Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.05.2015, 20:09   #1
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Nach Anmeldung bleibt der Bildschirm bis zum Systemstart eine ganze Weile schwarz. Anfangs gab es dieses Problem nicht. Ich habe ein Scan nach der Beschreibung mit FRST64 durchgeführt und das ist das Logfile. Scan erfolgte beim Booten mit f8 mit einem "sauberen" FRST64 vom Stick
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by SYSTEM on XXXXXX-XXXXXXX on 05-05-2015 18:33:14
Running from J:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-25] (CyberLink)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Name of App] => C:\Program Files (x86)\TSST Korea\FW LiveUpdate\FWManager.exe [708721 2013-03-08] ( )
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-25] (CyberLink)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\max\...\Run: [Google Update] => C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-07] (Google Inc.)
HKU\max\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3293184 2007-11-20] (Google)
HKU\max\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\max\...\Run: [Facebook Update] => "C:\Users\max\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\max\...\Policies\system: [LogonHoursAction] 2
HKU\max\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR [5104049 2009-07-16] (ALDI SÜD)
HKU\Default User\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR [5104049 2009-07-16] (ALDI SÜD)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-05]
ShortcutTarget: Dropbox.lnk ->  (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems)
S2 Adobe Version Cue CS2; c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-07] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-29] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdhub30.sys 30BFEEE0DFFD5BD79D29157CF080DEED
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 75BBD04F450CE109031A215FD4EC667A
C:\Windows\System32\DRIVERS\atikmpag.sys ADB8EE976CE4A47C54D39F2581593C03
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\amdxhc.sys 321533578132C811EC834A1B741C994C
C:\Windows\System32\drivers\amd_sata.sys F9D46B6B322708BD5AFCC8767EBDC901
C:\Windows\System32\drivers\amd_xata.sys 329CC9C7E20DEEBCD4CD10816193EF14
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9
C:\Windows\System32\DRIVERS\avgntflt.sys 00BF66D168E1A7AA7E1C9F458BBA0B34
C:\Windows\System32\DRIVERS\avipbb.sys 055D318220DD4593F2A8C8FF83707D36
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\System32\DRIVERS\avnetflt.sys 13253E5E3B6BDF945B63B336A8C9489B
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 251AF86E0A4DDF3A6B181ED5103B06B1
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\DRIVERS\ewusbmdm.sys 4B5C07DB91A0099272FAAE732E1152BD
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 8F6ED52134EBB4CE2953EC37C9275497
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 063C09DB965E3DFD6F4F08416F6DB8F5
C:\Windows\System32\Drivers\ksecpkg.sys 1FA627E63195BF3BF636BFEF0D7190D4
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\System32\DRIVERS\MpFilter.sys FBA4CDA6B3B00D7A116DCC2B5C7E9790
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys E10B84385C3FEEF4BDE8E6A980535522
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rrnetcap.sys 2ABD2B3BA2EF0C3BA82284C2A5E28675
C:\Windows\System32\DRIVERS\rrnetcap.sys 2ABD2B3BA2EF0C3BA82284C2A5E28675
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\System32\DRIVERS\RTL8192su.sys B3F36B4B3F192EA87DDC119F3A0B3E45
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tbhsd.sys 4430E9B4C60AAB672D16E801BAD0555E
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\truecrypt.sys 370A6907DDF79532A39319492B1FA38A
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 82E8F5AA03DF7DBDB8A33F700D5D8CDA
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 18:32 - 2015-05-05 18:33 - 00000000 ____D () C:\FRST
2015-05-04 08:41 - 2015-05-04 08:42 - 00000000 ____D () C:\Windows\SysWOW64\འ̈́
2015-05-03 10:04 - 2015-05-03 10:06 - 06420600 _____ (Tim Kosse) C:\Users\max\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-05-03 10:00 - 2015-05-05 07:47 - 00000280 _____ () C:\Windows\setupact.log
2015-05-03 03:34 - 2015-05-03 03:34 - 02347384 _____ (ESET) C:\Users\max\Downloads\esetsmartinstaller_deu.exe
2015-05-03 03:34 - 2015-05-03 03:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-03 02:59 - 2015-05-03 03:00 - 00000000 ____D () C:\Windows\SysWOW64\퀀̫
2015-05-03 02:27 - 2015-05-03 02:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-03 02:27 - 2015-05-03 02:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-03 02:26 - 2015-05-03 02:26 - 14160536 _____ (Microsoft Corporation) C:\Users\max\Downloads\mseinstall.exe
2015-05-03 00:59 - 2015-05-03 00:59 - 00000000 ____D () C:\Windows\SysWOW64\葠˰
2015-05-02 22:59 - 2015-05-02 22:59 - 00000000 ____D () C:\Windows\SysWOW64\폈p
2015-05-02 20:59 - 2015-05-02 20:59 - 00000000 ____D () C:\Windows\SysWOW64\V
2015-05-02 18:59 - 2015-05-02 18:59 - 00000000 ____D () C:\Windows\SysWOW64\፠̏
2015-05-02 16:59 - 2015-05-02 16:59 - 00000000 ____D () C:\Windows\SysWOW64\⸐d
2015-05-02 14:59 - 2015-05-02 14:59 - 00000000 ____D () C:\Windows\SysWOW64\펠̊
2015-05-02 12:59 - 2015-05-02 13:00 - 00000000 ____D () C:\Windows\SysWOW64\련`
2015-05-02 10:59 - 2015-05-02 10:59 - 00000000 ____D () C:\Windows\SysWOW64\�x
2015-05-02 09:40 - 2015-05-02 09:40 - 00032280 _____ () C:\Users\max\Downloads\BLADRMF.TTF
2015-05-02 09:17 - 2015-05-02 10:18 - 18515265 _____ () C:\Users\max\Downloads\rocko remix.psd
2015-05-02 08:59 - 2015-05-02 09:00 - 00000000 ____D () C:\Windows\SysWOW64\횘`
2015-05-02 06:59 - 2015-05-02 07:00 - 00000000 ____D () C:\Windows\SysWOW64\岠X
2015-05-02 04:59 - 2015-05-02 05:00 - 00000000 ____D () C:\Windows\SysWOW64\࿨̐
2015-05-02 02:59 - 2015-05-02 02:59 - 00000000 ____D () C:\Windows\SysWOW64\葠ˌ
2015-05-02 00:59 - 2015-05-02 01:00 - 00000000 ____D () C:\Windows\SysWOW64\葠˭
2015-05-01 22:59 - 2015-05-01 22:59 - 00000000 ____D () C:\Windows\SysWOW64\컠P
2015-05-01 14:59 - 2015-05-01 14:59 - 00000000 ____D () C:\Windows\SysWOW64\཰̨
2015-05-01 12:59 - 2015-05-01 13:00 - 00000000 ____D () C:\Windows\SysWOW64\풨̅
2015-05-01 10:59 - 2015-05-01 10:59 - 00000000 ____D () C:\Windows\SysWOW64\텠˥
2015-05-01 08:59 - 2015-05-01 08:59 - 00000000 ____D () C:\Windows\SysWOW64\얰y
2015-05-01 04:59 - 2015-05-01 05:00 - 00000000 ____D () C:\Windows\SysWOW64\퀀̜
2015-05-01 02:59 - 2015-05-01 02:59 - 00000000 ____D () C:\Windows\SysWOW64\⻸Y
2015-05-01 00:59 - 2015-05-01 00:59 - 00000000 ____D () C:\Windows\SysWOW64\퀀̰
2015-04-30 22:59 - 2015-04-30 23:00 - 00000000 ____D () C:\Windows\SysWOW64\즨‚
2015-04-30 10:58 - 2015-04-30 11:00 - 00000000 ____D () C:\Windows\SysWOW64\Ѡ˨
2015-04-26 10:58 - 2015-04-26 10:58 - 00000000 ____D () C:\Windows\SysWOW64\쿀͈
2015-04-26 06:58 - 2015-04-26 06:59 - 00000000 ____D () C:\Windows\SysWOW64\倀̿
2015-04-26 02:58 - 2015-04-26 03:00 - 00000000 ____D () C:\Windows\SysWOW64\쾐̵
2015-04-26 00:58 - 2015-04-26 01:00 - 00000000 ____D () C:\Windows\SysWOW64\辰̾
2015-04-24 23:44 - 2015-04-24 23:44 - 00000000 ____D () C:\Windows\SysWOW64\⻐l
2015-04-24 21:44 - 2015-04-24 21:44 - 00000000 ____D () C:\Windows\SysWOW64\ᾈ̓
2015-04-24 13:44 - 2015-04-24 13:44 - 00000000 ____D () C:\Windows\SysWOW64\蓐̙
2015-04-24 11:43 - 2015-04-24 11:43 - 00000000 ____D () C:\Windows\SysWOW64\預G
2015-04-24 09:43 - 2015-04-24 09:45 - 00000000 ____D () C:\Windows\SysWOW64\蕨k
2015-04-24 07:43 - 2015-04-24 07:43 - 00000000 ____D () C:\Windows\SysWOW64\⻐
2015-04-24 05:43 - 2015-04-24 05:45 - 00000000 ____D () C:\Windows\SysWOW64\࿘˯
2015-04-24 04:36 - 2015-04-24 04:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 03:43 - 2015-04-24 03:48 - 00000000 ____D () C:\Windows\SysWOW64\ⵈa
2015-04-21 12:22 - 2015-04-21 12:24 - 00000000 ____D () C:\Windows\SysWOW64\䑠˂
2015-04-20 09:37 - 2015-04-20 09:38 - 00000000 ____D () C:\Windows\SysWOW64\ླྀ̫
2015-04-17 20:58 - 2015-04-17 20:59 - 00000000 ____D () C:\Windows\SysWOW64\ꀠˤ
2015-04-17 20:47 - 2015-04-17 20:47 - 00000000 ____D () C:\Users\max\AppData\Local\{C490596D-9E7B-4F38-8337-CF1DC84FF288}
2015-04-17 12:58 - 2015-04-17 12:58 - 00000000 ____D () C:\Windows\SysWOW64\�}
2015-04-17 10:58 - 2015-04-17 10:58 - 00000000 ____D () C:\Windows\SysWOW64\쓰y
2015-04-17 08:58 - 2015-04-17 08:59 - 00000000 ____D () C:\Windows\SysWOW64\滐Y
2015-04-17 06:58 - 2015-04-17 06:58 - 00000000 ____D () C:\Windows\SysWOW64\�̮
2015-04-17 04:58 - 2015-04-17 04:59 - 00000000 ____D () C:\Windows\SysWOW64\ɐ
2015-04-16 12:49 - 2015-04-16 12:49 - 00000000 ____D () C:\Windows\SysWOW64\�̘
2015-04-16 10:49 - 2015-04-16 10:50 - 00000000 ____D () C:\Windows\SysWOW64\ྈ̈́
2015-04-16 08:49 - 2015-04-16 08:50 - 00000000 ____D () C:\Windows\SysWOW64\䁠ƕ
2015-04-15 19:32 - 2015-04-15 19:33 - 00000000 ____D () C:\Windows\SysWOW64\聠Ɛ
2015-04-15 09:32 - 2015-04-15 09:33 - 00000000 ____D () C:\Windows\SysWOW64\へq
2015-04-15 07:57 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-04-15 07:57 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-04-15 07:57 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-04-15 07:57 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-04-15 07:57 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-04-15 07:57 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 07:57 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 07:57 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 07:57 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 07:57 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 07:57 - 2015-03-22 19:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-04-15 07:57 - 2015-03-22 19:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-04-15 07:57 - 2015-03-22 19:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-04-15 07:57 - 2015-03-22 19:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-04-15 07:57 - 2015-03-22 19:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-04-15 07:57 - 2015-03-22 19:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-04-15 07:57 - 2015-03-22 19:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-04-15 07:57 - 2015-03-22 19:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-04-15 07:57 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-04-15 07:57 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-04-15 07:57 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-04-15 07:57 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-04-15 07:57 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-04-15 07:57 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-04-15 07:57 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-04-15 07:57 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-04-15 07:57 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-04-15 07:57 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-04-15 07:57 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-04-15 07:57 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-04-15 07:57 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 07:57 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 07:57 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 07:57 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 07:57 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 07:57 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 07:57 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 07:57 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-04-15 07:57 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-04-15 07:57 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 07:57 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 07:57 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-04-15 07:57 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 07:56 - 2015-04-01 16:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-04-15 07:56 - 2015-04-01 15:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 07:56 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-04-15 07:56 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-04-15 07:56 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-04-15 07:56 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 07:56 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 07:56 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 07:56 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 07:56 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 07:56 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 07:56 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 07:56 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 07:56 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:56 - 2015-03-12 20:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-04-15 07:56 - 2015-03-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-04-15 07:56 - 2015-03-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-04-15 07:56 - 2015-03-12 20:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-04-15 07:56 - 2015-03-12 20:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-04-15 07:56 - 2015-03-12 20:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-04-15 07:56 - 2015-03-12 20:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-04-15 07:56 - 2015-03-12 20:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-04-15 07:56 - 2015-03-12 20:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-04-15 07:56 - 2015-03-12 20:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-04-15 07:56 - 2015-03-12 19:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-04-15 07:56 - 2015-03-12 19:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-04-15 07:56 - 2015-03-12 19:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-04-15 07:56 - 2015-03-12 19:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-04-15 07:56 - 2015-03-12 19:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-04-15 07:56 - 2015-03-12 19:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-04-15 07:56 - 2015-03-12 19:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-15 07:56 - 2015-03-12 19:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 07:56 - 2015-03-12 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 07:56 - 2015-03-12 19:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-04-15 07:56 - 2015-03-12 19:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-15 07:56 - 2015-03-12 19:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 07:56 - 2015-03-12 19:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 07:56 - 2015-03-12 19:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 07:56 - 2015-03-12 19:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-04-15 07:56 - 2015-03-12 19:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 07:56 - 2015-03-12 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-04-15 07:56 - 2015-03-12 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 07:56 - 2015-03-12 19:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-04-15 07:56 - 2015-03-12 19:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 07:56 - 2015-03-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 07:56 - 2015-03-12 19:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 07:56 - 2015-03-12 19:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 07:56 - 2015-03-12 19:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 07:56 - 2015-03-12 19:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 07:56 - 2015-03-12 19:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-04-15 07:56 - 2015-03-12 19:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-04-15 07:56 - 2015-03-12 19:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 07:56 - 2015-03-12 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-04-15 07:56 - 2015-03-12 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-04-15 07:56 - 2015-03-12 19:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 07:56 - 2015-03-12 19:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-04-15 07:56 - 2015-03-12 18:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 07:56 - 2015-03-12 18:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 07:56 - 2015-03-12 18:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 07:56 - 2015-03-12 18:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 07:56 - 2015-03-12 18:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-04-15 07:56 - 2015-03-12 18:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 07:56 - 2015-03-12 18:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 07:56 - 2015-03-12 18:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 07:56 - 2015-03-12 18:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 07:56 - 2015-03-12 18:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-04-15 07:56 - 2015-03-12 18:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-04-15 07:56 - 2015-03-12 18:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 07:56 - 2015-03-12 18:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 07:56 - 2015-03-12 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 07:56 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-04-15 07:55 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2015-04-15 07:55 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-04-15 07:55 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 07:31 - 2015-04-13 07:32 - 00000000 ____D () C:\Windows\SysWOW64\྘͌
2015-04-13 01:31 - 2015-04-13 01:32 - 00000000 ____D () C:\Windows\SysWOW64\鑠˭
2015-04-12 21:31 - 2015-04-12 21:32 - 00000000 ____D () C:\Windows\SysWOW64\麀ˋ
2015-04-12 11:31 - 2015-04-12 11:31 - 00000000 ____D () C:\Windows\SysWOW64\へB
2015-04-12 09:31 - 2015-04-12 09:32 - 00000000 ____D () C:\Windows\SysWOW64\丘ʰ
2015-04-12 07:31 - 2015-04-12 07:31 - 00000000 ____D () C:\Windows\SysWOW64\쥸W
2015-04-12 05:53 - 2015-04-12 05:53 - 00664671 _____ () C:\Users\max\Documents\Unbenannt.flv
2015-04-12 05:31 - 2015-04-12 05:32 - 00000000 ____D () C:\Windows\SysWOW64\〈Y
2015-04-12 03:52 - 2015-04-12 03:53 - 00000000 ____D () C:\Users\max\AppData\Local\{6EB3AD82-A7E2-4219-A91E-DA0B33F398C7}
2015-04-12 01:31 - 2015-04-12 01:31 - 00000000 ____D () C:\Windows\SysWOW64\쓠d
2015-04-11 23:31 - 2015-04-11 23:31 - 00000000 ____D () C:\Windows\SysWOW64\俰˵
2015-04-11 13:31 - 2015-04-11 13:31 - 00000000 ____D () C:\Windows\SysWOW64\ተ˽
2015-04-11 09:31 - 2015-04-11 09:32 - 00000000 ____D () C:\Windows\SysWOW64\쪐†
2015-04-11 05:31 - 2015-04-11 05:32 - 00000000 ____D () C:\Windows\SysWOW64\쭈i
2015-04-11 03:31 - 2015-04-11 03:32 - 00000000 ____D () C:\Windows\SysWOW64\へM
2015-04-11 01:31 - 2015-04-11 01:32 - 00000000 ____D () C:\Windows\SysWOW64\࿰ˤ
2015-04-10 23:31 - 2015-04-10 23:32 - 00000000 ____D () C:\Windows\SysWOW64\쁠̂
2015-04-10 21:31 - 2015-04-10 21:32 - 00000000 ____D () C:\Windows\SysWOW64\폘̧
2015-04-10 13:31 - 2015-04-10 13:32 - 00000000 ____D () C:\Windows\SysWOW64\ㅰ
2015-04-10 11:31 - 2015-04-10 11:31 - 00000000 ____D () C:\Windows\SysWOW64\࿠̕
2015-04-10 09:31 - 2015-04-10 09:32 - 00000000 ____D () C:\Windows\SysWOW64\틐̟
2015-04-10 07:31 - 2015-04-10 07:32 - 00000000 ____D () C:\Windows\SysWOW64\번̘
2015-04-10 05:31 - 2015-04-10 05:32 - 00000000 ____D () C:\Windows\SysWOW64\欰’
2015-04-09 13:31 - 2015-04-09 13:31 - 00000000 ____D () C:\Windows\SysWOW64\퟈̎
2015-04-09 11:31 - 2015-04-09 11:32 - 00000000 ____D () C:\Windows\SysWOW64\`ā
2015-04-08 10:57 - 2015-04-08 10:58 - 00000000 ____D () C:\Windows\SysWOW64\☐u
2015-04-08 08:57 - 2015-04-08 08:58 - 00000000 ____D () C:\Windows\SysWOW64\Ǯ
2015-04-07 14:40 - 2015-04-07 14:40 - 00000000 ____D () C:\Windows\SysWOW64\䩀ɟ
2015-04-07 12:40 - 2015-04-07 12:41 - 00000000 ____D () C:\Windows\SysWOW64\㾈Ő
2015-04-07 10:40 - 2015-04-07 10:40 - 00000000 ____D () C:\Windows\SysWOW64\꿐Ɔ
2015-04-05 04:55 - 2015-04-05 04:56 - 52195794 _____ () C:\Users\max\Downloads\Fly .wav
2015-04-03 02:17 - 2015-04-03 02:17 - 00000000 ___RD () C:\Users\max\Creative Cloud Files
2015-04-02 10:55 - 2015-04-02 10:55 - 00001229 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-03-29 04:32 - 2015-03-29 04:32 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-29 04:32 - 2015-03-29 04:32 - 00000000 ___SD () C:\Windows\System32\GWX
2015-03-21 23:34 - 2015-03-21 23:35 - 83464623 _____ () C:\Users\max\Downloads\Nutty_Leakz-(DatPiff.com).zip
2015-03-21 23:15 - 2015-03-21 23:17 - 171178554 _____ () C:\Users\max\Downloads\Eargasm_15_Starring_2_Chainz_Bob_WaltBaby_H-(DatPiff.com).zip
2015-03-21 01:00 - 2015-03-17 11:19 - 00079688 _____ () C:\Users\max\Downloads\ExpensiveSolutions.ttf
2015-03-21 00:56 - 2015-03-21 00:56 - 00045111 _____ () C:\Users\max\Downloads\expensivesolutions.zip
2015-03-21 00:56 - 2015-03-21 00:56 - 00037486 _____ () C:\Users\max\Downloads\streamster.zip
2015-03-21 00:54 - 2015-03-21 03:41 - 00000034 _____ () C:\Users\max\AppData\Roaming\AdobeWLCMCache.dat
2015-03-20 09:05 - 2015-03-20 09:05 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-16 10:23 - 2015-03-16 10:23 - 00000144 _____ () C:\Users\max\Desktop\links.txt
2015-03-11 10:00 - 2015-02-19 20:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-03-11 10:00 - 2015-02-19 20:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-03-11 10:00 - 2015-02-19 20:40 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-03-11 10:00 - 2015-02-19 20:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-03-11 10:00 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 10:00 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 10:00 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 10:00 - 2015-02-19 20:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 10:00 - 2015-02-19 19:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-03-11 10:00 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 10:00 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2015-03-11 10:00 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2015-03-11 10:00 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 10:00 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-03-11 10:00 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 09:59 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-03-11 09:59 - 2015-02-02 19:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-03-11 09:59 - 2015-02-02 19:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-03-11 09:59 - 2015-02-02 19:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-03-11 09:59 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-03-11 09:59 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-03-11 09:59 - 2015-02-02 19:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-03-11 09:59 - 2015-02-02 19:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-03-11 09:59 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2015-03-11 09:59 - 2015-02-02 19:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-03-11 09:59 - 2015-02-02 19:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2015-03-11 09:59 - 2015-02-02 19:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-03-11 09:59 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2015-03-11 09:59 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2015-03-11 09:59 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2015-03-11 09:59 - 2015-02-02 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2015-03-11 09:59 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2015-03-11 09:59 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 09:59 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 09:59 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 09:59 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 09:59 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 09:59 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 09:59 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 09:59 - 2015-02-02 18:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-03-11 09:59 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-03-11 09:59 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-03-11 09:59 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-03-11 09:58 - 2015-01-30 19:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2015-03-11 09:58 - 2015-01-30 19:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-03-11 09:58 - 2015-01-30 15:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2015-03-11 09:56 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 09:56 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-03-11 09:56 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-03-11 09:56 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 09:56 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-03-11 09:55 - 2015-02-02 19:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-03-11 09:55 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 09:54 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-03-11 09:54 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-03-11 09:54 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-03 20:29 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
2015-03-03 20:29 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
2015-03-03 20:29 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
2015-03-03 20:29 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-24 18:19 - 2015-02-24 18:19 - 00000000 _____ () C:\Windows\SysWOW64\sho6BCD.tmp
2015-02-24 18:00 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 18:00 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\System32\locale.nls
2015-02-14 07:48 - 2015-02-14 07:49 - 06372800 _____ (Tim Kosse) C:\Users\max\Downloads\FileZilla_3.10.1.1_win32-setup.exe
2015-02-11 09:54 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2015-02-11 09:53 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-02-11 09:53 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:52 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-02-11 09:52 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-04 02:23 - 2015-02-04 02:23 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 02:13 - 2015-02-04 02:13 - 00869536 _____ (Microsoft Corporation) C:\Windows\System32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 08:14 - 2011-09-29 23:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-05 08:14 - 2011-09-29 23:24 - 01535145 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 08:01 - 2012-09-13 08:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-05 07:57 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 07:57 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 07:50 - 2012-05-05 09:44 - 00000000 ____D () C:\Users\max\AppData\Roaming\Dropbox
2015-05-05 07:49 - 2013-12-01 05:29 - 00000465 _____ () C:\Users\max\AppData\Roaming\TSSTLiveUpdateConfig.ini
2015-05-05 07:47 - 2011-09-29 23:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-05 07:47 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-04 18:39 - 2013-02-08 12:26 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
2015-05-04 16:27 - 2013-11-17 02:22 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
2015-05-04 08:46 - 2011-09-30 05:02 - 00000000 ____D () C:\Users\max\AppData\Local\Adobe
2015-05-03 10:08 - 2011-10-28 05:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-05-03 09:12 - 2013-03-05 20:27 - 00000000 ____D () C:\Users\max\AppData\Local\CRE
2015-05-03 09:12 - 2012-11-17 11:55 - 00000000 ____D () C:\Users\max\AppData\Local\iLivid
2015-05-03 09:11 - 2012-05-11 12:33 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2015-05-03 02:27 - 2014-02-22 11:16 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-03 02:25 - 2011-09-29 23:36 - 00144064 _____ () C:\Users\max\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-03 02:20 - 2009-07-13 20:45 - 05144008 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-03 01:27 - 2013-11-17 02:22 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
2015-05-02 22:38 - 2013-02-08 12:26 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
2015-05-01 09:17 - 2011-09-29 23:29 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 11:42 - 2012-06-07 15:39 - 00000000 ____D () C:\Windows\Minidump
2015-04-30 11:42 - 2012-06-07 15:38 - 473295222 _____ () C:\Windows\MEMORY.DMP
2015-04-26 00:53 - 2013-06-13 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 04:39 - 2011-10-08 19:21 - 00000000 ____D () C:\Users\max\AppData\Roaming\Mozilla
2015-04-24 03:43 - 2012-05-05 09:49 - 00001026 _____ () C:\Users\max\Desktop\Dropbox.lnk
2015-04-17 07:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 05:01 - 2012-09-13 08:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 05:01 - 2012-05-12 12:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 05:01 - 2011-06-27 15:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 18:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 17:35 - 2014-12-09 21:16 - 00000000 ____D () C:\Windows\System32\appraiser
2015-04-15 17:35 - 2014-04-30 17:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-04-15 17:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 17:16 - 2011-09-30 01:06 - 01595644 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 17:16 - 2011-02-10 11:25 - 00699884 _____ () C:\Windows\System32\perfh007.dat
2015-04-15 17:16 - 2011-02-10 11:25 - 00149766 _____ () C:\Windows\System32\perfc007.dat
2015-04-15 17:16 - 2009-07-13 21:13 - 01595644 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-15 17:14 - 2013-07-12 05:34 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-15 17:04 - 2011-02-10 12:56 - 128913832 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-04-12 07:08 - 2012-04-04 11:00 - 00000000 ____D () C:\Users\max\AppData\Roaming\vlc
2015-04-12 03:30 - 2011-10-03 06:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-04-12 01:47 - 2015-01-04 11:23 - 00000000 ____D () C:\Filme
2015-04-08 09:02 - 2014-08-12 15:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 09:02 - 2012-12-22 07:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 08:51 - 2009-07-13 21:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-07 08:56 - 2010-11-20 19:47 - 00439972 _____ () C:\Windows\PFRO.log
2015-04-07 07:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-04-07 06:40 - 2012-12-22 07:35 - 00000000 ____D () C:\Users\max\AppData\Roaming\Avira
2015-04-07 06:39 - 2012-05-11 12:32 - 00000000 ____D () C:\ProgramData\Avira

Some content of TEMP:
====================
C:\Users\max\AppData\Local\Temp\avgnt.exe
C:\Users\max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujednc.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-05-03 02:30:26
Restore point made on: 2015-05-04 12:14:14
Restore point made on: 2015-05-04 14:28:04
Restore point made on: 2015-05-04 14:58:11

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {7ac8606d-b833-11e0-b383-8efa35c52b34}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7ac8606d-b833-11e0-b383-8efa35c52b34}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\7ac8606f-b833-11e0-b383-8efa35c52b34\Winre.wim,{7ac86070-b833-11e0-b383-8efa35c52b34}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7ac8606f-b833-11e0-b383-8efa35c52b34\Winre.wim,{7ac86070-b833-11e0-b383-8efa35c52b34}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7ac8606d-b833-11e0-b383-8efa35c52b34}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7ac86070-b833-11e0-b383-8efa35c52b34}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7ac8606f-b833-11e0-b383-8efa35c52b34\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3576.13 MB
Available physical RAM: 2936.73 MB
Total Pagefile: 3574.33 MB
Available Pagefile: 2929.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:558.91 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:18.35 GB) NTFS
Drive f: (OSS_117_2) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:14.63 GB) (Free:11.97 GB) FAT32
Drive j: () (Removable) (Total:29.8 GB) (Free:0 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-05-04 09:24

==================== End Of Log ============================
         

Alt 06.05.2015, 21:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Hi,

Kommst du gar nicht mehr normal ins System? Wenn doch bitte frst vom Desktop aus scannen lassen.
__________________

__________________

Alt 07.05.2015, 18:35   #3
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Doch kein Problem, der Computer startet ganz normal, hat nur eben diese Startprobleme. Also dann nehme ich den Rechner vom Netz und starte es nochmal vom Desktop aus, wenn Windows hochgefahren ist
__________________

Alt 08.05.2015, 16:38   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Dann bitte FRST vom Desktop aus laufen lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.05.2015, 17:00   #5
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Hier die Frst

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by max (administrator) on max-DIGITAL on 07-05-2015 19:45:54
Running from J:\
Loaded Profiles: max (Available profiles: max)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Sytems Incorporated) C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Name of App] => C:\Program Files (x86)\TSST Korea\FW LiveUpdate\FWManager.exe [708721 2013-03-08] ( )
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Run: [Google Update] => C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-08] (Google Inc.)
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3293184 2007-11-21] (Google)
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Run: [Facebook Update] => "C:\Users\max\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\MountPoints2: {578a893c-4d3e-11e2-8502-8c89a556c2a4} - I:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\MountPoints2: {578a8947-4d3e-11e2-8502-8c89a556c2a4} - I:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-01-25]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4281635434-313555713-1316966940-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-28] (Sun Microsystems, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-28] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-4281635434-313555713-1316966940-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default
FF DefaultSearchEngine: Google dot com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-28] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-07-04] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-28] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-07-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4281635434-313555713-1316966940-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\max\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-4281635434-313555713-1316966940-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\max\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4281635434-313555713-1316966940-1002: @talk.google.com/O1DPlugin -> C:\Users\max\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4281635434-313555713-1316966940-1002: @tools.google.com/Google Update;version=3 -> C:\Users\max\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-4281635434-313555713-1316966940-1002: @tools.google.com/Google Update;version=9 -> C:\Users\max\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\max\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\max\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\searchplugins\avira-safesearch.xml [2014-10-14]
FF SearchPlugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\searchplugins\google-dot-com.xml [2015-04-11]
FF Extension: Avira Browser Safety - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\Extensions\abs@avira.com [2015-04-30]
FF Extension: Certificate Patrol - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\Extensions\CertPatrol@PSYC.EU.xpi [2014-04-11]
FF Extension: Firebug - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\Extensions\firebug@software.joehewitt.com.xpi [2013-08-30]
FF Extension: CodeBurner for Firebug - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\Extensions\firebug@tools.sitepoint.com.xpi [2013-08-30]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?CUI=UN65117808730170166&ctid=CT3281675&SearchSource=48
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN65117808730170166&ctid=CT3281675&SearchSource=48"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (registryAccess) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.1.22952_0\background/registryAccess.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\max\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-05-11]
CHR Extension: (YouTube) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Google Search) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Avira Browser Safety) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-29]
CHR Extension: (Bookmark Manager) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKU\S-1-5-21-4281635434-313555713-1316966940-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\max\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Users\max\AppData\Local\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.1.0.crx [2012-05-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\max\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems) [File not signed]
R2 Adobe Version Cue CS2; c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 04:32 - 2015-05-07 19:46 - 00000000 ____D () C:\FRST
2015-05-04 18:41 - 2015-05-04 18:42 - 00000000 ____D () C:\Windows\SysWOW64\འ̈́
2015-05-03 20:04 - 2015-05-03 20:06 - 06420600 _____ (Tim Kosse) C:\Users\max\Downloads\FileZilla_3.10.3_win64-setup.exe
2015-05-03 20:00 - 2015-05-07 19:43 - 00000448 _____ () C:\Windows\setupact.log
2015-05-03 13:34 - 2015-05-03 13:34 - 02347384 _____ (ESET) C:\Users\max\Downloads\esetsmartinstaller_deu.exe
2015-05-03 13:34 - 2015-05-03 13:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-03 12:59 - 2015-05-03 13:00 - 00000000 ____D () C:\Windows\SysWOW64\퀀̫
2015-05-03 12:27 - 2015-05-03 12:27 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-03 12:27 - 2015-05-03 12:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-03 12:27 - 2015-05-03 12:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-03 12:26 - 2015-05-03 12:26 - 14160536 _____ (Microsoft Corporation) C:\Users\max\Downloads\mseinstall.exe
2015-05-03 10:59 - 2015-05-03 10:59 - 00000000 ____D () C:\Windows\SysWOW64\葠˰
2015-05-03 08:59 - 2015-05-03 08:59 - 00000000 ____D () C:\Windows\SysWOW64\폈p
2015-05-03 06:59 - 2015-05-03 06:59 - 00000000 ____D () C:\Windows\SysWOW64\V
2015-05-03 04:59 - 2015-05-03 04:59 - 00000000 ____D () C:\Windows\SysWOW64\፠̏
2015-05-03 02:59 - 2015-05-03 02:59 - 00000000 ____D () C:\Windows\SysWOW64\⸐d
2015-05-03 00:59 - 2015-05-03 00:59 - 00000000 ____D () C:\Windows\SysWOW64\펠̊
2015-05-02 22:59 - 2015-05-02 23:00 - 00000000 ____D () C:\Windows\SysWOW64\련`
2015-05-02 20:59 - 2015-05-02 20:59 - 00000000 ____D () C:\Windows\SysWOW64\�x
2015-05-02 19:40 - 2015-05-02 19:40 - 00032280 _____ () C:\Users\max\Downloads\BLADRMF.TTF
2015-05-02 19:17 - 2015-05-02 20:18 - 18515265 _____ () C:\Users\max\Downloads\rocko remix.psd
2015-05-02 18:59 - 2015-05-02 19:00 - 00000000 ____D () C:\Windows\SysWOW64\횘`
2015-05-02 16:59 - 2015-05-02 17:00 - 00000000 ____D () C:\Windows\SysWOW64\岠X
2015-05-02 14:59 - 2015-05-02 15:00 - 00000000 ____D () C:\Windows\SysWOW64\࿨̐
2015-05-02 12:59 - 2015-05-02 12:59 - 00000000 ____D () C:\Windows\SysWOW64\葠ˌ
2015-05-02 10:59 - 2015-05-02 11:00 - 00000000 ____D () C:\Windows\SysWOW64\葠˭
2015-05-02 08:59 - 2015-05-02 08:59 - 00000000 ____D () C:\Windows\SysWOW64\컠P
2015-05-02 00:59 - 2015-05-02 00:59 - 00000000 ____D () C:\Windows\SysWOW64\཰̨
2015-05-01 22:59 - 2015-05-01 23:00 - 00000000 ____D () C:\Windows\SysWOW64\풨̅
2015-05-01 20:59 - 2015-05-01 20:59 - 00000000 ____D () C:\Windows\SysWOW64\텠˥
2015-05-01 18:59 - 2015-05-01 18:59 - 00000000 ____D () C:\Windows\SysWOW64\얰y
2015-05-01 14:59 - 2015-05-01 15:00 - 00000000 ____D () C:\Windows\SysWOW64\퀀̜
2015-05-01 12:59 - 2015-05-01 12:59 - 00000000 ____D () C:\Windows\SysWOW64\⻸Y
2015-05-01 10:59 - 2015-05-01 10:59 - 00000000 ____D () C:\Windows\SysWOW64\퀀̰
2015-05-01 08:59 - 2015-05-01 09:00 - 00000000 ____D () C:\Windows\SysWOW64\즨‚
2015-04-30 20:58 - 2015-04-30 21:00 - 00000000 ____D () C:\Windows\SysWOW64\Ѡ˨
2015-04-26 20:58 - 2015-04-26 20:58 - 00000000 ____D () C:\Windows\SysWOW64\쿀͈
2015-04-26 16:58 - 2015-04-26 16:59 - 00000000 ____D () C:\Windows\SysWOW64\倀̿
2015-04-26 12:58 - 2015-04-26 13:00 - 00000000 ____D () C:\Windows\SysWOW64\쾐̵
2015-04-26 10:58 - 2015-04-26 11:00 - 00000000 ____D () C:\Windows\SysWOW64\辰̾
2015-04-25 09:44 - 2015-04-25 09:44 - 00000000 ____D () C:\Windows\SysWOW64\⻐l
2015-04-25 07:44 - 2015-04-25 07:44 - 00000000 ____D () C:\Windows\SysWOW64\ᾈ̓
2015-04-24 23:44 - 2015-04-24 23:44 - 00000000 ____D () C:\Windows\SysWOW64\蓐̙
2015-04-24 21:43 - 2015-04-24 21:43 - 00000000 ____D () C:\Windows\SysWOW64\預G
2015-04-24 19:43 - 2015-04-24 19:45 - 00000000 ____D () C:\Windows\SysWOW64\蕨k
2015-04-24 17:43 - 2015-04-24 17:43 - 00000000 ____D () C:\Windows\SysWOW64\⻐
2015-04-24 15:43 - 2015-04-24 15:45 - 00000000 ____D () C:\Windows\SysWOW64\࿘˯
2015-04-24 14:36 - 2015-04-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 13:43 - 2015-04-24 13:48 - 00000000 ____D () C:\Windows\SysWOW64\ⵈa
2015-04-21 22:22 - 2015-04-21 22:24 - 00000000 ____D () C:\Windows\SysWOW64\䑠˂
2015-04-20 19:37 - 2015-04-20 19:38 - 00000000 ____D () C:\Windows\SysWOW64\ླྀ̫
2015-04-18 06:58 - 2015-04-18 06:59 - 00000000 ____D () C:\Windows\SysWOW64\ꀠˤ
2015-04-18 06:47 - 2015-04-18 06:47 - 00000000 ____D () C:\Users\max\AppData\Local\{C490596D-9E7B-4F38-8337-CF1DC84FF288}
2015-04-17 22:58 - 2015-04-17 22:58 - 00000000 ____D () C:\Windows\SysWOW64\�}
2015-04-17 20:58 - 2015-04-17 20:58 - 00000000 ____D () C:\Windows\SysWOW64\쓰y
2015-04-17 18:58 - 2015-04-17 18:59 - 00000000 ____D () C:\Windows\SysWOW64\滐Y
2015-04-17 16:58 - 2015-04-17 16:58 - 00000000 ____D () C:\Windows\SysWOW64\�̮
2015-04-17 14:58 - 2015-04-17 14:59 - 00000000 ____D () C:\Windows\SysWOW64\ɐ
2015-04-16 22:49 - 2015-04-16 22:49 - 00000000 ____D () C:\Windows\SysWOW64\�̘
2015-04-16 20:49 - 2015-04-16 20:50 - 00000000 ____D () C:\Windows\SysWOW64\ྈ̈́
2015-04-16 18:49 - 2015-04-16 18:50 - 00000000 ____D () C:\Windows\SysWOW64\䁠ƕ
2015-04-16 05:32 - 2015-04-16 05:33 - 00000000 ____D () C:\Windows\SysWOW64\聠Ɛ
2015-04-15 19:32 - 2015-04-15 19:33 - 00000000 ____D () C:\Windows\SysWOW64\へq
2015-04-15 17:57 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 17:57 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 17:57 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 17:57 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 17:57 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 17:57 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 17:57 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 17:57 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 17:57 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 17:57 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 17:57 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 17:57 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 17:57 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 17:57 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 17:57 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 17:57 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 17:57 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 17:57 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 17:57 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 17:57 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 17:57 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 17:57 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 17:57 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 17:57 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 17:57 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 17:57 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 17:57 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 17:57 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 17:57 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 17:57 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 17:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 17:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 17:57 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 17:57 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 17:57 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 17:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 17:57 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 17:57 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 17:57 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 17:57 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 17:57 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 17:57 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 17:57 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 17:56 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 17:56 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 17:56 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 17:56 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 17:56 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 17:56 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 17:56 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 17:56 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 17:56 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 17:56 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 17:56 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 17:56 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 17:56 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 17:56 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 17:56 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 17:56 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 17:56 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 17:56 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 17:56 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 17:56 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 17:56 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 17:56 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 17:56 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 17:56 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 17:56 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 17:56 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 17:56 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 17:56 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 17:56 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 17:56 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 17:56 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 17:56 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 17:56 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 17:56 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 17:56 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 17:56 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 17:56 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 17:56 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 17:56 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 17:56 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 17:56 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 17:56 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 17:56 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 17:56 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 17:56 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 17:56 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 17:56 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 17:56 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 17:56 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 17:56 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 17:56 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 17:56 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 17:56 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 17:56 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 17:56 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 17:56 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 17:56 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 17:56 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 17:56 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 17:56 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 17:56 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 17:56 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 17:56 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 17:56 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 17:56 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 17:56 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 17:56 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 17:56 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 17:56 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 17:56 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 17:56 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 17:56 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 17:55 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 17:55 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 17:55 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 17:31 - 2015-04-13 17:32 - 00000000 ____D () C:\Windows\SysWOW64\྘͌
2015-04-13 11:31 - 2015-04-13 11:32 - 00000000 ____D () C:\Windows\SysWOW64\鑠˭
2015-04-13 07:31 - 2015-04-13 07:32 - 00000000 ____D () C:\Windows\SysWOW64\麀ˋ
2015-04-12 21:31 - 2015-04-12 21:31 - 00000000 ____D () C:\Windows\SysWOW64\へB
2015-04-12 19:31 - 2015-04-12 19:32 - 00000000 ____D () C:\Windows\SysWOW64\丘ʰ
2015-04-12 17:31 - 2015-04-12 17:31 - 00000000 ____D () C:\Windows\SysWOW64\쥸W
2015-04-12 15:53 - 2015-04-12 15:53 - 00664671 _____ () C:\Users\max\Documents\Unbenannt.flv
2015-04-12 15:31 - 2015-04-12 15:32 - 00000000 ____D () C:\Windows\SysWOW64\〈Y
2015-04-12 13:52 - 2015-04-12 13:53 - 00000000 ____D () C:\Users\max\AppData\Local\{6EB3AD82-A7E2-4219-A91E-DA0B33F398C7}
2015-04-12 11:31 - 2015-04-12 11:31 - 00000000 ____D () C:\Windows\SysWOW64\쓠d
2015-04-12 09:31 - 2015-04-12 09:31 - 00000000 ____D () C:\Windows\SysWOW64\俰˵
2015-04-11 23:31 - 2015-04-11 23:31 - 00000000 ____D () C:\Windows\SysWOW64\ተ˽
2015-04-11 19:31 - 2015-04-11 19:32 - 00000000 ____D () C:\Windows\SysWOW64\쪐†
2015-04-11 15:31 - 2015-04-11 15:32 - 00000000 ____D () C:\Windows\SysWOW64\쭈i
2015-04-11 13:31 - 2015-04-11 13:32 - 00000000 ____D () C:\Windows\SysWOW64\へM
2015-04-11 11:31 - 2015-04-11 11:32 - 00000000 ____D () C:\Windows\SysWOW64\࿰ˤ
2015-04-11 09:31 - 2015-04-11 09:32 - 00000000 ____D () C:\Windows\SysWOW64\쁠̂
2015-04-11 07:31 - 2015-04-11 07:32 - 00000000 ____D () C:\Windows\SysWOW64\폘̧
2015-04-10 23:31 - 2015-04-10 23:32 - 00000000 ____D () C:\Windows\SysWOW64\ㅰ
2015-04-10 21:31 - 2015-04-10 21:31 - 00000000 ____D () C:\Windows\SysWOW64\࿠̕
2015-04-10 19:31 - 2015-04-10 19:32 - 00000000 ____D () C:\Windows\SysWOW64\틐̟
2015-04-10 17:31 - 2015-04-10 17:32 - 00000000 ____D () C:\Windows\SysWOW64\번̘
2015-04-10 15:31 - 2015-04-10 15:32 - 00000000 ____D () C:\Windows\SysWOW64\欰’
2015-04-09 23:31 - 2015-04-09 23:31 - 00000000 ____D () C:\Windows\SysWOW64\퟈̎
2015-04-09 21:31 - 2015-04-09 21:32 - 00000000 ____D () C:\Windows\SysWOW64\`ā
2015-04-08 20:57 - 2015-04-08 20:58 - 00000000 ____D () C:\Windows\SysWOW64\☐u
2015-04-08 18:57 - 2015-04-08 18:58 - 00000000 ____D () C:\Windows\SysWOW64\Ǯ
2015-04-08 00:40 - 2015-04-08 00:40 - 00000000 ____D () C:\Windows\SysWOW64\䩀ɟ
2015-04-07 22:40 - 2015-04-07 22:41 - 00000000 ____D () C:\Windows\SysWOW64\㾈Ő
2015-04-07 20:40 - 2015-04-07 20:40 - 00000000 ____D () C:\Windows\SysWOW64\꿐Ɔ

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 19:45 - 2013-12-01 15:29 - 00000465 _____ () C:\Users\max\AppData\Roaming\TSSTLiveUpdateConfig.ini
2015-05-07 19:44 - 2011-09-30 09:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 19:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 21:18 - 2011-09-30 09:24 - 01603403 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 21:15 - 2011-09-30 09:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 21:01 - 2012-09-13 18:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 20:56 - 2011-02-10 21:25 - 00699884 _____ () C:\Windows\system32\perfh007.dat
2015-05-06 20:56 - 2011-02-10 21:25 - 00149766 _____ () C:\Windows\system32\perfc007.dat
2015-05-06 20:56 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-06 20:39 - 2013-02-08 22:26 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
2015-05-06 20:38 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 20:38 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 20:36 - 2012-05-05 19:44 - 00000000 ____D () C:\Users\max\AppData\Roaming\Dropbox
2015-05-05 23:27 - 2013-11-17 12:22 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
2015-05-04 18:46 - 2011-09-30 15:02 - 00000000 ____D () C:\Users\max\AppData\Local\Adobe
2015-05-03 20:08 - 2011-10-28 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-05-03 20:08 - 2011-10-28 15:08 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-05-03 19:12 - 2013-03-06 06:27 - 00000000 ____D () C:\Users\max\AppData\Local\CRE
2015-05-03 19:12 - 2012-11-17 21:55 - 00000000 ____D () C:\Users\max\AppData\Local\iLivid
2015-05-03 19:11 - 2012-05-11 22:33 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2015-05-03 12:27 - 2014-02-22 21:16 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-03 12:25 - 2011-09-30 09:36 - 00144064 _____ () C:\Users\max\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-03 12:20 - 2009-07-14 06:45 - 05144008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-03 11:27 - 2013-11-17 12:22 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
2015-05-03 08:38 - 2013-02-08 22:26 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
2015-05-01 19:17 - 2011-09-30 09:29 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 21:42 - 2012-06-08 01:39 - 00000000 ____D () C:\Windows\Minidump
2015-04-30 21:42 - 2012-06-08 01:38 - 473295222 _____ () C:\Windows\MEMORY.DMP
2015-04-26 10:53 - 2013-06-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 14:39 - 2011-10-09 05:21 - 00000000 ____D () C:\Users\max\AppData\Roaming\Mozilla
2015-04-24 13:43 - 2012-05-05 19:49 - 00001026 _____ () C:\Users\max\Desktop\Dropbox.lnk
2015-04-24 13:43 - 2012-05-05 19:45 - 00000000 ____D () C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-17 17:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 15:01 - 2012-09-13 18:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 15:01 - 2012-05-12 22:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 15:01 - 2011-06-28 01:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 04:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 03:35 - 2014-12-10 07:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 03:35 - 2014-05-01 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 03:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 03:16 - 2011-09-30 11:06 - 01595644 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 03:14 - 2013-07-12 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:04 - 2011-02-10 22:56 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-12 17:08 - 2012-04-04 21:00 - 00000000 ____D () C:\Users\max\AppData\Roaming\vlc
2015-04-12 13:30 - 2011-10-03 16:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-04-12 11:47 - 2015-01-04 21:23 - 00000000 ____D () C:\Filme
2015-04-08 19:02 - 2014-08-13 01:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-08 19:02 - 2012-12-22 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-08 19:02 - 2012-12-22 17:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 18:51 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-07 18:56 - 2010-11-21 05:47 - 00439972 _____ () C:\Windows\PFRO.log
2015-04-07 17:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-07 16:40 - 2012-12-22 17:35 - 00000000 ____D () C:\Users\max\AppData\Roaming\Avira
2015-04-07 16:39 - 2012-05-11 22:32 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2015-03-21 10:54 - 2015-03-21 13:41 - 0000034 _____ () C:\Users\max\AppData\Roaming\AdobeWLCMCache.dat
2013-12-01 15:29 - 2015-05-07 19:45 - 0000465 _____ () C:\Users\max\AppData\Roaming\TSSTLiveUpdateConfig.ini
2013-08-23 22:41 - 2014-10-26 00:59 - 0001456 _____ () C:\Users\max\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-02-18 18:52 - 2014-08-20 20:32 - 0000600 _____ () C:\Users\max\AppData\Local\PUTTY.RND
2009-06-16 14:25 - 2009-06-16 14:25 - 0121512 ____R () C:\ProgramData\DeviceManager.xml.rc4

Some content of TEMP:
====================
C:\Users\max\AppData\Local\Temp\avgnt.exe
C:\Users\max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpddaukz.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 19:24

==================== End Of Log ============================
         
--- --- ---


Alt 10.05.2015, 06:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Addition.txt bitte noch nachreichen.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung

Alt 16.05.2015, 15:27   #7
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Hallo Schrauber, vielen Dank schon mal
Hier ist zuerst die additional.txt von Frst64
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by max at 2015-05-07 19:47:42
Running from J:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4281635434-313555713-1316966940-500 - Administrator - Disabled)
max (S-1-5-21-4281635434-313555713-1316966940-1002 - Administrator - Enabled) => C:\Users\max
Gast (S-1-5-21-4281635434-313555713-1316966940-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4281635434-313555713-1316966940-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Akamai) (Version:  - )
ALDI SÜD Mah Jong (HKLM-x32\...\ALDI SÜD Mah Jong) (Version:  - )
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.1.0 - Ask.com) <==== ATTENTION
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{7108738A-F48C-4FC9-80A1-4B70254270DF}) (Version: 9.1.13600.0 - RapidSolution Software AG)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION
Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2821 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Video to MP3 Converter version 5.0.22.128 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.22.128 - DVDVideoSoft Ltd.)
FW LiveUpdate (HKLM-x32\...\{159BC833-0C48-482C-94C4-2DAC8886B142}) (Version: 3.1.1.2 - TSST Korea)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GoldWave v5.67 (HKLM-x32\...\GoldWave v5.67) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2208 - Bandoo Media Inc) <==== ATTENTION
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{A5473280-7202-4688-81AB-9B31BAAEE3AE}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker MX (HKLM-x32\...\MAGIX_{41A982A3-9841-4E71-BBF0-0464C7932AD5}) (Version: 18.0.4.1 - MAGIX AG)
MAGIX Music Maker MX (Version: 18.0.4.1 - MAGIX AG) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6368 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zero Assumption Digital Image Recovery 1.2 (HKLM-x32\...\Zero Assumption Digital Image Recovery_is1) (Version:  - Zero Assumption Recovery Software)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\max\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\max\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\max\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\max\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\max\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4281635434-313555713-1316966940-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\max\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

03-05-2015 12:30:02 Windows Update
06-05-2015 20:39:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0205346B-D68E-4C37-A7E4-A6BAD408EB05} - System32\Tasks\{46998C55-7DE4-4567-852B-060E8EBE76A4} => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [2007-11-21] (Google)
Task: {13C3A11C-1BCA-4C8F-B06D-9C9EFD852063} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {19F64788-9792-4FCF-9B86-70EA3E04D959} - System32\Tasks\{940BE6A7-7AF2-49F0-981F-08E76A9850BE} => pcalua.exe -a "E:\Adobe Creative Suite 2.0\Setup.exe" -d "E:\Adobe Creative Suite 2.0"
Task: {1DCA707C-693D-4742-AB0F-6255F10DCA67} - System32\Tasks\{782B6B0F-8291-4C4C-8AAC-6DD3E9AC4430} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {23CB0942-3A7D-48D3-9A35-F43A1B3EA5B7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA => C:\Users\max\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {24C5C5F0-0C86-4810-9C69-334D7CE3C250} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {2E32DFD8-53F5-4D65-93FD-CCBE09A9A454} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {347CFFFD-50AE-49C6-A0AF-5406F20DACC8} - System32\Tasks\{5ACFC2E7-A2E3-475D-933F-BCEF75FC0E95} => pcalua.exe -a I:\Adobe\CS-2\win\CS2_RetNon_Ger_3.exe -d I:\Adobe\CS-2\win
Task: {3C5F92F0-D6E7-4611-8AD4-05E7FA26A0DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {436FDAAF-C64B-4879-9616-DC01A53A0A8D} - System32\Tasks\AdobeAAMUpdater-1.0-max-digital-max => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {4703B300-7D90-4F9B-9DED-7B7155B9F22F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4B68E0E6-8507-4D86-B8EB-C3A2CFA7189D} - System32\Tasks\{35864005-1B39-4C61-86DA-A6162E04B74D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?page=tsMain
Task: {4CE97D3E-12DA-4C3B-9590-CF1405A0302E} - System32\Tasks\{8D3ED64A-0713-4E86-A4B6-A6EFDFCBC789} => pcalua.exe -a C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe -c /relaunched/rootloc=c:\creative suite cs2\adobe creative suite 2.0/lang=0407
Task: {55901F48-66EB-4921-BFF3-F39BCD6CFE51} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {5AEEBB80-9911-45E7-806B-48A481431701} - System32\Tasks\AdobeAAMUpdater-1.0-max-digital-adobe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {5B0D12EC-B449-4EDE-B0F9-758B1B4D29D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {7909EF90-759E-4B02-9C40-DE71C2FB2EE8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {8C721061-6C8C-4F17-9DF3-181AD7699F1D} - System32\Tasks\{1D33D95C-184B-43B7-A319-61CE2A9F003E} => pcalua.exe -a "C:\Creative Suite CS2\Adobe Creative Suite 2.0\Setup.exe" -d "C:\Creative Suite CS2\Adobe Creative Suite 2.0"
Task: {8D381C34-C9E8-4180-8904-99BB7680F2AE} - System32\Tasks\{75F85BCE-3AB5-4947-99DA-F47E3DB264C4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Google\Google Talk\googletalk.exe"
Task: {94408356-C30A-402F-83DF-CDB3D2175DC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A94D7FB6-B42E-470D-9F69-277A1FABF0C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core => C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {B175F35C-17AF-4813-9840-8BA68B0C6D8F} - System32\Tasks\{E6339CE0-A0BB-426A-9ACD-B9E2BD829259} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime
Task: {B1EAC2B4-214E-498A-B4EB-DDFFD9762BFA} - System32\Tasks\{8FF21BFA-FC4C-4174-AF53-B0F4203BB9BF} => pcalua.exe -a C:\Users\max\Downloads\googletalk-setup-de.exe -d C:\Users\max\Downloads
Task: {BAAF9E81-813C-42FF-ADD2-A24999C8BC83} - System32\Tasks\{9DE5D2AE-CC43-489D-B23E-E2492A738D52} => pcalua.exe -a "E:\Creative Suite 2\CreativeSuiteCS2Disc1.exe" -d "E:\Creative Suite 2"
Task: {BFD30F11-EF3C-40F9-9A60-A0FC4E7316CA} - System32\Tasks\{80F57839-EDC1-4EB5-9D3A-E8273C392D6C} => pcalua.exe -a E:\CS2_RetNon_Ger_2.exe -d E:\
Task: {BFF7F455-E64F-4496-A93D-97293EE620A5} - System32\Tasks\{95ED28F8-4772-4B2A-86B8-EDCDC8407A2D} => pcalua.exe -a C:\Users\max\Desktop\putty.exe -d C:\Users\max\Desktop
Task: {C1D84A6B-24B8-4F47-809E-F010F1BB47D2} - System32\Tasks\{0C43075F-7494-43AD-BA56-B58754CDA469} => pcalua.exe -a I:\Adobe\CS-2\win\CS2_RetNon_Ger_2.exe -d I:\Adobe\CS-2\win
Task: {D3ECC279-684A-4A18-802D-D78A1630A2FB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E2EA215A-728B-4C45-A06A-B5FD494C2591} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core => C:\Users\max\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {EC135251-C35F-4141-BB0F-BEA57C558F0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {EEEBD21E-7739-47BA-829B-16308A433FA1} - System32\Tasks\{56D9A40A-D4AF-4EC7-BD2C-C2825C07C09F} => pcalua.exe -a E:\Setup.exe -d E:\ -c -auto
Task: {F4BDADD3-5B3E-4395-870F-033D15DBBD77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA => C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job => C:\Users\max\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job => C:\Users\max\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job => C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job => C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 03502080 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2005-04-04 18:58 - 2005-04-04 18:58 - 00028791 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 00057453 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 00102515 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 00053364 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 00057455 _____ () C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 00032880 _____ () C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 00434255 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-04 18:58 - 2005-04-04 18:58 - 01019904 _____ () c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-04 18:02 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-04 18:02 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-04 18:02 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-04 18:02 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-04 18:02 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-04-04 18:02 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2015-02-15 14:58 - 2015-02-15 14:58 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-05-07 19:45 - 2015-05-07 19:45 - 00043008 _____ () c:\users\max\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpddaukz.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\max\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\max\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\max\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\max\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-11 15:12 - 2015-02-11 15:12 - 05739680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4281635434-313555713-1316966940-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\max\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\max\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{A5D02DFB-D2D3-476D-B3BF-42996628F632}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83A7B532-4A8C-4918-B91B-56FFB8586E94}] => (Allow) LPort=2869
FirewallRules: [{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}] => (Allow) LPort=1900
FirewallRules: [{16207F27-E370-4AFD-A963-EEA943D13737}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F8BA434F-3751-4264-BB64-81A691281D5C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{83230FAD-5342-4DB9-A363-36DE559E8EF6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B90087E7-D11E-4BCF-9A09-28A4943188C8}C:\users\max\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\max\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{564AA350-1235-4CC3-8D2C-1A8D5999B1DD}C:\users\max\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\max\appdata\local\akamai\netsession_win.exe
FirewallRules: [{87F5934C-8DA2-444A-9D1B-2C5C316B7F9C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{38AECDBA-2B4B-4787-BF9A-9640011CA847}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{1767A65E-7E0F-4628-826D-62B2DD890F8A}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe
FirewallRules: [{11E4E487-8631-45E9-B49A-84935D50EE7F}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\Anno5.exe
FirewallRules: [{F23B5E71-E4F6-4CC0-9B34-3993112189D6}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe
FirewallRules: [{4741DDC3-3FD1-4F78-9CD1-EA309BCCA102}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe
FirewallRules: [{F7251F40-261A-4A24-912E-41C6C05FEFAA}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe
FirewallRules: [{C633BBDF-4490-4C19-92D5-047882394F2D}] => (Allow) C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe
FirewallRules: [{2FC3E8BE-3BA5-4D23-8891-16D8E75C7FCA}] => (Allow) C:\Users\max\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6C07273C-20C4-4DEE-A5F1-9DDF43C0BB9F}] => (Allow) C:\Users\max\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{04C67F81-F29C-4985-AA0A-B68FAF2D798F}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CC03ED3E-FE64-473B-92F3-E0557E638370}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{3C84F846-3893-4601-90DB-01B40A4C0290}] => (Allow) C:\Program Files (x86)\RapidSolution\Audials 9\Audials.exe
FirewallRules: [{57FA5326-15E2-43F0-BFAD-3C4CBD2F5EC5}] => (Allow) LPort=12972
FirewallRules: [{1209F179-F4AF-471B-9A8D-02F280E28905}] => (Allow) LPort=14714
FirewallRules: [{B90796A4-01B7-4919-97AD-94E21A4E2461}] => (Allow) LPort=31931
FirewallRules: [TCP Query User{027A8E49-DC65-4684-AB0A-7FEFC649A0E7}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{6A74A585-0612-42F7-9275-C74D11071DD8}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{CAC186BA-37B6-4B2C-92FC-362C6DB2CBA3}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{4FBCD29A-A345-4FC3-8284-4E5B0D24B696}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{65FDEAB6-498D-457A-9391-F2D7C969FEA9}] => (Allow) C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{01143E51-F100-485B-A52A-689C6FF9F4E2}] => (Allow) C:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{5EE7C63E-6754-45FD-AA20-ACE0EC80133B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED47A427-F5F0-47E4-AD8B-A474321C47CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F444B285-C60F-458B-B173-F0D0D7AD1E93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E5C1F42-05CC-44B8-BDA2-37199822E934}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65438C2E-777D-46F1-B336-40920F835215}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B0055BC1-BBA7-44FF-8AED-ABBDDDABDEEF}] => (Allow) C:\Users\max\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{5CBA237D-966E-4ABB-AE25-A42618D6E0F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5B71831-AFCA-4956-A086-613082FC7C53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E75DD8E1-2D77-40A0-8B21-C0EDD368D8F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{11135C9E-5444-4DDA-8802-9F7F0C15565B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{57ACBC12-50AE-43F7-B82F-F36BD0B5D436}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2015 07:44:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 104.2.168.192.in-addr.arpa. PTR max-digital.local.

Error: (05/07/2015 07:44:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.104:5353   23 104.2.168.192.in-addr.arpa. PTR max-digital-2.local.

Error: (05/07/2015 07:44:28 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/06/2015 08:33:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 104.2.168.192.in-addr.arpa. PTR max-digital.local.

Error: (05/06/2015 08:33:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.104:5353   23 104.2.168.192.in-addr.arpa. PTR max-digital-2.local.

Error: (05/06/2015 08:32:59 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/06/2015 00:54:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/05/2015 06:53:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (05/05/2015 06:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 104.2.168.192.in-addr.arpa. PTR max-digital.local.

Error: (05/05/2015 06:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.104:5353   23 104.2.168.192.in-addr.arpa. PTR max-digital-2.local.


System errors:
=============
Error: (05/06/2015 09:18:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/06/2015 09:17:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/06/2015 01:59:45 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/06/2015 01:59:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/05/2015 06:53:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 114.3.0.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.7.0205.00

	Source Path: 4.7.0205.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (05/05/2015 06:53:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.197.1433.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.7.0205.00

	Source Path: 4.7.0205.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (05/05/2015 06:53:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.197.1433.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.7.0205.00

	Source Path: 4.7.0205.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (05/05/2015 06:53:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.197.1433.0

	Update Source: %NT-AUTORITÄT59

	Update Stage: 4.7.0205.00

	Source Path: 4.7.0205.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\SYSTEM

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (05/05/2015 06:14:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/05/2015 05:18:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (05/07/2015 07:44:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 104.2.168.192.in-addr.arpa. PTR max-digital.local.

Error: (05/07/2015 07:44:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.104:5353   23 104.2.168.192.in-addr.arpa. PTR max-digital-2.local.

Error: (05/07/2015 07:44:28 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/06/2015 08:33:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 104.2.168.192.in-addr.arpa. PTR max-digital.local.

Error: (05/06/2015 08:33:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.104:5353   23 104.2.168.192.in-addr.arpa. PTR max-digital-2.local.

Error: (05/06/2015 08:32:59 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (05/06/2015 00:54:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/05/2015 06:53:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (05/05/2015 06:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   21 104.2.168.192.in-addr.arpa. PTR max-digital.local.

Error: (05/05/2015 06:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.104:5353   23 104.2.168.192.in-addr.arpa. PTR max-digital-2.local.


==================== Memory info =========================== 

Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3576.13 MB
Available physical RAM: 1801.34 MB
Total Pagefile: 7150.46 MB
Available Pagefile: 5179.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:558.25 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:18.35 GB) NTFS
Drive e: (OSS_117_2) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:14.63 GB) (Free:11.97 GB) FAT32
Drive i: (Elements) (Fixed) (Total:3725.99 GB) (Free:3599.74 GB) NTFS
Drive j: () (Removable) (Total:29.8 GB) (Free:0 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 3 (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 5 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 16.05.2015, 16:08   #8
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Hallo Schrauber, sind beide ohne Beanstandung durchgelaufen.
Log von Vskiller:
Code:
ATTFilter
16:59:36.0285 0x1ad8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:59:39.0822 0x1ad8  ============================================================
16:59:39.0822 0x1ad8  Current date / time: 2015/05/16 16:59:39.0822
16:59:39.0822 0x1ad8  SystemInfo:
16:59:39.0822 0x1ad8  
16:59:39.0822 0x1ad8  OS Version: 6.1.7601 ServicePack: 1.0
16:59:39.0822 0x1ad8  Product type: Workstation
16:59:39.0823 0x1ad8  ComputerName: MAX-DIGITAL
16:59:39.0823 0x1ad8  UserName: max
16:59:39.0823 0x1ad8  Windows directory: C:\Windows
16:59:39.0823 0x1ad8  System windows directory: C:\Windows
16:59:39.0823 0x1ad8  Running under WOW64
16:59:39.0823 0x1ad8  Processor architecture: Intel x64
16:59:39.0823 0x1ad8  Number of processors: 4
16:59:39.0823 0x1ad8  Page size: 0x1000
16:59:39.0823 0x1ad8  Boot type: Normal boot
16:59:39.0823 0x1ad8  ============================================================
16:59:41.0849 0x1ad8  KLMD registered as C:\Windows\system32\drivers\30158760.sys
16:59:42.0356 0x1ad8  System UUID: {F8776EBC-713E-B1B9-8A80-C552330DD187}
16:59:43.0765 0x1ad8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:59:44.0490 0x1ad8  Drive \Device\Harddisk1\DR1 - Size: 0x3A37F700000 ( 3725.99 Gb ), SectorSize: 0x1000, Cylinders: 0xED7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:59:44.0495 0x1ad8  Drive \Device\Harddisk3\DR3 - Size: 0x3A9000000 ( 14.64 Gb ), SectorSize: 0x200, Cylinders: 0x777, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:59:44.0500 0x1ad8  Drive \Device\Harddisk5\DR7 - Size: 0x774488000 ( 29.82 Gb ), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:59:44.0502 0x1ad8  ============================================================
16:59:44.0502 0x1ad8  \Device\Harddisk0\DR0:
16:59:44.0704 0x1ad8  MBR partitions:
16:59:44.0705 0x1ad8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:59:44.0705 0x1ad8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3800
16:59:44.0705 0x1ad8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F506000, BlocksNum 0x5000000
16:59:44.0705 0x1ad8  \Device\Harddisk1\DR1:
16:59:44.0706 0x1ad8  MBR partitions:
16:59:44.0706 0x1ad8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x3A37F600
16:59:44.0706 0x1ad8  \Device\Harddisk3\DR3:
16:59:44.0707 0x1ad8  MBR partitions:
16:59:44.0707 0x1ad8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1D46000
16:59:44.0707 0x1ad8  \Device\Harddisk5\DR7:
16:59:44.0708 0x1ad8  MBR partitions:
16:59:44.0708 0x1ad8  \Device\Harddisk5\DR7\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BA2420
16:59:44.0708 0x1ad8  ============================================================
16:59:45.0028 0x1ad8  C: <-> \Device\Harddisk0\DR0\Partition2
16:59:45.0218 0x1ad8  D: <-> \Device\Harddisk0\DR0\Partition3
16:59:46.0036 0x1ad8  I: <-> \Device\Harddisk1\DR1\Partition1
16:59:46.0036 0x1ad8  ============================================================
16:59:46.0036 0x1ad8  Initialize success
16:59:46.0036 0x1ad8  ============================================================
17:00:43.0110 0x1828  ============================================================
17:00:43.0110 0x1828  Scan started
17:00:43.0110 0x1828  Mode: Manual; SigCheck; TDLFS; 
17:00:43.0110 0x1828  ============================================================
17:00:43.0110 0x1828  KSN ping started
17:00:45.0899 0x1828  KSN ping finished: true
17:00:48.0384 0x1828  ================ Scan system memory ========================
17:00:48.0384 0x1828  System memory - ok
17:00:48.0385 0x1828  ================ Scan services =============================
17:00:48.0568 0x1828  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:00:48.0946 0x1828  1394ohci - ok
17:00:48.0983 0x1828  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:00:49.0008 0x1828  ACPI - ok
17:00:49.0036 0x1828  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:00:49.0133 0x1828  AcpiPmi - ok
17:00:49.0182 0x1828  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:00:49.0206 0x1828  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
17:00:57.0803 0x1828  Detect skipped due to KSN trusted
17:00:57.0803 0x1828  Adobe LM Service - ok
17:00:57.0870 0x1828  [ 41D15EAD554396BF35B7C5246AD47A28, 456835B33E95D083CD0076F06B591D63FB969025940A5CFD87CAB37C658B6855 ] Adobe Version Cue CS2 c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
17:00:57.0900 0x1828  Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic ( 1 )
17:01:00.0572 0x1828  Detect skipped due to KSN trusted
17:01:00.0572 0x1828  Adobe Version Cue CS2 - ok
17:01:00.0653 0x1828  [ 1474F121C3DF1232D3E7239C03691EE6, 26D0F55010CB7C51269D94ECB5C5AA94802607685B9E9791A78B643C6227214F ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
17:01:00.0678 0x1828  AdobeActiveFileMonitor9.0 - ok
17:01:00.0753 0x1828  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:01:00.0787 0x1828  AdobeARMservice - ok
17:01:00.0981 0x1828  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:01.0004 0x1828  AdobeFlashPlayerUpdateSvc - ok
17:01:01.0035 0x1828  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:01:01.0060 0x1828  adp94xx - ok
17:01:01.0100 0x1828  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:01:01.0120 0x1828  adpahci - ok
17:01:01.0148 0x1828  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:01:01.0164 0x1828  adpu320 - ok
17:01:01.0184 0x1828  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:01:01.0261 0x1828  AeLookupSvc - ok
17:01:01.0335 0x1828  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
17:01:01.0417 0x1828  AFD - ok
17:01:01.0438 0x1828  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:01:01.0453 0x1828  agp440 - ok
17:01:01.0471 0x1828  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:01:01.0544 0x1828  ALG - ok
17:01:01.0571 0x1828  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:01:01.0589 0x1828  aliide - ok
17:01:01.0626 0x1828  [ 0BDE3222789749571C3D706F0181203D, 1D46098F2E483B2F5FF94EDD5DE940E78121EEEB72A79904F440EE34BE693806 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:01:01.0713 0x1828  AMD External Events Utility - ok
17:01:01.0783 0x1828  AMD FUEL Service - ok
17:01:01.0800 0x1828  [ 30BFEEE0DFFD5BD79D29157CF080DEED, D3176AA5CFD43CAE7180E9E51A2C76DC2AC02897CA730391A54F647D263ED4E0 ] amdhub30        C:\Windows\system32\drivers\amdhub30.sys
17:01:01.0893 0x1828  amdhub30 - ok
17:01:01.0929 0x1828  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:01:01.0941 0x1828  amdide - ok
17:01:01.0975 0x1828  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\drivers\amdiox64.sys
17:01:01.0985 0x1828  amdiox64 - ok
17:01:02.0013 0x1828  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:01:02.0046 0x1828  AmdK8 - ok
17:01:02.0602 0x1828  [ 75BBD04F450CE109031A215FD4EC667A, AAC5F685155890189CBF9120D5ED4AFC338B1BE886BE8B06C36FB57274F81B8B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:01:02.0950 0x1828  amdkmdag - ok
17:01:03.0011 0x1828  [ ADB8EE976CE4A47C54D39F2581593C03, D80FCCC493A8C049A349D836E75995D0464D725BB44DEF1A1B622F1B889FCC2C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:01:03.0049 0x1828  amdkmdap - ok
17:01:03.0073 0x1828  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:01:03.0095 0x1828  AmdPPM - ok
17:01:03.0116 0x1828  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:01:03.0129 0x1828  amdsata - ok
17:01:03.0150 0x1828  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:01:03.0166 0x1828  amdsbs - ok
17:01:03.0181 0x1828  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:01:03.0191 0x1828  amdxata - ok
17:01:03.0221 0x1828  [ 321533578132C811EC834A1B741C994C, 82B62C52018655B8A596E1E503CB31F0FA581780425A9FF44BE1248C0F3D4B3E ] amdxhc          C:\Windows\system32\drivers\amdxhc.sys
17:01:03.0235 0x1828  amdxhc - ok
17:01:03.0248 0x1828  [ F9D46B6B322708BD5AFCC8767EBDC901, BD4872A62516D8326D43FD37A8BECEBADB80C51CD79506FD8A2013358710F774 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
17:01:03.0258 0x1828  amd_sata - ok
17:01:03.0269 0x1828  [ 329CC9C7E20DEEBCD4CD10816193EF14, FA217536D56EA0BFC783FC29919F529A9AF8E0F7B2A49AA452B218BC6F1E0366 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
17:01:03.0279 0x1828  amd_xata - ok
17:01:03.0410 0x1828  [ 62A6B0A393591878A1E00224EA698AD7, 691B6E248D0682477543455B67E85C768A4A53A92139E153320ED4E4CED1E010 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
17:01:03.0462 0x1828  AntiVirMailService - ok
17:01:03.0520 0x1828  [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:01:03.0541 0x1828  AntiVirSchedulerService - ok
17:01:03.0580 0x1828  [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:01:03.0599 0x1828  AntiVirService - ok
17:01:03.0654 0x1828  [ 5B7924A162A604B43FFBEE9384ABE77B, 1A1A836C145BAD330EDC778D4FD18CE737EB10E4B22AE8A39CDDBAAC36B0FF11 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
17:01:03.0687 0x1828  AntiVirWebService - ok
17:01:03.0751 0x1828  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
17:01:03.0819 0x1828  AppID - ok
17:01:03.0855 0x1828  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:01:03.0904 0x1828  AppIDSvc - ok
17:01:03.0945 0x1828  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
17:01:03.0999 0x1828  Appinfo - ok
17:01:04.0069 0x1828  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:04.0093 0x1828  Apple Mobile Device - ok
17:01:04.0116 0x1828  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
17:01:04.0133 0x1828  arc - ok
17:01:04.0151 0x1828  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:01:04.0169 0x1828  arcsas - ok
17:01:04.0246 0x1828  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:01:04.0340 0x1828  aspnet_state - ok
17:01:04.0377 0x1828  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:04.0524 0x1828  AsyncMac - ok
17:01:04.0544 0x1828  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:01:04.0558 0x1828  atapi - ok
17:01:04.0594 0x1828  [ DBB487D09F56C674430AC454FD8BCAB9, CF6413DD5D4876CE1F65E40115994423804AA5EA5CBDEB433DB751B445C17BB8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:01:04.0613 0x1828  AtiHDAudioService - ok
17:01:04.0655 0x1828  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:01:04.0693 0x1828  AudioEndpointBuilder - ok
17:01:04.0714 0x1828  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:01:04.0741 0x1828  AudioSrv - ok
17:01:04.0789 0x1828  [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:01:04.0818 0x1828  avgntflt - ok
17:01:04.0857 0x1828  [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:01:04.0876 0x1828  avipbb - ok
17:01:04.0923 0x1828  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
17:01:04.0940 0x1828  Avira.OE.ServiceHost - ok
17:01:04.0965 0x1828  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:01:04.0979 0x1828  avkmgr - ok
17:01:05.0025 0x1828  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
17:01:05.0040 0x1828  avnetflt - ok
17:01:05.0070 0x1828  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:01:05.0143 0x1828  AxInstSV - ok
17:01:05.0177 0x1828  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:01:05.0258 0x1828  b06bdrv - ok
17:01:05.0305 0x1828  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:01:05.0401 0x1828  b57nd60a - ok
17:01:05.0456 0x1828  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:01:05.0485 0x1828  BDESVC - ok
17:01:05.0497 0x1828  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:01:05.0548 0x1828  Beep - ok
17:01:05.0629 0x1828  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:01:05.0675 0x1828  BFE - ok
17:01:05.0745 0x1828  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:01:05.0835 0x1828  BITS - ok
17:01:05.0858 0x1828  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:01:05.0881 0x1828  blbdrive - ok
17:01:05.0951 0x1828  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:01:05.0976 0x1828  Bonjour Service - ok
17:01:06.0007 0x1828  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:01:06.0039 0x1828  bowser - ok
17:01:06.0067 0x1828  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:01:06.0100 0x1828  BrFiltLo - ok
17:01:06.0123 0x1828  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:01:06.0138 0x1828  BrFiltUp - ok
17:01:06.0168 0x1828  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:01:06.0203 0x1828  Browser - ok
17:01:06.0243 0x1828  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:01:06.0293 0x1828  Brserid - ok
17:01:06.0306 0x1828  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:01:06.0336 0x1828  BrSerWdm - ok
17:01:06.0360 0x1828  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:01:06.0377 0x1828  BrUsbMdm - ok
17:01:06.0399 0x1828  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:01:06.0413 0x1828  BrUsbSer - ok
17:01:06.0427 0x1828  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:01:06.0454 0x1828  BTHMODEM - ok
17:01:06.0483 0x1828  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:01:06.0517 0x1828  bthserv - ok
17:01:06.0537 0x1828  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:01:06.0571 0x1828  cdfs - ok
17:01:06.0622 0x1828  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:01:06.0701 0x1828  cdrom - ok
17:01:06.0738 0x1828  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:01:06.0822 0x1828  CertPropSvc - ok
17:01:06.0828 0x1828  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:01:06.0860 0x1828  circlass - ok
17:01:06.0897 0x1828  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
17:01:06.0919 0x1828  CLFS - ok
17:01:06.0976 0x1828  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:07.0006 0x1828  clr_optimization_v2.0.50727_32 - ok
17:01:07.0039 0x1828  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:01:07.0058 0x1828  clr_optimization_v2.0.50727_64 - ok
17:01:07.0118 0x1828  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:07.0156 0x1828  clr_optimization_v4.0.30319_32 - ok
17:01:07.0192 0x1828  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:01:07.0306 0x1828  clr_optimization_v4.0.30319_64 - ok
17:01:07.0331 0x1828  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:01:07.0356 0x1828  CmBatt - ok
17:01:07.0388 0x1828  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:01:07.0415 0x1828  cmdide - ok
17:01:07.0454 0x1828  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:01:07.0493 0x1828  CNG - ok
17:01:07.0520 0x1828  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:01:07.0531 0x1828  Compbatt - ok
17:01:07.0537 0x1828  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:01:07.0565 0x1828  CompositeBus - ok
17:01:07.0570 0x1828  COMSysApp - ok
17:01:07.0591 0x1828  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:01:07.0602 0x1828  crcdisk - ok
17:01:07.0652 0x1828  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:01:07.0701 0x1828  CryptSvc - ok
17:01:07.0826 0x1828  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:01:07.0863 0x1828  cvhsvc - ok
17:01:07.0900 0x1828  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:01:07.0945 0x1828  DcomLaunch - ok
17:01:07.0984 0x1828  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:01:08.0041 0x1828  defragsvc - ok
17:01:08.0063 0x1828  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:01:08.0109 0x1828  DfsC - ok
17:01:08.0144 0x1828  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:01:08.0213 0x1828  Dhcp - ok
17:01:08.0363 0x1828  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
17:01:08.0463 0x1828  DiagTrack - ok
17:01:08.0482 0x1828  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:01:08.0515 0x1828  discache - ok
17:01:08.0531 0x1828  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
17:01:08.0544 0x1828  Disk - ok
17:01:08.0579 0x1828  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:01:08.0648 0x1828  Dnscache - ok
17:01:08.0669 0x1828  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:01:08.0718 0x1828  dot3svc - ok
17:01:08.0739 0x1828  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:01:08.0781 0x1828  DPS - ok
17:01:08.0813 0x1828  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:01:08.0868 0x1828  drmkaud - ok
17:01:08.0959 0x1828  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:01:09.0001 0x1828  DXGKrnl - ok
17:01:09.0038 0x1828  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:01:09.0072 0x1828  EapHost - ok
17:01:09.0180 0x1828  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:01:09.0333 0x1828  ebdrv - ok
17:01:09.0366 0x1828  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\Windows\System32\lsass.exe
17:01:09.0427 0x1828  EFS - ok
17:01:09.0499 0x1828  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:01:09.0558 0x1828  ehRecvr - ok
17:01:09.0580 0x1828  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:01:09.0610 0x1828  ehSched - ok
17:01:09.0650 0x1828  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:01:09.0676 0x1828  elxstor - ok
17:01:09.0689 0x1828  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:01:09.0712 0x1828  ErrDev - ok
17:01:09.0751 0x1828  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:01:09.0804 0x1828  EventSystem - ok
17:01:09.0852 0x1828  [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
17:01:09.0904 0x1828  ewusbnet - ok
17:01:09.0950 0x1828  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:01:10.0017 0x1828  exfat - ok
17:01:10.0074 0x1828  Fabs - ok
17:01:10.0107 0x1828  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:01:10.0156 0x1828  fastfat - ok
17:01:10.0191 0x1828  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:01:10.0262 0x1828  Fax - ok
17:01:10.0295 0x1828  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
17:01:10.0311 0x1828  fdc - ok
17:01:10.0317 0x1828  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:01:10.0353 0x1828  fdPHost - ok
17:01:10.0412 0x1828  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:01:10.0484 0x1828  FDResPub - ok
17:01:10.0531 0x1828  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:01:10.0544 0x1828  FileInfo - ok
17:01:10.0549 0x1828  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:01:10.0597 0x1828  Filetrace - ok
17:01:10.0707 0x1828  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
17:01:10.0855 0x1828  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
17:01:13.0525 0x1828  Detect skipped due to KSN trusted
17:01:13.0527 0x1828  FirebirdServerMAGIXInstance - ok
17:01:13.0557 0x1828  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:01:13.0588 0x1828  flpydisk - ok
17:01:13.0620 0x1828  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:01:13.0644 0x1828  FltMgr - ok
17:01:13.0717 0x1828  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
17:01:13.0890 0x1828  FontCache - ok
17:01:13.0940 0x1828  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:01:13.0955 0x1828  FontCache3.0.0.0 - ok
17:01:13.0972 0x1828  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:01:13.0988 0x1828  FsDepends - ok
17:01:14.0009 0x1828  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:01:14.0021 0x1828  Fs_Rec - ok
17:01:14.0054 0x1828  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:01:14.0075 0x1828  fvevol - ok
17:01:14.0098 0x1828  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:01:14.0110 0x1828  gagp30kx - ok
17:01:14.0143 0x1828  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:01:14.0153 0x1828  GEARAspiWDM - ok
17:01:14.0187 0x1828  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:01:14.0249 0x1828  gpsvc - ok
17:01:14.0343 0x1828  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:01:14.0374 0x1828  gupdate - ok
17:01:14.0389 0x1828  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:01:14.0403 0x1828  gupdatem - ok
17:01:14.0415 0x1828  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:01:14.0489 0x1828  hcw85cir - ok
17:01:14.0560 0x1828  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:01:14.0604 0x1828  HdAudAddService - ok
17:01:14.0626 0x1828  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:01:14.0661 0x1828  HDAudBus - ok
17:01:14.0692 0x1828  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:01:14.0707 0x1828  HidBatt - ok
17:01:14.0725 0x1828  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:01:14.0746 0x1828  HidBth - ok
17:01:14.0807 0x1828  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:01:14.0863 0x1828  HidIr - ok
17:01:14.0890 0x1828  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:01:14.0957 0x1828  hidserv - ok
17:01:14.0984 0x1828  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:01:15.0019 0x1828  HidUsb - ok
17:01:15.0046 0x1828  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:01:15.0097 0x1828  hkmsvc - ok
17:01:15.0117 0x1828  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:01:15.0136 0x1828  HomeGroupListener - ok
17:01:15.0169 0x1828  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:01:15.0195 0x1828  HomeGroupProvider - ok
17:01:15.0213 0x1828  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:01:15.0225 0x1828  HpSAMD - ok
17:01:15.0279 0x1828  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:01:15.0340 0x1828  HTTP - ok
17:01:15.0368 0x1828  [ 4B5C07DB91A0099272FAAE732E1152BD, E0408F85A2E1E310F5143A01A34456F120875D21E0E9D0A9F9EBC96514CFC47C ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:01:15.0402 0x1828  hwdatacard - ok
17:01:15.0412 0x1828  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:01:15.0423 0x1828  hwpolicy - ok
17:01:15.0468 0x1828  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:01:15.0496 0x1828  i8042prt - ok
17:01:15.0525 0x1828  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:01:15.0553 0x1828  iaStorV - ok
17:01:15.0614 0x1828  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:01:15.0659 0x1828  idsvc - ok
17:01:15.0676 0x1828  IEEtwCollectorService - ok
17:01:15.0894 0x1828  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:01:16.0155 0x1828  igfx - ok
17:01:16.0182 0x1828  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:01:16.0194 0x1828  iirsp - ok
17:01:16.0243 0x1828  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:01:16.0296 0x1828  IKEEXT - ok
17:01:16.0445 0x1828  [ 8F6ED52134EBB4CE2953EC37C9275497, 5381A9CBB0C05F447E6DCD18EAF195A6CDC934A04792C8865814A46E5B883308 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:01:16.0642 0x1828  IntcAzAudAddService - ok
17:01:16.0669 0x1828  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:01:16.0680 0x1828  intelide - ok
17:01:16.0693 0x1828  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
17:01:16.0721 0x1828  intelppm - ok
17:01:16.0743 0x1828  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:01:16.0779 0x1828  IPBusEnum - ok
17:01:16.0801 0x1828  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:16.0845 0x1828  IpFilterDriver - ok
17:01:16.0881 0x1828  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:01:16.0971 0x1828  iphlpsvc - ok
17:01:16.0988 0x1828  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:01:17.0023 0x1828  IPMIDRV - ok
17:01:17.0049 0x1828  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:01:17.0084 0x1828  IPNAT - ok
17:01:17.0181 0x1828  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:01:17.0210 0x1828  iPod Service - ok
17:01:17.0225 0x1828  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:01:17.0241 0x1828  IRENUM - ok
17:01:17.0262 0x1828  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:01:17.0274 0x1828  isapnp - ok
17:01:17.0313 0x1828  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:01:17.0331 0x1828  iScsiPrt - ok
17:01:17.0380 0x1828  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:17.0392 0x1828  kbdclass - ok
17:01:17.0414 0x1828  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:17.0439 0x1828  kbdhid - ok
17:01:17.0456 0x1828  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
17:01:17.0467 0x1828  KeyIso - ok
17:01:17.0492 0x1828  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:01:17.0505 0x1828  KSecDD - ok
17:01:17.0519 0x1828  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:01:17.0534 0x1828  KSecPkg - ok
17:01:17.0553 0x1828  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:01:17.0585 0x1828  ksthunk - ok
17:01:17.0632 0x1828  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:01:17.0691 0x1828  KtmRm - ok
17:01:17.0723 0x1828  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:01:17.0771 0x1828  LanmanServer - ok
17:01:17.0810 0x1828  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:17.0862 0x1828  LanmanWorkstation - ok
17:01:17.0883 0x1828  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:01:17.0924 0x1828  lltdio - ok
17:01:17.0968 0x1828  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:01:18.0024 0x1828  lltdsvc - ok
17:01:18.0038 0x1828  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:01:18.0082 0x1828  lmhosts - ok
17:01:18.0100 0x1828  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:01:18.0114 0x1828  LSI_FC - ok
17:01:18.0132 0x1828  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:01:18.0146 0x1828  LSI_SAS - ok
17:01:18.0160 0x1828  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:01:18.0172 0x1828  LSI_SAS2 - ok
17:01:18.0196 0x1828  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:01:18.0209 0x1828  LSI_SCSI - ok
17:01:18.0235 0x1828  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:01:18.0279 0x1828  luafv - ok
17:01:18.0302 0x1828  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:01:18.0317 0x1828  Mcx2Svc - ok
17:01:18.0331 0x1828  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:01:18.0342 0x1828  megasas - ok
17:01:18.0364 0x1828  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:01:18.0382 0x1828  MegaSR - ok
17:01:18.0397 0x1828  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:01:18.0431 0x1828  MMCSS - ok
17:01:18.0446 0x1828  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:01:18.0485 0x1828  Modem - ok
17:01:18.0512 0x1828  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:01:18.0538 0x1828  monitor - ok
17:01:18.0573 0x1828  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:01:18.0587 0x1828  mouclass - ok
17:01:18.0604 0x1828  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:01:18.0618 0x1828  mouhid - ok
17:01:18.0673 0x1828  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:01:18.0689 0x1828  mountmgr - ok
17:01:18.0764 0x1828  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:01:18.0796 0x1828  MozillaMaintenance - ok
17:01:18.0818 0x1828  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:01:18.0836 0x1828  mpio - ok
17:01:18.0864 0x1828  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:01:18.0900 0x1828  mpsdrv - ok
17:01:18.0935 0x1828  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:01:18.0989 0x1828  MpsSvc - ok
17:01:19.0024 0x1828  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:01:19.0083 0x1828  MRxDAV - ok
17:01:19.0122 0x1828  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:19.0151 0x1828  mrxsmb - ok
17:01:19.0179 0x1828  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:19.0204 0x1828  mrxsmb10 - ok
17:01:19.0218 0x1828  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:19.0249 0x1828  mrxsmb20 - ok
17:01:19.0274 0x1828  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:01:19.0285 0x1828  msahci - ok
17:01:19.0298 0x1828  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:01:19.0313 0x1828  msdsm - ok
17:01:19.0325 0x1828  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:01:19.0342 0x1828  MSDTC - ok
17:01:19.0364 0x1828  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:01:19.0396 0x1828  Msfs - ok
17:01:19.0412 0x1828  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:01:19.0460 0x1828  mshidkmdf - ok
17:01:19.0490 0x1828  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:01:19.0501 0x1828  msisadrv - ok
17:01:19.0525 0x1828  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:01:19.0574 0x1828  MSiSCSI - ok
17:01:19.0579 0x1828  msiserver - ok
17:01:19.0600 0x1828  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:01:19.0646 0x1828  MSKSSRV - ok
17:01:19.0668 0x1828  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:19.0711 0x1828  MSPCLOCK - ok
17:01:19.0724 0x1828  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:01:19.0764 0x1828  MSPQM - ok
17:01:19.0794 0x1828  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:01:19.0814 0x1828  MsRPC - ok
17:01:19.0827 0x1828  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:01:19.0839 0x1828  mssmbios - ok
17:01:19.0850 0x1828  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:01:19.0899 0x1828  MSTEE - ok
17:01:19.0917 0x1828  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:01:19.0939 0x1828  MTConfig - ok
17:01:19.0961 0x1828  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:01:19.0973 0x1828  Mup - ok
17:01:20.0014 0x1828  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:01:20.0067 0x1828  napagent - ok
17:01:20.0105 0x1828  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:01:20.0149 0x1828  NativeWifiP - ok
17:01:20.0210 0x1828  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:01:20.0250 0x1828  NDIS - ok
17:01:20.0275 0x1828  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:01:20.0321 0x1828  NdisCap - ok
17:01:20.0357 0x1828  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:20.0429 0x1828  NdisTapi - ok
17:01:20.0464 0x1828  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:20.0495 0x1828  Ndisuio - ok
17:01:20.0513 0x1828  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:20.0560 0x1828  NdisWan - ok
17:01:20.0581 0x1828  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:01:20.0614 0x1828  NDProxy - ok
17:01:20.0624 0x1828  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:01:20.0667 0x1828  NetBIOS - ok
17:01:20.0696 0x1828  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:01:20.0733 0x1828  NetBT - ok
17:01:20.0745 0x1828  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
17:01:20.0756 0x1828  Netlogon - ok
17:01:20.0797 0x1828  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:01:20.0851 0x1828  Netman - ok
17:01:20.0913 0x1828  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:21.0017 0x1828  NetMsmqActivator - ok
17:01:21.0026 0x1828  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:21.0045 0x1828  NetPipeActivator - ok
17:01:21.0079 0x1828  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:01:21.0138 0x1828  netprofm - ok
17:01:21.0146 0x1828  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:21.0162 0x1828  NetTcpActivator - ok
17:01:21.0169 0x1828  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:21.0185 0x1828  NetTcpPortSharing - ok
17:01:21.0205 0x1828  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:01:21.0217 0x1828  nfrd960 - ok
17:01:21.0274 0x1828  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:01:21.0328 0x1828  NlaSvc - ok
17:01:21.0347 0x1828  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:01:21.0400 0x1828  Npfs - ok
17:01:21.0429 0x1828  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:01:21.0462 0x1828  nsi - ok
17:01:21.0467 0x1828  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:01:21.0499 0x1828  nsiproxy - ok
17:01:21.0577 0x1828  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:01:21.0688 0x1828  Ntfs - ok
17:01:21.0703 0x1828  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:01:21.0735 0x1828  Null - ok
17:01:22.0150 0x1828  [ DD81FBC57AB9134CDDC5CE90880BFD80, 16DF4D9645238D1014FA9189FF171DCF7B7C7573F759B5AC73025518139D86B1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:01:22.0589 0x1828  nvlddmkm - ok
17:01:22.0650 0x1828  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:01:22.0664 0x1828  nvraid - ok
17:01:22.0686 0x1828  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:01:22.0701 0x1828  nvstor - ok
17:01:22.0727 0x1828  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:01:22.0741 0x1828  nv_agp - ok
17:01:22.0772 0x1828  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:01:22.0802 0x1828  ohci1394 - ok
17:01:22.0859 0x1828  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:01:22.0885 0x1828  ose - ok
17:01:23.0135 0x1828  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:01:23.0353 0x1828  osppsvc - ok
17:01:23.0386 0x1828  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:01:23.0519 0x1828  p2pimsvc - ok
17:01:23.0558 0x1828  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:01:23.0603 0x1828  p2psvc - ok
17:01:23.0622 0x1828  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
17:01:23.0654 0x1828  Parport - ok
17:01:23.0674 0x1828  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:01:23.0686 0x1828  partmgr - ok
17:01:23.0720 0x1828  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:01:23.0789 0x1828  PcaSvc - ok
17:01:23.0811 0x1828  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:01:23.0831 0x1828  pci - ok
17:01:23.0846 0x1828  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:01:23.0857 0x1828  pciide - ok
17:01:23.0874 0x1828  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:01:23.0892 0x1828  pcmcia - ok
17:01:23.0918 0x1828  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:01:23.0930 0x1828  pcw - ok
17:01:23.0961 0x1828  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:01:23.0990 0x1828  PEAUTH - ok
17:01:24.0069 0x1828  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:01:24.0118 0x1828  PerfHost - ok
17:01:24.0195 0x1828  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:01:24.0308 0x1828  pla - ok
17:01:24.0359 0x1828  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:01:24.0397 0x1828  PlugPlay - ok
17:01:24.0409 0x1828  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:01:24.0440 0x1828  PNRPAutoReg - ok
17:01:24.0452 0x1828  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:01:24.0472 0x1828  PNRPsvc - ok
17:01:24.0515 0x1828  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:01:24.0572 0x1828  PolicyAgent - ok
17:01:24.0602 0x1828  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:01:24.0659 0x1828  Power - ok
17:01:24.0692 0x1828  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:01:24.0735 0x1828  PptpMiniport - ok
17:01:24.0758 0x1828  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
17:01:24.0783 0x1828  Processor - ok
17:01:24.0840 0x1828  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:01:24.0889 0x1828  ProfSvc - ok
17:01:24.0900 0x1828  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:24.0924 0x1828  ProtectedStorage - ok
17:01:24.0944 0x1828  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:01:24.0995 0x1828  Psched - ok
17:01:25.0025 0x1828  [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:01:25.0037 0x1828  PSI_SVC_2 - ok
17:01:25.0063 0x1828  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:01:25.0074 0x1828  PxHlpa64 - ok
17:01:25.0145 0x1828  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:01:25.0254 0x1828  ql2300 - ok
17:01:25.0265 0x1828  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:01:25.0279 0x1828  ql40xx - ok
17:01:25.0318 0x1828  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:01:25.0342 0x1828  QWAVE - ok
17:01:25.0363 0x1828  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:01:25.0395 0x1828  QWAVEdrv - ok
17:01:25.0416 0x1828  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:01:25.0448 0x1828  RasAcd - ok
17:01:25.0484 0x1828  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:01:25.0534 0x1828  RasAgileVpn - ok
17:01:25.0558 0x1828  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:01:25.0609 0x1828  RasAuto - ok
17:01:25.0632 0x1828  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:25.0666 0x1828  Rasl2tp - ok
17:01:25.0679 0x1828  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:01:25.0720 0x1828  RasMan - ok
17:01:25.0730 0x1828  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:25.0764 0x1828  RasPppoe - ok
17:01:25.0787 0x1828  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:01:25.0836 0x1828  RasSstp - ok
17:01:25.0865 0x1828  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:01:25.0917 0x1828  rdbss - ok
17:01:25.0933 0x1828  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:01:25.0955 0x1828  rdpbus - ok
17:01:25.0970 0x1828  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:26.0001 0x1828  RDPCDD - ok
17:01:26.0013 0x1828  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:01:26.0055 0x1828  RDPENCDD - ok
17:01:26.0080 0x1828  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:01:26.0111 0x1828  RDPREFMP - ok
17:01:26.0182 0x1828  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:01:26.0249 0x1828  RdpVideoMiniport - ok
17:01:26.0298 0x1828  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:01:26.0354 0x1828  RDPWD - ok
17:01:26.0370 0x1828  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:01:26.0389 0x1828  rdyboost - ok
17:01:26.0413 0x1828  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:01:26.0448 0x1828  RemoteAccess - ok
17:01:26.0464 0x1828  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:01:26.0518 0x1828  RemoteRegistry - ok
17:01:26.0550 0x1828  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:01:26.0585 0x1828  RpcEptMapper - ok
17:01:26.0613 0x1828  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:01:26.0625 0x1828  RpcLocator - ok
17:01:26.0656 0x1828  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:01:26.0700 0x1828  RpcSs - ok
17:01:26.0725 0x1828  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675, 2CDE31DEB899BAC801A9E4EFE15582B80D9B35921C4B92CB2E1E6BEFB7E3EB9C ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
17:01:26.0736 0x1828  RRNetCap - ok
17:01:26.0740 0x1828  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675, 2CDE31DEB899BAC801A9E4EFE15582B80D9B35921C4B92CB2E1E6BEFB7E3EB9C ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
17:01:26.0749 0x1828  RRNetCapMP - ok
17:01:26.0768 0x1828  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:01:26.0801 0x1828  rspndr - ok
17:01:26.0836 0x1828  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:01:26.0860 0x1828  RTL8167 - ok
17:01:26.0911 0x1828  [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
17:01:26.0940 0x1828  RTL8192su - ok
17:01:26.0956 0x1828  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\Windows\system32\lsass.exe
17:01:26.0967 0x1828  SamSs - ok
17:01:26.0999 0x1828  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:01:27.0012 0x1828  sbp2port - ok
17:01:27.0032 0x1828  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:01:27.0070 0x1828  SCardSvr - ok
17:01:27.0076 0x1828  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:01:27.0118 0x1828  scfilter - ok
17:01:27.0161 0x1828  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:01:27.0231 0x1828  Schedule - ok
17:01:27.0258 0x1828  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:01:27.0290 0x1828  SCPolicySvc - ok
17:01:27.0299 0x1828  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:01:27.0329 0x1828  SDRSVC - ok
17:01:27.0439 0x1828  [ 206387AB881E93A1A6EB89966C8651F1, 3BF9DFF3E70F0787F7F94BE5B9717DFADD9E13AB8154FAE295CEAC834F0835E5 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:01:27.0479 0x1828  SDScannerService - ok
17:01:27.0570 0x1828  [ A529CFE32565C0B145578FFB2B32C9A5, 4B1596CBDDA74D510707FD475AAB3A89B1203E0B95ECAE3756CAA56555F9F66D ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:01:27.0614 0x1828  SDUpdateService - ok
17:01:27.0652 0x1828  [ CB63BDB77BB86549FC3303C2F11EDC18, 1C96C082B9CE08C8F3C088D5DE68BA8783E6F6A837A88E2654BC4CBCF7B81846 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:01:27.0666 0x1828  SDWSCService - ok
17:01:27.0680 0x1828  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:01:27.0725 0x1828  secdrv - ok
17:01:27.0746 0x1828  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:01:27.0788 0x1828  seclogon - ok
17:01:27.0801 0x1828  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:01:27.0835 0x1828  SENS - ok
17:01:27.0853 0x1828  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:01:27.0900 0x1828  SensrSvc - ok
17:01:27.0921 0x1828  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:01:27.0933 0x1828  Serenum - ok
17:01:27.0967 0x1828  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
17:01:27.0993 0x1828  Serial - ok
17:01:28.0020 0x1828  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:01:28.0042 0x1828  sermouse - ok
17:01:28.0074 0x1828  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:01:28.0120 0x1828  SessionEnv - ok
17:01:28.0141 0x1828  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:01:28.0171 0x1828  sffdisk - ok
17:01:28.0202 0x1828  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:01:28.0246 0x1828  sffp_mmc - ok
17:01:28.0271 0x1828  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:01:28.0288 0x1828  sffp_sd - ok
17:01:28.0302 0x1828  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:01:28.0329 0x1828  sfloppy - ok
17:01:28.0395 0x1828  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:01:28.0430 0x1828  Sftfs - ok
17:01:28.0520 0x1828  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:01:28.0552 0x1828  sftlist - ok
17:01:28.0573 0x1828  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:01:28.0591 0x1828  Sftplay - ok
17:01:28.0597 0x1828  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:01:28.0609 0x1828  Sftredir - ok
17:01:28.0627 0x1828  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:01:28.0638 0x1828  Sftvol - ok
17:01:28.0670 0x1828  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:01:28.0685 0x1828  sftvsa - ok
17:01:28.0720 0x1828  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:01:28.0770 0x1828  SharedAccess - ok
17:01:28.0784 0x1828  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:28.0830 0x1828  ShellHWDetection - ok
17:01:28.0853 0x1828  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:01:28.0865 0x1828  SiSRaid2 - ok
17:01:28.0897 0x1828  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:01:28.0920 0x1828  SiSRaid4 - ok
17:01:28.0993 0x1828  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:01:29.0022 0x1828  SkypeUpdate - ok
17:01:29.0043 0x1828  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:01:29.0089 0x1828  Smb - ok
17:01:29.0114 0x1828  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:01:29.0128 0x1828  SNMPTRAP - ok
17:01:29.0150 0x1828  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:01:29.0161 0x1828  spldr - ok
17:01:29.0196 0x1828  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:01:29.0249 0x1828  Spooler - ok
17:01:29.0393 0x1828  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:01:29.0590 0x1828  sppsvc - ok
17:01:29.0614 0x1828  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:01:29.0658 0x1828  sppuinotify - ok
17:01:29.0692 0x1828  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:01:29.0763 0x1828  srv - ok
17:01:29.0796 0x1828  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:01:29.0843 0x1828  srv2 - ok
17:01:29.0875 0x1828  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:01:29.0912 0x1828  srvnet - ok
17:01:29.0939 0x1828  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:01:29.0976 0x1828  SSDPSRV - ok
17:01:29.0995 0x1828  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:01:30.0041 0x1828  SstpSvc - ok
17:01:30.0072 0x1828  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:01:30.0084 0x1828  stexstor - ok
17:01:30.0130 0x1828  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:01:30.0178 0x1828  stisvc - ok
17:01:30.0192 0x1828  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:01:30.0203 0x1828  swenum - ok
17:01:30.0231 0x1828  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:01:30.0278 0x1828  swprv - ok
17:01:30.0345 0x1828  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:01:30.0483 0x1828  SysMain - ok
17:01:30.0506 0x1828  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:30.0526 0x1828  TabletInputService - ok
17:01:30.0548 0x1828  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:01:30.0597 0x1828  TapiSrv - ok
17:01:30.0622 0x1828  [ 4430E9B4C60AAB672D16E801BAD0555E, 9D9208FD66CF23BE03484C3C335E927D6914A405FED6A8D5B2878BA4F59203DE ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
17:01:30.0632 0x1828  tbhsd - ok
17:01:30.0644 0x1828  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:01:30.0689 0x1828  TBS - ok
17:01:30.0816 0x1828  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:01:30.0934 0x1828  Tcpip - ok
17:01:30.0998 0x1828  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:01:31.0056 0x1828  TCPIP6 - ok
17:01:31.0095 0x1828  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:01:31.0107 0x1828  tcpipreg - ok
17:01:31.0135 0x1828  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:01:31.0170 0x1828  TDPIPE - ok
17:01:31.0204 0x1828  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:01:31.0236 0x1828  TDTCP - ok
17:01:31.0290 0x1828  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:01:31.0335 0x1828  tdx - ok
17:01:31.0358 0x1828  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:01:31.0379 0x1828  TermDD - ok
17:01:31.0427 0x1828  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
17:01:31.0496 0x1828  TermService - ok
17:01:31.0515 0x1828  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:01:31.0551 0x1828  Themes - ok
17:01:31.0571 0x1828  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:01:31.0604 0x1828  THREADORDER - ok
17:01:31.0622 0x1828  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:01:31.0658 0x1828  TrkWks - ok
17:01:31.0715 0x1828  [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
17:01:31.0755 0x1828  truecrypt - ok
17:01:31.0789 0x1828  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:31.0828 0x1828  TrustedInstaller - ok
17:01:31.0870 0x1828  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:31.0900 0x1828  tssecsrv - ok
17:01:31.0946 0x1828  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:01:31.0967 0x1828  TsUsbFlt - ok
17:01:31.0995 0x1828  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:01:32.0037 0x1828  TsUsbGD - ok
17:01:32.0059 0x1828  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:01:32.0112 0x1828  tunnel - ok
17:01:32.0138 0x1828  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:01:32.0151 0x1828  uagp35 - ok
17:01:32.0171 0x1828  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:01:32.0211 0x1828  udfs - ok
17:01:32.0234 0x1828  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:01:32.0267 0x1828  UI0Detect - ok
17:01:32.0304 0x1828  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:01:32.0317 0x1828  uliagpkx - ok
17:01:32.0355 0x1828  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:01:32.0379 0x1828  umbus - ok
17:01:32.0392 0x1828  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:01:32.0404 0x1828  UmPass - ok
17:01:32.0437 0x1828  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:01:32.0493 0x1828  upnphost - ok
17:01:32.0537 0x1828  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:01:32.0576 0x1828  usbaudio - ok
17:01:32.0618 0x1828  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:32.0659 0x1828  usbccgp - ok
17:01:32.0702 0x1828  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:01:32.0733 0x1828  usbcir - ok
17:01:32.0757 0x1828  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:01:32.0773 0x1828  usbehci - ok
17:01:32.0814 0x1828  [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
17:01:32.0828 0x1828  usbfilter - ok
17:01:32.0850 0x1828  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:01:32.0873 0x1828  usbhub - ok
17:01:32.0895 0x1828  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:01:32.0906 0x1828  usbohci - ok
17:01:32.0939 0x1828  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:01:32.0982 0x1828  usbprint - ok
17:01:33.0013 0x1828  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:33.0038 0x1828  USBSTOR - ok
17:01:33.0059 0x1828  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:01:33.0073 0x1828  usbuhci - ok
17:01:33.0096 0x1828  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:01:33.0138 0x1828  UxSms - ok
17:01:33.0156 0x1828  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
17:01:33.0179 0x1828  VaultSvc - ok
17:01:33.0197 0x1828  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:01:33.0209 0x1828  vdrvroot - ok
17:01:33.0236 0x1828  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:01:33.0301 0x1828  vds - ok
17:01:33.0320 0x1828  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:33.0334 0x1828  vga - ok
17:01:33.0361 0x1828  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:01:33.0408 0x1828  VgaSave - ok
17:01:33.0435 0x1828  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:01:33.0452 0x1828  vhdmp - ok
17:01:33.0482 0x1828  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:01:33.0493 0x1828  viaide - ok
17:01:33.0550 0x1828  [ 1B0D441D8AB264D39C2B09130CC28045, 15589A3A30B05AAD35152289AAF42CB792198FD15B55D6A7D5E4C1CE58459680 ] VMCService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
17:01:33.0560 0x1828  VMCService - detected UnsignedFile.Multi.Generic ( 1 )
17:01:36.0241 0x1828  Detect skipped due to KSN trusted
17:01:36.0241 0x1828  VMCService - ok
17:01:36.0278 0x1828  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:01:36.0303 0x1828  volmgr - ok
17:01:36.0328 0x1828  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:01:36.0349 0x1828  volmgrx - ok
17:01:36.0386 0x1828  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:01:36.0405 0x1828  volsnap - ok
17:01:36.0436 0x1828  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:01:36.0452 0x1828  vsmraid - ok
17:01:36.0516 0x1828  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:01:36.0646 0x1828  VSS - ok
17:01:36.0671 0x1828  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:01:36.0685 0x1828  vwifibus - ok
17:01:36.0708 0x1828  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:01:36.0725 0x1828  vwififlt - ok
17:01:36.0743 0x1828  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:01:36.0803 0x1828  W32Time - ok
17:01:36.0823 0x1828  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:01:36.0852 0x1828  WacomPen - ok
17:01:36.0889 0x1828  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:01:36.0938 0x1828  WANARP - ok
17:01:36.0960 0x1828  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:01:36.0991 0x1828  Wanarpv6 - ok
17:01:37.0065 0x1828  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:01:37.0125 0x1828  WatAdminSvc - ok
17:01:37.0188 0x1828  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:01:37.0309 0x1828  wbengine - ok
17:01:37.0372 0x1828  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:01:37.0426 0x1828  WbioSrvc - ok
17:01:37.0459 0x1828  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:01:37.0491 0x1828  wcncsvc - ok
17:01:37.0507 0x1828  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:37.0560 0x1828  WcsPlugInService - ok
17:01:37.0577 0x1828  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
17:01:37.0592 0x1828  Wd - ok
17:01:37.0658 0x1828  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:01:37.0694 0x1828  Wdf01000 - ok
17:01:37.0742 0x1828  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:01:37.0766 0x1828  WdiServiceHost - ok
17:01:37.0771 0x1828  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:01:37.0784 0x1828  WdiSystemHost - ok
17:01:37.0824 0x1828  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
17:01:37.0897 0x1828  WebClient - ok
17:01:37.0914 0x1828  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:01:37.0959 0x1828  Wecsvc - ok
17:01:37.0971 0x1828  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:01:38.0007 0x1828  wercplsupport - ok
17:01:38.0019 0x1828  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:01:38.0071 0x1828  WerSvc - ok
17:01:38.0076 0x1828  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:01:38.0107 0x1828  WfpLwf - ok
17:01:38.0128 0x1828  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:01:38.0139 0x1828  WIMMount - ok
17:01:38.0152 0x1828  WinDefend - ok
17:01:38.0160 0x1828  WinHttpAutoProxySvc - ok
17:01:38.0200 0x1828  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:01:38.0256 0x1828  Winmgmt - ok
17:01:38.0367 0x1828  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
17:01:38.0485 0x1828  WinRM - ok
17:01:38.0534 0x1828  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
17:01:38.0548 0x1828  WinUsb - ok
17:01:38.0585 0x1828  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:01:38.0627 0x1828  Wlansvc - ok
17:01:38.0742 0x1828  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:01:38.0770 0x1828  wlcrasvc - ok
17:01:38.0948 0x1828  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:01:39.0015 0x1828  wlidsvc - ok
17:01:39.0044 0x1828  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:01:39.0055 0x1828  WmiAcpi - ok
17:01:39.0076 0x1828  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:01:39.0111 0x1828  wmiApSrv - ok
17:01:39.0124 0x1828  WMPNetworkSvc - ok
17:01:39.0150 0x1828  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:01:39.0189 0x1828  WPCSvc - ok
17:01:39.0208 0x1828  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:01:39.0246 0x1828  WPDBusEnum - ok
17:01:39.0252 0x1828  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:01:39.0301 0x1828  ws2ifsl - ok
17:01:39.0321 0x1828  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:01:39.0359 0x1828  wscsvc - ok
17:01:39.0363 0x1828  WSearch - ok
17:01:39.0411 0x1828  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA, 7EEB1B8F1430AFB06A18DC6107DBDD57EBBF473FF96F3578481EB89724823393 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
17:01:39.0423 0x1828  wsvd - ok
17:01:39.0528 0x1828  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:01:39.0731 0x1828  wuauserv - ok
17:01:39.0773 0x1828  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:01:39.0828 0x1828  WudfPf - ok
17:01:39.0849 0x1828  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
17:01:39.0865 0x1828  WUDFRd - ok
17:01:39.0900 0x1828  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:01:39.0914 0x1828  wudfsvc - ok
17:01:39.0947 0x1828  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:01:39.0979 0x1828  WwanSvc - ok
17:01:40.0014 0x1828  ================ Scan global ===============================
17:01:40.0037 0x1828  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:01:40.0061 0x1828  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
17:01:40.0075 0x1828  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
17:01:40.0092 0x1828  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:01:40.0129 0x1828  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:01:40.0139 0x1828  [ Global ] - ok
17:01:40.0139 0x1828  ================ Scan MBR ==================================
17:01:40.0148 0x1828  [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
17:01:42.0974 0x1828  \Device\Harddisk0\DR0 - ok
17:01:42.0981 0x1828  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:01:43.0828 0x1828  \Device\Harddisk1\DR1 - ok
17:01:43.0838 0x1828  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
17:01:43.0973 0x1828  \Device\Harddisk3\DR3 - ok
17:01:43.0980 0x1828  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR7
17:01:44.0113 0x1828  \Device\Harddisk5\DR7 - ok
17:01:44.0114 0x1828  ================ Scan VBR ==================================
17:01:44.0135 0x1828  [ EDD1B3901780B9213D4FC96A17D5FAB6 ] \Device\Harddisk0\DR0\Partition1
17:01:44.0176 0x1828  \Device\Harddisk0\DR0\Partition1 - ok
17:01:44.0209 0x1828  [ FA92D7C756E5B6EE75F4B4BA968F882B ] \Device\Harddisk0\DR0\Partition2
17:01:44.0262 0x1828  \Device\Harddisk0\DR0\Partition2 - ok
17:01:44.0278 0x1828  [ 91B467B0C2818BCA93D4211F419BB818 ] \Device\Harddisk0\DR0\Partition3
17:01:44.0281 0x1828  \Device\Harddisk0\DR0\Partition3 - ok
17:01:44.0288 0x1828  [ 775092D264CAF1D0F47CB4867E1746DD ] \Device\Harddisk1\DR1\Partition1
17:01:44.0355 0x1828  \Device\Harddisk1\DR1\Partition1 - ok
17:01:44.0365 0x1828  [ 8FE4FD0BD9BC3D0E26D1DFDC8EB0BD51 ] \Device\Harddisk3\DR3\Partition1
17:01:44.0368 0x1828  \Device\Harddisk3\DR3\Partition1 - ok
17:01:44.0377 0x1828  [ C329DB6F14AF6477CD6A153C4FB7884C ] \Device\Harddisk5\DR7\Partition1
17:01:44.0380 0x1828  \Device\Harddisk5\DR7\Partition1 - ok
17:01:44.0382 0x1828  ================ Scan generic autorun ======================
17:01:44.0804 0x1828  [ 21C497180254D3CDCF9984FA19F6EBA8, 824495B97516B32A7B35C33162BCBA2D91F70A5C4F691BA74AB70EA0766D623C ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:01:45.0093 0x1828  RTHDVCPL - ok
17:01:45.0200 0x1828  [ 7E25F1EFFDF50F702DE3D9E8F6B8CC47, F1857D2966D2A31DD067A7E8015842FC2757E4BFFEC961726D3C14947824C5C9 ] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
17:01:45.0231 0x1828  MedionReminder - ok
17:01:45.0368 0x1828  [ 647A1E2E56F99405D12867F6F8924B3D, 88EAF333EDC47D4A3F02D63688BDDB13F3A5ACD850719A2E8E16C3BAAD6B6191 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
17:01:45.0399 0x1828  AdobeAAMUpdater-1.0 - ok
17:01:45.0415 0x1828  [ 7E25F1EFFDF50F702DE3D9E8F6B8CC47, F1857D2966D2A31DD067A7E8015842FC2757E4BFFEC961726D3C14947824C5C9 ] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
17:01:45.0433 0x1828  MedionReminder - ok
17:01:45.0466 0x1828  [ 35048D8E8A0BF7A797CD5757ACD7EED0, 890FCF24869614B3990B575A588ECB35C25A5B896F21BF9C66D43C93787FDD7A ] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
17:01:45.0476 0x1828  CLMLServer - ok
17:01:45.0568 0x1828  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:01:45.0683 0x1828  Sidebar - ok
17:01:45.0715 0x1828  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:01:45.0737 0x1828  mctadmin - ok
17:01:45.0771 0x1828  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:01:45.0809 0x1828  Sidebar - ok
17:01:45.0817 0x1828  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:01:45.0835 0x1828  mctadmin - ok
17:01:45.0937 0x1828  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
17:01:46.0063 0x1828  Sidebar - ok
17:01:46.0147 0x1828  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\max\AppData\Local\Google\Update\GoogleUpdate.exe
17:01:46.0158 0x1828  Google Update - ok
17:01:46.0301 0x1828  [ 5C223AE56CCBFE082C7D6037EE584C09, 2F515ABBFB3A0DE9BF0E681F29481E637291E11A66EDD448958C31918CB71E02 ] C:\Program Files (x86)\Google\Google Talk\googletalk.exe
17:01:46.0451 0x1828  googletalk - detected UnsignedFile.Multi.Generic ( 1 )
17:01:49.0113 0x1828  Detect skipped due to KSN trusted
17:01:49.0114 0x1828  googletalk - ok
17:01:49.0279 0x1828  [ 1B2B3215F4B6B735813844AC1769E239, FCC4D5E52329531904637C19F0BA6EBD857CDFB814D3DCD799062D049FF2E485 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
17:01:49.0448 0x1828  Spybot-S&D Cleaning - ok
17:01:49.0455 0x1828  Facebook Update - ok
17:01:49.0458 0x1828  Waiting for KSN requests completion. In queue: 12
17:01:50.0458 0x1828  Waiting for KSN requests completion. In queue: 12
17:01:51.0459 0x1828  Waiting for KSN requests completion. In queue: 12
17:01:52.0815 0x1828  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x41000 ( enabled : updated )
17:01:52.0823 0x1828  Win FW state via NFP2: enabled
17:01:55.0541 0x1828  ============================================================
17:01:55.0541 0x1828  Scan finished
17:01:55.0541 0x1828  ============================================================
17:01:55.0561 0x14a0  Detected object count: 0
17:01:55.0561 0x14a0  Actual detected object count: 0
         
Log von MalwareBytes:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.16.02
  rootkit: v2015.05.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
max :: MAX-DIGITAL [administrator]

16.05.2015 16:32:33
mbar-log-2015-05-16 (16-32-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 408857
Time elapsed: 23 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Ist jetzt alles heile oder besteht noch Gefährdung? Bevor ich die Aktionen angeschben hatte, hatte ich ein ESET Scan durchgeführt

Alt 17.05.2015, 08:04   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Wir haben doch noch gar nix gemacht


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-4281635434-313555713-1316966940-1002\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.22229 - Ask.com) <==== ATTENTION

    iLivid


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 17:51   #10
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



OK, wird sofort erledigt und danke schon mal.

Alt 28.05.2015, 09:13   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2015, 17:27   #12
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Also habe avira deaktiviert (Schirmchen-Symbol in der Taskleiste war geschlossen), avira hat beim Start von combofix trotzdem eine Meldung herausgegeben. Spybot habe ich komplett deaktiviert, nachdem combofix beim Start gemeckert hat. Dann lief combofix komplett durch und hat den Rechner neu gestartet. Danach dann das Logfile geschrieben und hier ist es:
Code:
ATTFilter
ComboFix 15-05-28.01 - max 29.05.2015  17:59:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3576.1938 [GMT 2:00]
ausgeführt von:: c:\users\max\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\max\AppData\Local\Adobe\gccheck.exe
c:\users\max\AppData\Local\Adobe\gtbcheck.exe
c:\users\max\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\max\AppData\Roaming\.#
c:\users\Public\sdelevURL.tmp
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-29  ))))))))))))))))))))))))))))))
.
.
2015-05-29 15:29 . 2015-05-29 15:29	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1D1FE7-0E4C-4A7E-A751-AF6B5263C04D}\offreg.6428.dll
2015-05-29 15:20 . 2015-05-29 15:20	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-05-29 15:07 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A1D1FE7-0E4C-4A7E-A751-AF6B5263C04D}\mpengine.dll
2015-05-24 21:54 . 2015-05-24 21:54	0	----a-w-	c:\windows\SysWow64\shoAD5F.tmp
2015-05-22 12:48 . 2015-04-11 03:19	69888	----a-w-	c:\windows\system32\drivers\stream.sys
2015-05-16 14:32 . 2015-05-16 14:32	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-16 14:32 . 2015-05-16 14:56	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-16 14:32 . 2015-05-16 14:32	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-16 14:31 . 2015-05-16 14:31	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-16 14:07 . 2015-03-14 03:21	82944	----a-w-	c:\windows\system32\dwmapi.dll
2015-05-16 14:07 . 2015-03-14 03:21	1632768	----a-w-	c:\windows\system32\dwmcore.dll
2015-05-16 14:07 . 2015-03-14 03:04	67584	----a-w-	c:\windows\SysWow64\dwmapi.dll
2015-05-16 14:07 . 2015-03-14 03:04	1372160	----a-w-	c:\windows\SysWow64\dwmcore.dll
2015-05-15 04:22 . 2015-05-15 04:22	0	----a-w-	c:\windows\SysWow64\shoDAF5.tmp
2015-05-15 04:03 . 2015-05-15 04:18	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2015-05-15 03:59 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 03:59 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 03:53 . 2015-04-27 19:23	1254400	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-15 03:52 . 2015-04-27 19:23	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-05-15 03:49 . 2015-04-08 03:29	1736192	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2015-05-06 02:32 . 2015-05-07 17:48	--------	d-----w-	C:\FRST
2015-05-04 16:41 . 2015-05-04 16:42	--------	d-----w-	c:\windows\SysWow64\4338~1
2015-05-03 11:34 . 2015-05-03 11:34	--------	d-----w-	c:\program files (x86)\ESET
2015-05-03 10:59 . 2015-05-03 11:00	--------	d-----w-	c:\windows\SysWow64\9451~1
2015-05-03 08:59 . 2015-05-03 08:59	--------	d-----w-	c:\windows\SysWow64\900F~1
2015-05-03 06:59 . 2015-05-03 06:59	--------	d-----w-	c:\windows\SysWow64\P141F~1
2015-05-03 04:59 . 2015-05-03 04:59	--------	d-----w-	c:\windows\SysWow64\V6C90~1
2015-05-03 02:59 . 2015-05-03 02:59	--------	d-----w-	c:\windows\SysWow64\EE0E~1
2015-05-03 00:59 . 2015-05-03 00:59	--------	d-----w-	c:\windows\SysWow64\D40C7~1
2015-05-02 22:59 . 2015-05-02 22:59	--------	d-----w-	c:\windows\SysWow64\2189~1
2015-05-02 20:59 . 2015-05-02 21:00	--------	d-----w-	c:\windows\SysWow64\`A2CF~1
2015-05-02 18:59 . 2015-05-02 18:59	--------	d-----w-	c:\windows\SysWow64\XC200~1
2015-05-02 16:59 . 2015-05-02 17:00	--------	d-----w-	c:\windows\SysWow64\`1B28~1
2015-05-02 14:59 . 2015-05-02 15:00	--------	d-----w-	c:\windows\SysWow64\X1A99~1
2015-05-02 12:59 . 2015-05-02 13:00	--------	d-----w-	c:\windows\SysWow64\1F20~1
2015-05-02 10:59 . 2015-05-02 10:59	--------	d-----w-	c:\windows\SysWow64\D135~1
2015-05-02 08:59 . 2015-05-02 09:00	--------	d-----w-	c:\windows\SysWow64\128A~1
2015-05-02 06:59 . 2015-05-02 06:59	--------	d-----w-	c:\windows\SysWow64\P9868~1
2015-05-01 22:59 . 2015-05-01 22:59	--------	d-----w-	c:\windows\SysWow64\1B4E~1
2015-05-01 20:59 . 2015-05-01 21:00	--------	d-----w-	c:\windows\SysWow64\1AC3~1
2015-05-01 18:59 . 2015-05-01 18:59	--------	d-----w-	c:\windows\SysWow64\2FD9~1
2015-05-01 16:59 . 2015-05-01 16:59	--------	d-----w-	c:\windows\SysWow64\Y3DF1~1
2015-05-01 12:59 . 2015-05-01 13:00	--------	d-----w-	c:\windows\SysWow64\4FE6~1
2015-05-01 10:59 . 2015-05-01 10:59	--------	d-----w-	c:\windows\SysWow64\Y5910~1
2015-05-01 08:59 . 2015-05-01 08:59	--------	d-----w-	c:\windows\SysWow64\9E39~1
2015-05-01 06:59 . 2015-05-01 07:00	--------	d-----w-	c:\windows\SysWow64\7CAF~1
2015-04-30 18:58 . 2015-04-30 19:00	--------	d-----w-	c:\windows\SysWow64\1118~1
2015-04-29 22:15 . 2015-04-29 22:15	188304	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-25 05:31 . 2012-05-12 20:39	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-25 05:31 . 2011-06-27 23:24	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-22 12:00 . 2013-03-28 23:07	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-22 12:00 . 2013-03-28 23:07	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-15 04:02 . 2011-02-10 20:56	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-15 03:52	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-25 03:24 . 2015-04-15 15:57	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 15:57	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 15:57	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 15:57	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 15:57	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 15:57	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 15:57	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 15:57	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 15:57	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 15:57	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 15:57	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 15:57	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 15:57	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 15:57	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 15:57	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 15:57	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 15:57	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 15:57	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 15:57	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 15:57	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 15:57	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 15:57	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 15:57	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 15:57	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 17:45 . 2013-05-07 12:51	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-03-10 03:25 . 2015-04-15 15:57	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 15:57	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 15:57	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 15:57	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 15:57	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 15:57	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 15:55	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 15:55	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-15 03:49	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-15 03:49	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 15:55	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-15 03:49	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-15 03:49	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-15 03:49	2560	----a-w-	c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-22 728312]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-02-15 2694320]
"Adobe Version Cue CS2"="c:\progra ~ 2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30878816]
.
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\max\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 12:19	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 05:31]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 21:58]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 21:58]
.
2015-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
- c:\users\max\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-08 00:04]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
- c:\users\max\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-08 00:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-02-11 13:13	997536	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-02-11 13:13	997536	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-02-11 13:13	997536	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\hsoyu2hw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra ~ 2\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-29  18:18:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-29 16:18
.
Vor Suchlauf: 11 Verzeichnis(se), 585.583.091.712 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 586.661.101.568 Bytes frei
.
- - End Of File - - 747D65E68C940FAAF50AED08B38A6E48
8BCB23B30DB1819E7D8DDAE01AEBB583
         
Ich hoffe, damit lässt sich was anfangen

Alt 30.05.2015, 13:23   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.06.2015, 17:48   #14
TamTamRan
 
Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Hallo Schrauber, ich war unterwegs entschuldige bitte. Also ich habe alles gemacht. Nur die conduit ist schlimmer als ein Sack voll Flöhe. scheinbar kommt die über Chrome immer wieder rein. Den von AdwCleaner gemeldeten Sucheintrag habe ich schließlich händisch überschrieben. aber danach hat er trotzdem wieder was (anderes) gefunden. Daher hier nun alle Logs.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 28.06.2015 17:46:04, SYSTEM, MAX-DIGITAL, Protection, Malware Protection, Starting, 
Protection, 28.06.2015 17:46:04, SYSTEM, MAX-DIGITAL, Protection, Malware Protection, Started, 
Protection, 28.06.2015 17:46:04, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Starting, 
Protection, 28.06.2015 17:46:05, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Started, 
Update, 28.06.2015 17:46:12, SYSTEM, MAX-DIGITAL, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 28.06.2015 17:46:12, SYSTEM, MAX-DIGITAL, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 28.06.2015 17:46:12, SYSTEM, MAX-DIGITAL, Manual, Remediation Database, 2015.3.9.1, 2015.6.26.1, 
Update, 28.06.2015 17:46:12, SYSTEM, MAX-DIGITAL, Manual, Rootkit Database, 2015.2.25.1, 2015.6.26.1, 
Update, 28.06.2015 17:46:20, SYSTEM, MAX-DIGITAL, Manual, Malware Database, 2015.3.9.5, 2015.6.28.2, 
Protection, 28.06.2015 17:46:20, SYSTEM, MAX-DIGITAL, Protection, Refresh, Starting, 
Protection, 28.06.2015 17:46:20, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Stopping, 
Protection, 28.06.2015 17:46:21, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Stopped, 
Protection, 28.06.2015 17:46:28, SYSTEM, MAX-DIGITAL, Protection, Refresh, Success, 
Protection, 28.06.2015 17:46:28, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Starting, 
Protection, 28.06.2015 17:46:28, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Started, 
Update, 28.06.2015 18:33:02, SYSTEM, MAX-DIGITAL, Scheduler, Malware Database, 2015.6.28.2, 2015.6.28.3, 
Protection, 28.06.2015 18:33:02, SYSTEM, MAX-DIGITAL, Protection, Refresh, Starting, 
Protection, 28.06.2015 18:33:02, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Stopping, 
Protection, 28.06.2015 18:33:03, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Stopped, 
Protection, 28.06.2015 18:33:27, SYSTEM, MAX-DIGITAL, Protection, Refresh, Success, 
Protection, 28.06.2015 18:33:27, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Starting, 
Protection, 28.06.2015 18:33:27, SYSTEM, MAX-DIGITAL, Protection, Malicious Website Protection, Started, 

(end)
         
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 28/06/2015 um 19:50:36
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : max - max-DIGITAL
# Gestarted von : J:\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\max\AppData\Local\apn
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\max\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\max\Documents\Updater
Ordner Gelöscht : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Datei Gelöscht : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaangaohdajkgeopjhpbnlpkehbhmbj_0.localstorage
Datei Gelöscht : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaangaohdajkgeopjhpbnlpkehbhmbj_0.localstorage-journal
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\max\AppData\Roaming\AdobeWLCMCache.dat

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\APN
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKU\.DEFAULT\Software\APN
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Ask.com
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[hsoyu2hw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"1490e2582812b2-03c9c1ee28ba41-41534136-0-1490e258282252\"");
[hsoyu2hw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"c632b81811d79e858214c34b1325f36c0b011259\"");
[hsoyu2hw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1413281579656");

-\\ Google Chrome v43.0.2357.130

[C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://search.conduit.com/?CUI=UN65117808730170166&ctid=CT3281675&SearchSource=48
[C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : EA0C1C549B1E6E44442A9BF0B0EEFE70795BE5D4543BC4E97E7EE0DE31CAA90A"},"software_reporter":{"prompt_reason":"D1FEF77A9290859769F7B9E062DCE14C38AFEB67F7CB9798A883BD2B0645B764","prompt_seed":"77F2E2A809D4776743C0083A84C1D2477161F898BCC5B4531D5F5C3B973A5521","prompt_version":"9404D46DB8B3020F85998199F7C45648DD7A600A160A8271A2CBE1946BB19B6F"},"sync":{"remaining_rollback_tries":"F65F478AEC8F958AA5EA3E202A163F519C7EA3E6AEFB4F95F0D389006757D0E1"}},"super_mac":"99982F2B4328CF369FCC264ED75C2DB4C4E90D8F4849CFE28ABEDD34D6535EF3"},"session":{"startup_urls":["hxxp://search.conduit.com/?CUI=UN65117808730170166&ctid=CT3281675&SearchSource=48

*************************

AdwCleaner[R0].txt - [6755 Bytes] - [28/06/2015 19:30:33]
AdwCleaner[R1].txt - [6814 Bytes] - [28/06/2015 19:49:09]
AdwCleaner[S0].txt - [6512 Bytes] - [28/06/2015 19:50:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6571  Bytes] ##########
         
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 28/06/2015 um 19:58:35
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : max - MAX-DIGITAL
# Gestarted von : J:\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130

[C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://search.conduit.com/?CUI=UN65117808730170166&ctid=CT3281675&SearchSource=48

*************************

AdwCleaner[R0].txt - [6755 Bytes] - [28/06/2015 19:30:33]
AdwCleaner[R1].txt - [6814 Bytes] - [28/06/2015 19:49:09]
AdwCleaner[R2].txt - [1185 Bytes] - [28/06/2015 19:57:36]
AdwCleaner[S0].txt - [6707 Bytes] - [28/06/2015 19:50:36]
AdwCleaner[S1].txt - [1106 Bytes] - [28/06/2015 19:58:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1165  Bytes] ##########
         
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 28/06/2015 um 20:11:48
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : max - MAX-DIGITAL
# Gestarted von : J:\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130

[C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://search.conduit.com/?CUI=UN65117808730170166&ctid=CT3281675&SearchSource=48

*************************

AdwCleaner[R0].txt - [6755 Bytes] - [28/06/2015 19:30:33]
AdwCleaner[R1].txt - [6814 Bytes] - [28/06/2015 19:49:09]
AdwCleaner[R2].txt - [1185 Bytes] - [28/06/2015 19:57:36]
AdwCleaner[R3].txt - [1304 Bytes] - [28/06/2015 20:03:40]
AdwCleaner[S0].txt - [6707 Bytes] - [28/06/2015 19:50:36]
AdwCleaner[S1].txt - [1245 Bytes] - [28/06/2015 19:58:35]
AdwCleaner[S2].txt - [1224 Bytes] - [28/06/2015 20:11:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1283  Bytes] ##########
         
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 30/06/2015 um 17:43:32
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : max - MAX-DIGITAL
# Gestarted von : C:\Users\max\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [6755 Bytes] - [28/06/2015 19:30:33]
AdwCleaner[R1].txt - [6814 Bytes] - [28/06/2015 19:49:09]
AdwCleaner[R2].txt - [1185 Bytes] - [28/06/2015 19:57:36]
AdwCleaner[R3].txt - [1304 Bytes] - [28/06/2015 20:03:40]
AdwCleaner[R4].txt - [1422 Bytes] - [28/06/2015 20:16:53]
AdwCleaner[R5].txt - [1436 Bytes] - [30/06/2015 17:41:49]
AdwCleaner[S0].txt - [6707 Bytes] - [28/06/2015 19:50:36]
AdwCleaner[S1].txt - [1245 Bytes] - [28/06/2015 19:58:35]
AdwCleaner[S2].txt - [1363 Bytes] - [28/06/2015 20:11:48]
AdwCleaner[S3].txt - [1356 Bytes] - [30/06/2015 17:43:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1415  Bytes] ##########
         
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 30/06/2015 um 17:50:29
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : max - MAX-DIGITAL
# Gestarted von : C:\Users\max\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [6755 Bytes] - [28/06/2015 19:30:33]
AdwCleaner[R1].txt - [6814 Bytes] - [28/06/2015 19:49:09]
AdwCleaner[R2].txt - [1185 Bytes] - [28/06/2015 19:57:36]
AdwCleaner[R3].txt - [1304 Bytes] - [28/06/2015 20:03:40]
AdwCleaner[R4].txt - [1422 Bytes] - [28/06/2015 20:16:53]
AdwCleaner[R5].txt - [1436 Bytes] - [30/06/2015 17:41:49]
AdwCleaner[R6].txt - [1430 Bytes] - [30/06/2015 17:48:43]
AdwCleaner[R7].txt - [1489 Bytes] - [30/06/2015 17:49:44]
AdwCleaner[S0].txt - [6707 Bytes] - [28/06/2015 19:50:36]
AdwCleaner[S1].txt - [1245 Bytes] - [28/06/2015 19:58:35]
AdwCleaner[S2].txt - [1363 Bytes] - [28/06/2015 20:11:48]
AdwCleaner[S3].txt - [1495 Bytes] - [30/06/2015 17:43:32]
AdwCleaner[S4].txt - [1409 Bytes] - [30/06/2015 17:50:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1468  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.0 (06.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by max on 28.06.2015 at 20:21:28,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho19D3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3A1E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3A56.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho69E0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6BCD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7A81.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho87C2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8C97.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8E65.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD5F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBE31.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDAF5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFD45.tmp



~~~ Folders

Failed to delete: [Folder] C:\Users\max\appdata\local\crashrpt
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{06EFA792-6B78-44A5-90BC-C6E08F3CD86C}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{1042075F-17CF-4DA0-BFCA-116038C6B818}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{10D6CBE7-D202-4B97-A1AA-F6DD82CE16E9}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{113CB303-BD05-415C-806A-DC611A198630}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{14F066D2-7EED-439D-AE8B-4C445FED0936}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{15F78757-88F4-4883-A21C-91F43CFB340F}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{21573401-7F96-4AD2-A0A1-C95E972A96D0}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{2370B26B-1718-453A-AC59-E9842DE2BFE1}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{257CFCA0-2C18-4B0D-90C4-4C134A21FAE0}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{37550AB5-FBE3-4FBE-A188-50D1F50C81E1}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{3DAEF048-256D-4126-AE19-8DE5821B6E79}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{48423F84-862F-43A7-A79B-9E0C5D579D36}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{497C5A04-73C2-4226-BD77-3344FAEF9537}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{4AE13BF7-71CB-434B-B3A5-2717F32C8B8E}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{5C7855E7-0441-46F3-9627-4136424E2748}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{5DA1D655-9EFD-418C-BEB5-E45B8DC08E6A}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{63EB3EB0-AC0C-4697-ACCB-074A76B2A083}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{688B06A2-F94A-4465-848F-682FCB56C810}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{69101302-4E43-4C91-9733-5D2501B7FD40}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{6A5279E1-F56F-469A-9630-155080F2A679}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{6C38D656-F642-4769-8C02-DC78E9B7B47A}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{6EB3AD82-A7E2-4219-A91E-DA0B33F398C7}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{74D69398-219C-4373-838C-4F689EAF2F40}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{8F5EDDD3-5751-454B-B1AC-E47DCCB833CA}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{8FECD97F-2CD2-4D99-86D5-A9895A464373}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{9AC71A8F-654B-4E7A-8794-F5420E4366DC}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{9C46A824-AC9F-4506-B43E-2EC9046C0EC8}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{9C82F56C-E982-4139-8DD4-F99037D9A643}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{9F3B1EC0-CC25-42FE-9894-C80FDDCAF962}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{A798EC14-D5D8-489B-8326-C8DE917CDF06}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{A7FFB6C6-942B-427A-9D9E-1C79BE7F5A70}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{AAC928D9-C0F2-4D66-A749-4A1B1CAA60AB}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{AD172999-BFEE-46D3-A406-9AC3A177F7DD}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{AEA50831-77A6-47F4-B823-0B4CB3C95B2A}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{AFC02158-AFFF-4F6C-B040-F07ED46D03DC}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{B025D93C-D0B1-4C3A-8561-FA835D780BC0}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{BD315DCD-FD37-4D2E-8535-BBA151912B4B}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{BDD5ED8C-F324-4147-9A8F-2A494B0AE8EE}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{C1CF95B4-28A5-4C7B-A4C4-85EFB0B71009}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{C1D4B865-A160-40B6-AE36-04805FA31EA8}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{C490596D-9E7B-4F38-8337-CF1DC84FF288}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{C4AA394B-8532-47DD-90DE-72A69F86CC1B}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{C8421ABC-1230-4461-A30B-D1C635CE4BCB}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{CB53718B-6CDF-4106-A2AE-FFE04B1B0648}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{D4B3DF86-C568-40A4-A4AD-A0F5256DADD5}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{DCF17CE5-5494-44C8-8DDD-9E894F34DA4D}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{DF678488-C723-436A-ACD5-C38E9A8F98B3}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{E0D16273-8144-403A-B178-85D01B2FDE31}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{E56B147F-60AE-4F6A-ACD1-08E17EC7399A}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{E659872F-7C5E-4EB2-AC32-6A779FA1B7E0}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{E756D4D6-E4F3-41CC-8954-49CA25788C42}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{EACDA4C6-2EFC-4052-B01C-D6D50B93A02E}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{EE1133BA-CCA8-47ED-A4DE-445175489C42}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{F3532E70-B131-46D9-B262-E82E6DDAAB9F}
Successfully deleted: [Empty Folder] C:\Users\max\appdata\local\{F8D2D127-439C-402B-AFB7-EF6DA9B024DE}
Successfully deleted: [Folder] C:\ProgramData\esellerate
Successfully deleted: [Folder] C:\Users\max\appdata\local\cre
Successfully deleted: [Folder] C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69



~~~ FireFox




~~~ Chrome


[C:\Users\max\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\max\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\max\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\max\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2015 at 20:26:41,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by SYSTEM on MININT-0VLK6J4 on 30-06-2015 18:35:35
Running from J:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-25] (CyberLink)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-25] (CyberLink)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\max\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3293184 2007-11-20] (Google)
HKU\max\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\max\...\Run: [Dropbox Update] => C:\Users\max\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\max\...\Policies\system: [LogonHoursAction] 2
HKU\max\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR [5104049 2009-07-16] (ALDI SÜD)
HKU\Default User\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR [5104049 2009-07-16] (ALDI SÜD)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-25]
ShortcutTarget: Dropbox.lnk ->  (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems)
S2 Adobe Version Cue CS2; c:\Progra ~ 2\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-07] (Advanced Micro Devices, Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-18] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-13] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-13] (Malwarebytes Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-13] (Malwarebytes Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-03-20] (RapidSolution Software AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 08:21 - 2015-06-30 08:21 - 02112512 _____ (Farbar) C:\Users\max\Downloads\FRST64.exe
2015-06-30 08:21 - 2015-06-30 08:21 - 01636352 _____ (Farbar) C:\Users\max\Downloads\FRST.exe
2015-06-30 08:09 - 2015-04-27 11:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-06-30 08:09 - 2015-04-27 11:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-06-30 08:09 - 2015-04-27 11:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-06-30 08:09 - 2015-04-27 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-06-30 08:09 - 2015-04-27 11:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-30 08:09 - 2015-04-27 11:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-30 08:09 - 2015-04-27 11:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-30 08:09 - 2015-04-27 11:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-30 08:08 - 2015-05-09 10:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-06-30 07:41 - 2015-06-28 07:01 - 02244096 _____ C:\Users\max\Desktop\AdwCleaner_4.207.exe
2015-06-28 10:26 - 2015-06-28 10:26 - 00007993 _____ C:\Users\max\Desktop\JRT.txt
2015-06-28 10:21 - 2015-06-28 10:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MAX-DIGITAL-Windows-7-Home-Premium-(64-bit).dat
2015-06-28 10:21 - 2015-06-28 10:21 - 00000000 ____D C:\RegBackup
2015-06-28 09:30 - 2015-06-30 07:57 - 00000000 ____D C:\AdwCleaner
2015-06-28 07:25 - 2015-06-28 07:25 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-28 07:25 - 2015-06-28 07:25 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-28 07:25 - 2015-04-13 23:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-06-28 07:25 - 2015-04-13 23:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-06-26 22:07 - 2015-06-26 22:07 - 00000000 ____D C:\Users\max\AppData\Local\GWX
2015-06-26 15:37 - 2015-06-26 15:37 - 00000104 _____ C:\Users\max\Desktop\gypsyy.txt
2015-06-25 10:18 - 2015-06-30 08:23 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
2015-06-25 10:18 - 2015-06-28 10:23 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
2015-06-25 10:18 - 2015-06-25 10:18 - 00004194 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA
2015-06-25 10:18 - 2015-06-25 10:18 - 00003798 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core
2015-06-25 10:18 - 2015-06-25 10:18 - 00000000 ____D C:\Users\max\AppData\Local\Dropbox
2015-06-25 10:18 - 2015-06-25 10:18 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-18 10:02 - 2015-06-18 10:02 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\max\Downloads\flashplayer18au_ha_install.exe
2015-06-14 10:58 - 2015-05-08 19:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-06-14 10:58 - 2015-05-08 19:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-06-14 10:58 - 2015-05-08 19:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-06-14 10:58 - 2015-05-08 19:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-06-14 10:58 - 2015-05-08 19:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-06-14 10:58 - 2015-05-08 19:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-06-14 10:58 - 2015-05-08 19:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-06-14 10:58 - 2015-05-08 19:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-06-14 10:58 - 2015-05-08 19:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-06-14 10:58 - 2015-05-08 19:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-06-14 10:58 - 2015-05-08 19:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-06-14 10:58 - 2015-05-08 19:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-14 10:58 - 2015-05-08 19:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-14 10:58 - 2015-05-08 19:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-14 10:58 - 2015-05-08 19:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-14 10:58 - 2015-05-08 19:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-14 09:24 - 2015-04-29 10:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2015-06-14 09:24 - 2015-04-29 10:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2015-06-14 09:24 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2015-06-14 09:24 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2015-06-14 09:24 - 2015-04-29 10:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2015-06-14 09:24 - 2015-04-29 10:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-14 09:24 - 2015-04-29 10:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-14 09:24 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-14 09:24 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-14 09:24 - 2015-04-29 10:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-14 09:24 - 2015-04-24 10:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2015-06-14 09:24 - 2015-04-24 09:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-14 09:23 - 2015-05-25 10:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-06-14 09:23 - 2015-05-25 10:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-06-14 09:23 - 2015-05-25 10:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-06-14 09:23 - 2015-05-25 10:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-06-14 09:23 - 2015-05-25 10:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-06-14 09:23 - 2015-05-25 10:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2015-06-14 09:23 - 2015-05-25 10:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\System32\tracerpt.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\logman.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\typeperf.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-06-14 09:23 - 2015-05-25 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\relog.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-06-14 09:23 - 2015-05-25 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-06-14 09:23 - 2015-05-25 10:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\diskperf.exe
2015-06-14 09:23 - 2015-05-25 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-06-14 09:23 - 2015-05-25 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 10:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-14 09:23 - 2015-05-25 10:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-14 09:23 - 2015-05-25 10:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-14 09:23 - 2015-05-25 10:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-14 09:23 - 2015-05-25 10:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-14 09:23 - 2015-05-25 10:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-14 09:23 - 2015-05-25 10:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-14 09:23 - 2015-05-25 10:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-14 09:23 - 2015-05-25 10:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-14 09:23 - 2015-05-25 10:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-14 09:23 - 2015-05-25 10:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-14 09:23 - 2015-05-25 09:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-14 09:23 - 2015-05-25 09:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-14 09:23 - 2015-05-25 09:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-14 09:23 - 2015-05-25 09:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-14 09:23 - 2015-05-25 09:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-14 09:23 - 2015-05-25 09:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 09:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-06-14 09:23 - 2015-05-25 09:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2015-06-14 09:23 - 2015-05-25 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-14 09:23 - 2015-05-25 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-14 09:23 - 2015-05-25 08:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 08:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 08:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-14 09:23 - 2015-05-25 08:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-14 09:23 - 2015-05-22 10:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-06-14 09:23 - 2015-05-22 10:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-06-14 09:23 - 2015-05-22 10:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-06-14 09:23 - 2015-05-22 10:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-06-14 09:23 - 2015-05-22 10:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-06-14 09:23 - 2015-05-22 10:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-06-14 09:23 - 2015-05-22 10:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-06-14 09:23 - 2015-05-21 05:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-06-14 09:22 - 2015-06-01 11:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-06-14 09:22 - 2015-06-01 10:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-14 09:22 - 2015-05-27 06:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-06-14 09:22 - 2015-05-27 06:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-14 09:22 - 2015-05-22 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-14 09:22 - 2015-05-22 19:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-14 09:22 - 2015-05-22 19:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-14 09:22 - 2015-05-22 19:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-14 09:22 - 2015-05-22 19:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-14 09:22 - 2015-05-22 19:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-14 09:22 - 2015-05-22 19:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-14 09:22 - 2015-05-22 19:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-14 09:22 - 2015-05-22 19:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-14 09:22 - 2015-05-22 19:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-14 09:22 - 2015-05-22 19:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-14 09:22 - 2015-05-22 19:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-14 09:22 - 2015-05-22 19:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-14 09:22 - 2015-05-22 18:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-14 09:22 - 2015-05-22 18:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-14 09:22 - 2015-05-22 18:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-14 09:22 - 2015-05-22 18:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-14 09:22 - 2015-05-22 18:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-14 09:22 - 2015-05-22 18:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-14 09:22 - 2015-05-22 18:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-14 09:22 - 2015-05-22 18:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-14 09:22 - 2015-05-22 18:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-14 09:22 - 2015-05-22 18:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-14 09:22 - 2015-05-22 18:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-14 09:22 - 2015-05-22 18:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-14 09:22 - 2015-05-22 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-14 09:22 - 2015-05-22 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-06-14 09:22 - 2015-05-22 11:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-06-14 09:22 - 2015-05-22 11:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-06-14 09:22 - 2015-05-22 11:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-06-14 09:22 - 2015-05-22 11:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-06-14 09:22 - 2015-05-22 11:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-06-14 09:22 - 2015-05-22 11:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-06-14 09:22 - 2015-05-22 10:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-06-14 09:22 - 2015-05-22 10:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-06-14 09:22 - 2015-05-22 10:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-06-14 09:22 - 2015-05-22 10:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-06-14 09:22 - 2015-05-22 10:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-06-14 09:22 - 2015-05-22 10:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-06-14 09:22 - 2015-05-22 10:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-06-14 09:22 - 2015-05-22 10:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-06-14 09:22 - 2015-05-22 10:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-06-14 09:22 - 2015-05-22 10:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-14 09:22 - 2015-05-22 10:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-06-14 09:22 - 2015-05-22 10:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-14 09:22 - 2015-05-22 10:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-06-14 09:22 - 2015-05-22 10:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-06-14 09:22 - 2015-05-22 10:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-06-14 09:22 - 2015-05-22 10:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-06-14 09:22 - 2015-05-22 10:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-06-14 09:22 - 2015-05-22 10:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-06-14 09:22 - 2015-05-22 10:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-06-14 09:22 - 2015-05-22 09:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-06-14 09:22 - 2015-05-22 09:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-06-14 09:22 - 2015-05-22 09:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-06-14 09:22 - 2015-05-22 09:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-06-03 20:36 - 2015-06-05 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 18:35 - 2015-05-05 18:32 - 00000000 ____D C:\FRST
2015-06-30 08:29 - 2011-09-29 23:24 - 01305362 _____ C:\Windows\WindowsUpdate.log
2015-06-30 08:29 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 08:29 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 08:28 - 2012-05-05 09:44 - 00000000 ____D C:\Users\max\AppData\Roaming\Dropbox
2015-06-30 08:27 - 2011-09-29 23:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 08:26 - 2015-05-03 10:00 - 00002520 _____ C:\Windows\setupact.log
2015-06-30 08:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 08:19 - 2011-09-29 23:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 08:01 - 2012-09-13 08:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 07:53 - 2015-05-16 06:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-06-30 07:49 - 2013-02-08 12:26 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002UA.job
2015-06-30 07:32 - 2011-09-30 05:02 - 00000000 ____D C:\Users\max\AppData\Local\Adobe
2015-06-28 09:46 - 2010-11-20 19:47 - 00442006 _____ C:\Windows\PFRO.log
2015-06-28 07:25 - 2015-05-16 06:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-28 07:13 - 2015-01-04 11:23 - 00000000 ____D C:\Filme
2015-06-28 07:10 - 2011-02-10 11:25 - 00699884 _____ C:\Windows\System32\perfh007.dat
2015-06-28 07:10 - 2011-02-10 11:25 - 00149766 _____ C:\Windows\System32\perfc007.dat
2015-06-28 07:10 - 2009-07-13 21:13 - 01622300 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-28 03:49 - 2013-02-08 12:26 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4281635434-313555713-1316966940-1002Core.job
2015-06-25 12:01 - 2012-09-13 08:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 12:01 - 2012-05-12 12:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 12:01 - 2011-06-27 15:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-25 10:46 - 2011-09-29 23:29 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 14:17 - 2012-04-04 11:00 - 00000000 ____D C:\Users\max\AppData\Roaming\vlc
2015-06-18 10:08 - 2013-03-28 15:07 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2015-06-18 10:08 - 2013-03-28 15:07 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2015-06-18 09:56 - 2012-05-11 12:32 - 00000000 ____D C:\ProgramData\Avira
2015-06-17 10:46 - 2011-09-30 01:07 - 00000000 ____D C:\Users\max\AppData\Roaming\SoftGrid Client
2015-06-15 01:17 - 2014-08-12 15:47 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-15 01:17 - 2012-12-22 07:29 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-14 18:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-06-14 17:21 - 2009-07-13 20:45 - 05144008 _____ C:\Windows\System32\FNTCACHE.DAT
2015-06-14 17:19 - 2014-12-09 21:16 - 00000000 ____D C:\Windows\System32\appraiser
2015-06-14 17:19 - 2014-04-30 17:01 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-06-14 11:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-14 10:44 - 2013-07-12 05:34 - 00000000 ____D C:\Windows\System32\MRT
2015-06-14 10:33 - 2011-02-10 12:56 - 140135120 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-06-05 19:41 - 2013-06-13 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some files in TEMP:
====================
C:\Users\max\AppData\Local\Temp\avgnt.exe
C:\Users\max\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8jnu9t.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-06-14 10:32:08
Restore point made on: 2015-06-14 11:00:16
Restore point made on: 2015-06-14 12:50:32
Restore point made on: 2015-06-14 13:10:27
Restore point made on: 2015-06-14 17:00:33
Restore point made on: 2015-06-15 12:13:43
Restore point made on: 2015-06-15 12:34:49
Restore point made on: 2015-06-15 14:24:42
Restore point made on: 2015-06-19 05:31:30
Restore point made on: 2015-06-25 10:23:14
Restore point made on: 2015-06-25 10:26:58
Restore point made on: 2015-06-30 07:29:16
Restore point made on: 2015-06-30 08:10:04

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3576.13 MB
Available physical RAM: 2933.58 MB
Total Pagefile: 3574.33 MB
Available Pagefile: 2921.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:518.68 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:18.35 GB) NTFS
Drive g: (THE_SALVATION) (CDROM) (Total:7.39 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:14.9 GB) (Free:5.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-06-25 13:40

==================== End of log ============================
         

Alt 01.07.2015, 06:22   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Standard

Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung
antivir, avg, avira, bildschirm, booten, bootmgr, defender, desktop, explorer, flash player, google, home, maus, mozilla, problem, realtek, registry, scan, schwarzer bildschirm, security, services.exe, software, stick, svchost.exe, temp, windows



Ähnliche Themen: Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung


  1. Windows 7: Schwarzer LogIn-Bildschirm nur mit weißer Maus
    Log-Analyse und Auswertung - 28.07.2015 (12)
  2. Nach anmeldung schwarzer bildschirm mit mauszeiger, alles ausprobiert nichts funktionert!
    Plagegeister aller Art und deren Bekämpfung - 21.04.2015 (12)
  3. Windows 7 nach Anmelden Schwarzer Bildschirm mit Maus / nach einer Zeit Windows Funktioniert nicht mehr
    Alles rund um Windows - 09.02.2015 (1)
  4. Ausus 2in1 Book Windows 8 Nach Anmeldung Schwarzer Bildschirm abgesicherter Modus nicht möglich
    Log-Analyse und Auswertung - 02.02.2015 (3)
  5. Blackscreen mit beweglicher Maus nach Systemstart
    Alles rund um Windows - 20.10.2014 (2)
  6. Windows 8 Schwarzer Bildschirm mit Maus (bei Anmeldung)
    Log-Analyse und Auswertung - 25.07.2014 (3)
  7. Windows 8: Schwarzer Bildschirm mit beweglicher Maus
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (7)
  8. weißer bildschirm, schwarzer bildschirm, maus laggs nach systemstart, mausbewegungen in boxen.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  9. weißer Bildschirm nach Anmeldung, im abges. Modus sofortiger Neustart nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (12)
  10. Windows Vista schwarzer Bildschirm nur Maus
    Plagegeister aller Art und deren Bekämpfung - 28.09.2013 (11)
  11. Win7 Home Prem. Schwarzer Bildschirm (mit Maus) nach dem Anmelden
    Log-Analyse und Auswertung - 20.09.2013 (41)
  12. Virus! Nur schwarzer Bildschirm mit Maus! Windows Vista
    Mülltonne - 19.07.2013 (1)
  13. Grauer Bildschirm mit (beweglicher Maus) beim Hochfahren!
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (9)
  14. Schwarzer Bildschirm nach Windows-Anmeldung
    Log-Analyse und Auswertung - 11.02.2013 (9)
  15. Windowsstart schwarzer Bildschirm, Maus funktioniert
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (8)
  16. Windows 7 schwarzer Bildschirm mit Maus nach dem booten
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (62)
  17. Nach Anmeldung Schwarzer Bildschirm, bzw. Systemabsturz mit BSOD nach kurzer Zeit
    Log-Analyse und Auswertung - 25.04.2011 (11)

Zum Thema Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung - Nach Anmeldung bleibt der Bildschirm bis zum Systemstart eine ganze Weile schwarz. Anfangs gab es dieses Problem nicht. Ich habe ein Scan nach der Beschreibung mit FRST64 durchgeführt und das - Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung...
Archiv
Du betrachtest: Vorübergehender Schwarzer Bildschirm mit beweglicher Maus nach Anmeldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.