05a0  [ 16AE89DB056690B77252A722023D506B, A5E20E2FE5F84355266A9712E004DC08DE601D9008DD0AEE79A539950CCBE9AB ] C:\Windows\RtHDVCpl.exe
17:26:48.0841 0x05a0  RtHDVCpl - ok
17:26:48.0935 0x05a0  [ 3E5D1B90329F320A49FB993D488E9709, 79017E4FED7D0E8EAC731206E685549844723432B3C79250F8A7D46C332C97E6 ] C:\Program Files\FreePDF_XP\fpassist.exe
17:26:48.0997 0x05a0  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
17:26:51.0509 0x05a0  Detect skipped due to KSN trusted
17:26:51.0509 0x05a0  FreePDF Assistant - ok
17:26:51.0680 0x05a0  [ 91D24356B3B549075D9D96F73A463EDA, E8433B5A215B7771918586D97ADDEE278315E1000D67E9BD657CF1E789107B91 ] C:\Windows\Skytel.exe
17:26:51.0914 0x05a0  Skytel - ok
17:26:51.0961 0x05a0  [ 6022DC508D945E7D4069F148DC6FBD8E, 53439D9D3685517411D66A9F9FC732438561063252E72F9814CBA46B52D64C78 ] C:\Windows\system32\mmrtkrnl.exe
17:26:51.0992 0x05a0  Realtime Audio Engine - detected UnsignedFile.Multi.Generic ( 1 )
17:26:54.0504 0x05a0  Detect skipped due to KSN trusted
17:26:54.0504 0x05a0  Realtime Audio Engine - ok
17:26:54.0598 0x05a0  [ 13075D6EF3C74F0D6567A7ED8D755F3E, EC0E2C413D4CB368AADAACFAFF7EB394816560FF3E34B024C6E30A5F3514A602 ] C:\Program Files\Citrix\ICA Client\concentr.exe
17:26:54.0644 0x05a0  ConnectionCenter - ok
17:26:54.0691 0x05a0  [ 4AB05041D5C922B9A7A5D9059F5538CD, 554885535DB523D25DBDB43FBA9384B8E4EC9DF79B02F3B9FFDE3C498106D463 ] C:\Windows\WindowsMobile\wmdSync.exe
17:26:54.0738 0x05a0  Windows Mobile-based device management - ok
17:26:54.0832 0x05a0  [ 901AA7A38CE13F14B6BBEC38C0595698, 1E95F2048E2A1782807D52E9816ED267355718E24D01FF07ACE73D965EDE388A ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
17:26:54.0863 0x05a0  BCSSync - ok
17:26:54.0941 0x05a0  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:26:54.0956 0x05a0  APSDaemon - ok
17:26:55.0003 0x05a0  [ A31405AD6B114355DD3C62C6399E37AA, 805B556F01B1E67CB560578056CFA0295F928DECD44A3DAEC3C89A6C51ACAAC4 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
17:26:55.0081 0x05a0  CDAServer - detected UnsignedFile.Multi.Generic ( 1 )
17:26:57.0608 0x05a0  Detect skipped due to KSN trusted
17:26:57.0608 0x05a0  CDAServer - ok
17:26:57.0780 0x05a0  [ 085F30DB0B38903940A4141E675BDC08, 3ABFB79C850D2B1976DB4DEF69AA031C4E18B5E240316908DDD16DEA4050365A ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
17:26:57.0842 0x05a0  avgnt - ok
17:26:57.0936 0x05a0  [ 1B22422DC7EAA39E86820387C5AA1CB4, 365F4E690EDCF1FB86D88858456997E8433D6FDBEC384853D866EEA91F3ACE77 ] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
17:26:57.0983 0x05a0  DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
17:27:00.0494 0x05a0  Detect skipped due to KSN trusted
17:27:00.0494 0x05a0  DivXMediaServer - ok
17:27:00.0619 0x05a0  [ 81800928E0F713DF31F3393CC26F4013, 0ABCC70297C83C01BCCAF03083BE67EB7A50A28557B2F9578EDB73B382F54182 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
17:27:00.0744 0x05a0  DivXUpdate - ok
17:27:00.0838 0x05a0  [ F6158734F1E24C6C510155CF0D363911, 320900BA90AF14E254CFAFA70FB15A0E77506217E47A406FA1ED821D0206FE29 ] c:\program files\real\realplayer\Update\realsched.exe
17:27:00.0869 0x05a0  TkBellExe - ok
17:27:00.0947 0x05a0  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
17:27:01.0025 0x05a0  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
17:27:03.0552 0x05a0  Detect skipped due to KSN trusted
17:27:03.0552 0x05a0  QuickTime Task - ok
17:27:03.0614 0x05a0  [ D9FAA5EFEB27DDBE99C720B9069A451E, FD33757E2674915409E54FBDF828DB900E31B99265035B16C216B38C6DBFC15F ] C:\Program Files\iTunes\iTunesHelper.exe
17:27:03.0630 0x05a0  iTunesHelper - ok
17:27:03.0708 0x05a0  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
17:27:03.0739 0x05a0  SunJavaUpdateSched - ok
17:27:03.0833 0x05a0  [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
17:27:03.0864 0x05a0  Avira Systray - ok
17:27:04.0004 0x05a0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:27:04.0192 0x05a0  Sidebar - ok
17:27:04.0207 0x05a0  WindowsWelcomeCenter - ok
17:27:04.0316 0x05a0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:27:04.0472 0x05a0  Sidebar - ok
17:27:04.0488 0x05a0  WindowsWelcomeCenter - ok
17:27:04.0597 0x05a0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
17:27:04.0753 0x05a0  Sidebar - ok
17:27:04.0956 0x05a0  [ 03463803AE9386EB095FFFD8DD26B85B, 223BC7ECA5E50A45507FFB011C4250FAE49072C31A0466F594C0EDCAEC7C5C37 ] C:\Program Files\Picasa2\PicasaMediaDetector.exe
17:27:05.0018 0x05a0  Picasa Media Detector - ok
17:27:05.0081 0x05a0  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
17:27:05.0159 0x05a0  ehTray.exe - ok
17:27:05.0252 0x05a0  [ 1E377D64DACD4E4656C86241CE5A1233, F0AE582DBCF2525F580DA6D441B4F24BAE551CD35C0F2B19B2B0127787F2AE3A ] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
17:27:05.0284 0x05a0  AutoStartNPSAgent - ok
17:27:05.0455 0x05a0  [ E8405C87CD06FF5D69BC6F3B24D766D0, C82171BEDBFE593A04D09C2E20B0528AA3CEC722D6919F8A5C70C6EFFB9EFEAE ] C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
17:27:05.0502 0x05a0  AmazonMP3DownloaderHelper - ok
17:27:05.0674 0x05a0  [ B66E0842FCF485F3E2D41BF0BA10966F, 966B8386B2D060167E8EAAE478509013A8729FE2CF11F890D3F9DCDA90768F34 ] C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
17:27:05.0876 0x05a0  Spotify Web Helper - ok
17:27:05.0892 0x05a0  6ad - ok
17:27:05.0923 0x05a0  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
17:27:05.0970 0x05a0  WMPNSCFG - ok
17:27:06.0079 0x05a0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
17:27:06.0235 0x05a0  Sidebar - ok
17:27:06.0235 0x05a0  Waiting for KSN requests completion. In queue: 15
17:27:07.0249 0x05a0  Waiting for KSN requests completion. In queue: 15
17:27:08.0263 0x05a0  Waiting for KSN requests completion. In queue: 15
17:27:09.0386 0x05a0  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.650 ), 0x40000 ( disabled : updated )
17:27:09.0433 0x05a0  Win FW state via NFP2: enabled
17:27:11.0867 0x05a0  ============================================================
17:27:11.0867 0x05a0  Scan finished
17:27:11.0867 0x05a0  ============================================================
17:27:11.0882 0x14f8  Detected object count: 1
17:27:11.0882 0x14f8  Actual detected object count: 1
17:33:07.0158 0x14f8  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
17:33:07.0158 0x14f8  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:33:26.0205 0x09a8  Deinitialize success
         
__________________

Alt 14.03.2015, 09:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.03.2015, 13:52   #5
Lobinski
 
Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Hallo!
Combofix logfile:

Code:
ATTFilter
ComboFix 15-03-14.01 - Lobinski 14.03.2015  12:24:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1640 [GMT 1:00]
ausgeführt von:: c:\users\Lobinski\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Lobinski\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\desktop
c:\windows\system32\drivers\FSC__PI__AMILO Pi 2540__FUJITSU SIEMENS_F45      __Ver 1.00PARTTBL_FSC - 6040000_1.12C__ATI Mobility Radeon HD 2400 .MRK
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-14 bis 2015-03-14  ))))))))))))))))))))))))))))))
.
.
2015-03-14 11:41 . 2015-03-14 11:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-14 11:41 . 2015-03-14 11:41	--------	d-----w-	c:\users\Uni\AppData\Local\temp
2015-03-13 15:19 . 2015-03-13 15:19	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-13 15:18 . 2015-03-13 16:09	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-13 15:18 . 2015-03-13 15:18	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-13 15:16 . 2015-03-13 15:16	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-13 07:44 . 2015-01-29 09:49	9041640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DA6F9C8-839D-4165-B3FA-9701E7A42F26}\mpengine.dll
2015-03-12 11:28 . 2015-03-12 11:32	--------	d-----w-	C:\FRST
2015-02-25 22:09 . 2015-02-26 11:25	--------	d-----w-	c:\program files\Mozilla Thunderbird
2015-02-22 12:11 . 2015-02-22 12:11	--------	d-----w-	c:\program files\Free Codec Pack
2015-02-22 12:10 . 2015-02-22 12:15	--------	d-----w-	c:\program files\DVDVideoSoft
2015-02-22 12:10 . 2015-02-22 12:14	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2015-02-18 08:47 . 2015-02-18 08:47	17323192	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 18:34 . 2015-02-17 18:34	3209408	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE14\1031\MSOINTL.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 12:56 . 2012-12-30 15:05	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-03-04 12:56 . 2012-12-30 15:05	105864	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-02-24 02:23 . 2009-10-03 09:08	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-05 19:27 . 2012-04-10 07:14	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:27 . 2011-05-16 21:19	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2010-03-10 22:01 . 2015-03-06 12:08	124272	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-10 22:40 . 2015-03-06 12:08	13168	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-10 22:02 . 2015-03-06 12:08	70512	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-10 22:01 . 2015-03-06 12:08	91504	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-10 22:01 . 2015-03-06 12:08	22384	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-10 22:00 . 2015-03-06 12:08	255344	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-10 22:01 . 2015-03-06 12:08	31088	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-10 22:01 . 2015-03-06 12:08	40304	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 11:49 . 2015-03-06 12:08	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-10 22:02 . 2015-03-06 12:08	23920	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-02-19 18:14	297128	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6ad"="c:\users\Lobinski\AppData\Roaming\7cc7\6ad.js" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"AmazonMP3DownloaderHelper"="c:\users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
"Spotify Web Helper"="c:\users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-22 1514040]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"Realtime Audio Engine"="mmrtkrnl.exe" [2009-11-23 70144]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-04 703280]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-09-27 295512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-15 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
.
c:\users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:27]
.
2015-03-14 c:\windows\Tasks\User_Feed_Synchronization-{7DFA6C29-CEBF-46ED-9FEF-DC25F2419506}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
2015-03-14 c:\windows\Tasks\User_Feed_Synchronization-{839B324E-F799-4CCE-9BCE-16EE4649FF3E}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=14469&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.setgame.com/set/daily_puzzle
FF - ExtSQL: !HIDDEN! 2009-07-01 19:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-03-14 13:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-14  13:28:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-14 12:28
.
Vor Suchlauf: 9.027.350.528 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 10.308.403.200 Bytes frei
.
- - End Of File - - F7E9A64FB1156D41536DB5A839C7DA3B
5C616939100B85E558DA92B899A0FC36
         


Alt 14.03.2015, 18:08   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows Vista. Avira findet TR/Fareit.A.686

Alt 14.03.2015, 23:23   #7
Lobinski
 
Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



HI!

mbam:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.03.2015
Suchlauf-Zeit: 21:41:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.14.04
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Lobinski

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 395968
Verstrichene Zeit: 31 Min, 10 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 14/03/2015 um 22:44:13
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Lobinski - LOBENHOFER-PC
# Gestarted von : C:\Users\Lobinski\Downloads\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Lobinski\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\quickstores@quickstores.de
Datei Gelöscht : C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.6001.18999

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v36.0.1 (x86 de)

[ckauee51.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "quickstores%40quickstores.de:1.2.0,%7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:4.6,%7B62760FD6-B943-48C9-AB09-F99C6FE96088%7D:3.1.6,%7BB64D9B05-48E1-4CEB-BF58-E06[...]
[ckauee51.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5,{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2,{62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8,{ef4e370e-d9f0-4e00-b93e-a4f2[...]
[ckauee51.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
[ckauee51.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Lobinski\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ckauee51.default\\\\extensions\\\\abs@[...]
[ckauee51.default\prefs.js] - Zeile Gelöscht : user_pref("quickstores.toolbar.affid", "");
[ckauee51.default\prefs.js] - Zeile Gelöscht : user_pref("quickstores.toolbar.guid", "{2829F59F-1895-C0C5-FF5A-365C9DAA2B75}");
[bew12jgj.FAU-Proxy\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledItems", "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-[...]
[bew12jgj.FAU-Proxy\prefs.js] - Zeile Gelöscht : user_pref("quickstores.toolbar.affid", "2002");
[bew12jgj.FAU-Proxy\prefs.js] - Zeile Gelöscht : user_pref("quickstores.toolbar.guid", "{884B6264-A45C-7313-683A-33BD85E27F07}");
[h5zk4eaw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledItems", "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-[...]
[h5zk4eaw.default\prefs.js] - Zeile Gelöscht : user_pref("quickstores.toolbar.affid", "2002");
[h5zk4eaw.default\prefs.js] - Zeile Gelöscht : user_pref("quickstores.toolbar.guid", "{5769A236-597D-32C9-2398-C9915C72BB96}");

*************************

AdwCleaner[R0].txt - [4831 Bytes] - [14/03/2015 22:38:08]
AdwCleaner[S0].txt - [4836 Bytes] - [14/03/2015 22:44:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4895  Bytes] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Lobinski on 14.03.2015 at 22:56:25,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de"
Emptied folder: C:\Users\Lobinski\AppData\Roaming\mozilla\firefox\profiles\ckauee51.default\minidumps [317 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.03.2015 at 23:04:18,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
frisches FRST log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Lobinski (administrator) on LOBENHOFER-PC on 14-03-2015 23:11:17
Running from C:\Users\Lobinski\Downloads
Loaded Profiles: Lobinski (Available profiles: Lobinski & Uni)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(AlcaTech) C:\Windows\System32\mmrtkrnl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
() C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4431872 2007-04-10] (Realtek Semiconductor)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [357376 2008-07-22] (shbox.de)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-27] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [Spotify Web Helper] => C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-22] (Spotify Ltd)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [6ad] => C:\Users\Lobinski\AppData\Roaming\7cc7\6ad.js
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000 -> {B7AAB74F-3ED1-43CA-8BBD-008694E79CC6} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default
FF Homepage: hxxp://www.setgame.com/set/daily_puzzle
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909785519-3025136298-1131319659-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lobinski\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2909785519-3025136298-1131319659-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-03-10] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-03-10] (Citrix Systems, Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-02]
FF Extension: CoolPreviews - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(10) [2009-05-30]
FF Extension: eBay Sidebar for Firefox - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2011-05-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-22]
FF Extension: Video DownloadHelper - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: CoolPreviews - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2011-06-17]
FF Extension: Adblock Plus - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-09]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-12-23] (Samsung Electronics) [File not signed]
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 23:04 - 2015-03-14 23:04 - 00000878 _____ () C:\Users\Lobinski\Desktop\JRT.txt
2015-03-14 22:55 - 2015-03-14 22:55 - 01388333 _____ (Thisisu) C:\Users\Lobinski\Downloads\JRT.exe
2015-03-14 22:38 - 2015-03-14 22:44 - 00000000 ____D () C:\AdwCleaner
2015-03-14 22:36 - 2015-03-14 22:36 - 02171392 _____ () C:\Users\Lobinski\Downloads\AdwCleaner_4.112.exe
2015-03-14 22:34 - 2015-03-14 22:34 - 00001208 _____ () C:\Users\Lobinski\Desktop\mbam.txt
2015-03-14 21:39 - 2015-03-14 21:39 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-14 21:39 - 2015-03-14 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-14 21:39 - 2015-03-14 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-14 21:39 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-14 21:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-14 21:35 - 2015-03-14 21:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lobinski\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-14 13:28 - 2015-03-14 13:28 - 00017627 _____ () C:\ComboFix.txt
2015-03-14 12:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-14 12:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-14 12:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-14 12:19 - 2015-03-14 13:28 - 00000000 ____D () C:\Qoobox
2015-03-14 12:19 - 2015-03-14 13:24 - 00000000 ____D () C:\Windows\erdnt
2015-03-14 12:16 - 2015-03-14 12:16 - 05612848 ____R (Swearware) C:\Users\Lobinski\Desktop\ComboFix.exe
2015-03-13 17:14 - 2015-03-13 17:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lobinski\Downloads\tdsskiller.exe
2015-03-13 16:19 - 2015-03-14 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 16:18 - 2015-03-14 22:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 16:18 - 2015-03-13 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-13 16:16 - 2015-03-13 17:08 - 00000000 ____D () C:\Users\Lobinski\Desktop\mbar
2015-03-13 16:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-13 16:12 - 2015-03-13 16:12 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lobinski\Downloads\mbar-1.09.1.1004.exe
2015-03-12 21:30 - 2015-03-12 21:30 - 00002986 _____ () C:\Users\Lobinski\Downloads\GMER.log
2015-03-12 12:36 - 2015-03-12 12:36 - 00380416 _____ () C:\Users\Lobinski\Downloads\u6zvk6i3.exe
2015-03-12 12:30 - 2015-03-12 12:32 - 00033211 _____ () C:\Users\Lobinski\Downloads\Addition.txt
2015-03-12 12:28 - 2015-03-14 23:11 - 00026346 _____ () C:\Users\Lobinski\Downloads\FRST.txt
2015-03-12 12:28 - 2015-03-14 23:11 - 00000000 ____D () C:\FRST
2015-03-12 12:27 - 2015-03-12 12:27 - 01135104 _____ (Farbar) C:\Users\Lobinski\Downloads\FRST.exe
2015-03-12 09:44 - 2015-03-12 09:45 - 00000478 _____ () C:\Users\Lobinski\Downloads\defogger_disable.log
2015-03-12 09:44 - 2015-03-12 09:44 - 00000000 _____ () C:\Users\Lobinski\defogger_reenable
2015-03-12 09:42 - 2015-03-12 09:42 - 00050477 _____ () C:\Users\Lobinski\Downloads\Defogger.exe
2015-03-06 13:08 - 2015-03-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-02 00:36 - 2015-03-02 00:36 - 00000519 _____ () C:\Users\Uni\Desktop\Arbeit - Verknüpfung.lnk
2015-02-25 23:09 - 2015-02-26 12:25 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-22 13:15 - 2015-02-22 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-22 13:11 - 2015-02-22 13:11 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-02-22 13:10 - 2015-02-22 13:15 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-22 13:10 - 2015-02-22 13:14 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-22 13:07 - 2015-02-22 13:07 - 03312608 _____ (DVDVideoSoft Ltd. ) C:\Users\Lobinski\Downloads\FreeStudio.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 23:10 - 2008-09-12 17:47 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{839B324E-F799-4CCE-9BCE-16EE4649FF3E}.job
2015-03-14 23:08 - 2010-04-19 20:59 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DFA6C29-CEBF-46ED-9FEF-DC25F2419506}.job
2015-03-14 22:57 - 2008-09-12 16:15 - 01157261 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 22:50 - 2010-09-30 22:43 - 00000000 ___RD () C:\Users\Lobinski\Documents\My Dropbox
2015-03-14 22:50 - 2010-09-30 22:34 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\Dropbox
2015-03-14 22:46 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 22:46 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 22:46 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 22:45 - 2014-05-21 12:32 - 00005304 _____ () C:\Windows\PFRO.log
2015-03-14 22:44 - 2014-12-11 17:05 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-14 22:44 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 22:27 - 2013-01-11 13:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 13:28 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-14 13:28 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-14 13:21 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-13 15:51 - 2008-09-12 17:28 - 00000000 ____D () C:\Users\Lobinski
2015-03-13 15:29 - 2010-09-30 22:34 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 09:08 - 2013-08-15 09:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 09:08 - 2008-07-15 02:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 09:08 - 2006-11-02 11:23 - 00000272 _____ () C:\Windows\win.ini
2015-03-12 08:51 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-09 17:22 - 2014-08-07 16:47 - 00000680 _____ () C:\Users\Lobinski\AppData\Local\d3d9caps.dat
2015-03-08 22:09 - 2009-04-13 12:57 - 00000000 ____D () C:\ProgramData\FreePDF
2015-03-08 22:08 - 2009-04-13 13:00 - 00010126 _____ () C:\fpRedmon.log
2015-03-08 17:44 - 2012-05-08 08:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 10:42 - 2014-08-05 10:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 10:41 - 2012-12-30 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 10:41 - 2012-12-30 16:05 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 13:56 - 2012-12-30 16:05 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 13:56 - 2012-12-30 16:05 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-24 03:23 - 2009-10-03 10:08 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 13:32 - 2011-07-18 20:59 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\DVDVideoSoft
2015-02-22 13:05 - 2008-10-19 15:23 - 00000000 ____D () C:\ProgramData\eMule
2015-02-17 18:54 - 2013-10-31 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-16 23:10 - 2008-01-21 08:16 - 00006650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 13:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2008-09-12 19:28 - 2011-01-23 11:18 - 0000208 _____ () C:\Users\Lobinski\AppData\Roaming\wklnhst.dat
2014-08-07 16:47 - 2015-03-09 17:22 - 0000680 _____ () C:\Users\Lobinski\AppData\Local\d3d9caps.dat
2008-09-19 18:57 - 2012-08-05 15:40 - 0242176 _____ () C:\Users\Lobinski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-14 11:12 - 2008-09-14 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Lobinski\AppData\Local\temp\avgnt.exe
C:\Users\Lobinski\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplr7fqs.dll
C:\Users\Lobinski\AppData\Local\temp\Quarantine.exe
C:\Users\Lobinski\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-14 22:55

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Grüße,
Lobinski

Alt 15.03.2015, 13:48   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2015, 17:49   #9
Lobinski
 
Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Hallo!

Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f5ed6d739c3be4419bd9e004928b1c1c
# engine=22917
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-15 04:19:41
# local_time=2015-03-15 05:19:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 104098 263969109 0 0
# scanned=229006
# found=0
# cleaned=0
# scan_time=11662
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.97  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 8 Out of date! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 71  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (36.0.1) 
 Mozilla Thunderbird (31.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
... und FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Lobinski (administrator) on LOBENHOFER-PC on 15-03-2015 17:39:40
Running from C:\Users\Lobinski\Downloads
Loaded Profiles: Lobinski (Available profiles: Lobinski & Uni)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(AlcaTech) C:\Windows\System32\mmrtkrnl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
() C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4431872 2007-04-10] (Realtek Semiconductor)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [357376 2008-07-22] (shbox.de)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-27] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [Spotify Web Helper] => C:\Users\Lobinski\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-22] (Spotify Ltd)
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [6ad] => C:\Users\Lobinski\AppData\Roaming\7cc7\6ad.js
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [fsc-reg] => C:\ProgramData\fsc-reg\fscreg.exe [533264 2007-11-08] (Fujitsu Siemens Computers)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lobinski\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2909785519-3025136298-1131319659-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2909785519-3025136298-1131319659-1000 -> {B7AAB74F-3ED1-43CA-8BBD-008694E79CC6} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06] (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default
FF Homepage: hxxp://www.setgame.com/set/daily_puzzle
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909785519-3025136298-1131319659-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lobinski\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2909785519-3025136298-1131319659-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Lobinski\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-03-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-03-10] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-27] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-27] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-03-10] (Citrix Systems, Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-02]
FF Extension: CoolPreviews - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(10) [2009-05-30]
FF Extension: eBay Sidebar for Firefox - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2011-05-26]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-02-22]
FF Extension: Video DownloadHelper - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: CoolPreviews - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2011-06-17]
FF Extension: Adblock Plus - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Lobinski\AppData\Roaming\Mozilla\Firefox\Profiles\ckauee51.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-27]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-09]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-20] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-19] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-04-04] (Windows (R) Codename Longhorn DDK provider)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2010-12-23] (Samsung Electronics) [File not signed]
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:28 - 2015-03-15 17:28 - 00852604 _____ () C:\Users\Lobinski\Desktop\SecurityCheck.exe
2015-03-15 13:55 - 2015-03-15 13:58 - 02347384 _____ (ESET) C:\Users\Lobinski\Downloads\esetsmartinstaller_deu(1).exe
2015-03-14 23:04 - 2015-03-14 23:04 - 00000878 _____ () C:\Users\Lobinski\Desktop\JRT.txt
2015-03-14 22:55 - 2015-03-14 22:55 - 01388333 _____ (Thisisu) C:\Users\Lobinski\Downloads\JRT.exe
2015-03-14 22:38 - 2015-03-14 22:44 - 00000000 ____D () C:\AdwCleaner
2015-03-14 22:36 - 2015-03-14 22:36 - 02171392 _____ () C:\Users\Lobinski\Downloads\AdwCleaner_4.112.exe
2015-03-14 22:34 - 2015-03-14 22:34 - 00001208 _____ () C:\Users\Lobinski\Desktop\mbam.txt
2015-03-14 21:39 - 2015-03-14 21:39 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-14 21:39 - 2015-03-14 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-14 21:39 - 2015-03-14 21:39 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-14 21:39 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-14 21:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-14 21:35 - 2015-03-14 21:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lobinski\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-14 13:28 - 2015-03-14 13:28 - 00017627 _____ () C:\ComboFix.txt
2015-03-14 12:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-14 12:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-14 12:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-14 12:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-14 12:19 - 2015-03-14 13:28 - 00000000 ____D () C:\Qoobox
2015-03-14 12:19 - 2015-03-14 13:24 - 00000000 ____D () C:\Windows\erdnt
2015-03-14 12:16 - 2015-03-14 12:16 - 05612848 ____R (Swearware) C:\Users\Lobinski\Desktop\ComboFix.exe
2015-03-13 17:14 - 2015-03-13 17:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lobinski\Downloads\tdsskiller.exe
2015-03-13 16:19 - 2015-03-14 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-13 16:18 - 2015-03-15 17:36 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 16:18 - 2015-03-13 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-13 16:16 - 2015-03-13 17:08 - 00000000 ____D () C:\Users\Lobinski\Desktop\mbar
2015-03-13 16:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-13 16:12 - 2015-03-13 16:12 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lobinski\Downloads\mbar-1.09.1.1004.exe
2015-03-12 21:30 - 2015-03-12 21:30 - 00002986 _____ () C:\Users\Lobinski\Downloads\GMER.log
2015-03-12 12:36 - 2015-03-12 12:36 - 00380416 _____ () C:\Users\Lobinski\Downloads\u6zvk6i3.exe
2015-03-12 12:30 - 2015-03-12 12:32 - 00033211 _____ () C:\Users\Lobinski\Downloads\Addition.txt
2015-03-12 12:28 - 2015-03-15 17:40 - 00000000 ____D () C:\FRST
2015-03-12 12:28 - 2015-03-15 17:39 - 00027049 _____ () C:\Users\Lobinski\Downloads\FRST.txt
2015-03-12 12:27 - 2015-03-12 12:27 - 01135104 _____ (Farbar) C:\Users\Lobinski\Downloads\FRST.exe
2015-03-12 09:44 - 2015-03-12 09:45 - 00000478 _____ () C:\Users\Lobinski\Downloads\defogger_disable.log
2015-03-12 09:44 - 2015-03-12 09:44 - 00000000 _____ () C:\Users\Lobinski\defogger_reenable
2015-03-12 09:42 - 2015-03-12 09:42 - 00050477 _____ () C:\Users\Lobinski\Downloads\Defogger.exe
2015-03-06 13:08 - 2015-03-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-02 00:36 - 2015-03-02 00:36 - 00000519 _____ () C:\Users\Uni\Desktop\Arbeit - Verknüpfung.lnk
2015-02-25 23:09 - 2015-02-26 12:25 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-22 13:15 - 2015-02-22 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-22 13:11 - 2015-02-22 13:11 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-02-22 13:10 - 2015-02-22 13:15 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-22 13:10 - 2015-02-22 13:14 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-22 13:07 - 2015-02-22 13:07 - 03312608 _____ (DVDVideoSoft Ltd. ) C:\Users\Lobinski\Downloads\FreeStudio.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 17:40 - 2008-09-12 17:47 - 00000424 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{839B324E-F799-4CCE-9BCE-16EE4649FF3E}.job
2015-03-15 17:37 - 2010-04-19 20:59 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7DFA6C29-CEBF-46ED-9FEF-DC25F2419506}.job
2015-03-15 17:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 17:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 17:27 - 2013-01-11 13:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 17:24 - 2008-09-12 16:15 - 01221855 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 13:59 - 2008-01-21 08:16 - 00006650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 11:42 - 2010-09-30 22:43 - 00000000 ___RD () C:\Users\Lobinski\Documents\My Dropbox
2015-03-15 11:42 - 2010-09-30 22:34 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\Dropbox
2015-03-15 11:28 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 00:18 - 2014-12-11 17:05 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-15 00:18 - 2006-11-02 14:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 22:45 - 2014-05-21 12:32 - 00005304 _____ () C:\Windows\PFRO.log
2015-03-14 13:28 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-14 13:28 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-14 13:21 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-13 15:51 - 2008-09-12 17:28 - 00000000 ____D () C:\Users\Lobinski
2015-03-13 15:29 - 2010-09-30 22:34 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-12 09:08 - 2013-08-15 09:40 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 09:08 - 2008-07-15 02:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 09:08 - 2006-11-02 11:23 - 00000272 _____ () C:\Windows\win.ini
2015-03-12 08:51 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-09 17:22 - 2014-08-07 16:47 - 00000680 _____ () C:\Users\Lobinski\AppData\Local\d3d9caps.dat
2015-03-08 22:09 - 2009-04-13 12:57 - 00000000 ____D () C:\ProgramData\FreePDF
2015-03-08 22:08 - 2009-04-13 13:00 - 00010126 _____ () C:\fpRedmon.log
2015-03-08 17:44 - 2012-05-08 08:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 10:42 - 2014-08-05 10:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 10:41 - 2012-12-30 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 10:41 - 2012-12-30 16:05 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 13:56 - 2012-12-30 16:05 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 13:56 - 2012-12-30 16:05 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-24 03:23 - 2009-10-03 10:08 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 13:32 - 2011-07-18 20:59 - 00000000 ____D () C:\Users\Lobinski\AppData\Roaming\DVDVideoSoft
2015-02-22 13:05 - 2008-10-19 15:23 - 00000000 ____D () C:\ProgramData\eMule
2015-02-17 18:54 - 2013-10-31 09:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-13 13:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2008-09-12 19:28 - 2011-01-23 11:18 - 0000208 _____ () C:\Users\Lobinski\AppData\Roaming\wklnhst.dat
2014-08-07 16:47 - 2015-03-09 17:22 - 0000680 _____ () C:\Users\Lobinski\AppData\Local\d3d9caps.dat
2008-09-19 18:57 - 2012-08-05 15:40 - 0242176 _____ () C:\Users\Lobinski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-14 11:12 - 2008-09-14 11:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Lobinski\AppData\Local\temp\avgnt.exe
C:\Users\Lobinski\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0oc24c.dll
C:\Users\Lobinski\AppData\Local\temp\Quarantine.exe
C:\Users\Lobinski\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 11:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Am I clean now?

Beste Grüße und Dank,
Lobinski

Alt 16.03.2015, 08:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Java und Adobe updaten.



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.03.2015, 16:32   #11
Lobinski
 
Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Dann sag ich mal: Vielen Dank, Herr schrauber!

Persönliches Lob und angemessene Spende verstehen sich von selbst

Bis hoffentlich nicht allzu bald , Grüße aus Franken,

Lobinski

Alt 17.03.2015, 07:26   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista. Avira findet TR/Fareit.A.686 - Standard

Windows Vista. Avira findet TR/Fareit.A.686



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows Vista. Avira findet TR/Fareit.A.686
antivir, antivirus, avira, bonjour, browser, converter, cubase, desktop, dvdvideosoft ltd., ebay, failed, fehler, firefox, flash player, google, home, homepage, iexplore.exe, malware, mozilla, realtek, registry, scan, security, svchost.exe, trojaner, windows



Ähnliche Themen: Windows Vista. Avira findet TR/Fareit.A.686


  1. Windows 7 Ultimate 64bit: Avira findet PUA/OpenCandy.Gen
    Plagegeister aller Art und deren Bekämpfung - 17.11.2015 (14)
  2. Windows 7: Avira findet PUA/Linkury.Gen2
    Log-Analyse und Auswertung - 12.11.2015 (16)
  3. Windows 7 - Avira findet PUA/SearchProtect.Gen
    Log-Analyse und Auswertung - 25.08.2015 (8)
  4. Windows 8.1, Avira EU-Cleaner findet TR/Trustezeb.86528
    Plagegeister aller Art und deren Bekämpfung - 06.08.2015 (10)
  5. Windows 7: Avira findet TR/Crypt.ZPACK.174803
    Log-Analyse und Auswertung - 31.05.2015 (2)
  6. Vista-PC: Avira findet HTML/FBJack.F
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (3)
  7. WINDOWS VISTA: AVIRA findet 'TR/Patched.Ren.Gen'
    Log-Analyse und Auswertung - 26.04.2014 (9)
  8. Windows Vista: Malwarebytes findet PUP.Optional.OpenCandy und Exploit.Drop.GS
    Log-Analyse und Auswertung - 26.03.2014 (8)
  9. Windows Vista-PC: Avira free Antivirus findet APPL/Downloader.Gen
    Log-Analyse und Auswertung - 10.02.2014 (5)
  10. Windows Vista: MBAM-Scan findet Schädlinge nach Identitätsdiebstahl
    Log-Analyse und Auswertung - 03.02.2014 (17)
  11. Windows 7: Avira findet Trojaner, TR/ATRAPS.Gen(2)
    Log-Analyse und Auswertung - 10.12.2013 (15)
  12. Vista langsam - Avira findet SpyGen etc. Trojaner - Was tun?
    Log-Analyse und Auswertung - 29.11.2013 (23)
  13. windows 8.1 ;Avira findet 2 Trojaner, was tun?
    Log-Analyse und Auswertung - 26.11.2013 (11)
  14. MBAM findet 11 Infektionen - u.a. Trojaner.Repacked (Windows Vista)
    Log-Analyse und Auswertung - 05.11.2013 (11)
  15. TR/PSW.Fareit.C.5420 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (9)
  16. PSV.Fareit.H.174 von Avira gemeldet
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (15)
  17. Avira findet TR/ATRAPS.GEN in C:\WINDOWS\Installer\
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (3)

Zum Thema Windows Vista. Avira findet TR/Fareit.A.686 - Hallo! Der Echtzeitscanner von Avira hat vorgestern bei mir den Trojaner TR/Fareit.A.686 gefunden. Nach einem Systemscan wurde der in Quarantäne verschoben. Würde gerne wissen, was nun zu tun ist. Habe - Windows Vista. Avira findet TR/Fareit.A.686...
Archiv
Du betrachtest: Windows Vista. Avira findet TR/Fareit.A.686 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.