WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam

armer tor · 28.05.2015, 21:07

Hallo liebe Helfer,

leider habe ich schon selber einiges veranstaltet, um das Laptop wieder flott zu machen.
Habe mit der Kaspersky Notfall CD 10 einen Scan gemacht (wovon ich das gespeicherte Logfile nichtmehr wiederfinde), und alle Vorschläge befolgt (Quarantäne, Neutralisieren, Löschen).
Vorher hatte ich schon mit Malwarebytes einen Scan gemacht (Logfile anbei).
Alle Checks und Scans habe ich ohne Internetverbindung gemacht. Ich schreine jetzt auch vom PC, obwohl das Laptop infiziert ist.

Die Infekte haben folgende Erscheinungsformen: Suchanfragen über Chrome oder Firefox werden an andere (Werbe)Adressen umgeleitet. Es scheint alles mögliche im Hintergrund zu laufen, da das Laptop ewig braucht um hochzufahren. Der Datei-Explorer ist öfters instabil, und stürzt ab. Chrome kann ich nicht deinstallieren

So, besser kann ich es erstmal nicht beschreiben. Danke für eure Hilfe

der arme Tor

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.05.2015
Suchlauf-Zeit: 20:40:53
Logdatei: Scan-Antimalware.txt
Administrator: Nein

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Va

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 247304
Verstrichene Zeit: 23 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 46
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\adTech.adTech.1, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\adTech.adTech, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\adTech.adTech, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\adTech.adTech, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\adTech.adTech.1, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\adTech.adTech.1, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, Löschen bei Neustart, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.AdTech.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [fc7db48fb5d576c0135976a120e320e0], 
PUP.Optional.QuickShare.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [8cedeb58d8b258de1bcb9abafa0932ce], 
PUP.Optional.QuickShare.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [8cedeb58d8b258de1bcb9abafa0932ce], 
PUP.Optional.SupTab.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2b4e75ce0e7c90a6aac548d8d0337f81], 
PUP.Optional.SupTab.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2b4e75ce0e7c90a6aac548d8d0337f81], 
PUP.Optional.Yontoo.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [f485c57ee2a8340226ede13cad563dc3], 
PUP.Optional.Yontoo.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [f485c57ee2a8340226ede13cad563dc3], 
PUP.Optional.Incredibar, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}, In Quarantäne, [5e1bd86b2565ca6c90f5292ecd36916f], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [db9ed76c7a100d29d00eda7ef60d32ce], 
PUP.Optional.NoVooIT.A, HKCU\SOFTWARE\NoVooITSet, In Quarantäne, [1069c77c90fa4fe7d1c1357ace35fa06], 
PUP.Optional.RGMUpdater.A, HKCU\SOFTWARE\RGMService, In Quarantäne, [ef8a92b12b5fab8bd0f8783be122a858], 
PUP.Optional.SmartBar, HKCU\SOFTWARE\SmartbarBackup, In Quarantäne, [017864df71191026120ba87b5ea7c739], 
PUP.Optional.SmartBar, HKCU\SOFTWARE\SmartbarLog, In Quarantäne, [e594cb78dfab20163be1978ce12451af], 
PUP.Optional.SweetIM.A, HKCU\SOFTWARE\SweetIM, In Quarantäne, [67122c17dbaf2412fbc8f3c043c0a35d], 
PUP.Optional.TNT.A, HKCU\SOFTWARE\TNT2, In Quarantäne, [3d3c77cce0aaf640a6c8a803ae554cb4], 
PUP.Optional.Tuto4PC.A, HKCU\SOFTWARE\TutoTag, In Quarantäne, [2950c67ddfab2f071fa780ad2cd9e818], 
PUP.Optional.Shopperz.A, HKCU\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [8decb291d4b645f17a794b59f50eeb15], 
PUP.Optional.Iminent.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [54253a09e1a959ddd79af4b10ef53fc1], 
PUP.Optional.Iminent.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [a2d775ceccbe83b3e290188dbd464eb2], 
PUP.Optional.Linkey.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [0b6e4003dbaf5bdbbab9d8cd9e6522de], 
PUP.Optional.Vosteran.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [3445e55e206aee483f35584d7291cf31], 
PUP.Optional.Wajam.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [8dec79ca7416280eb3c21f8648bb2dd3], 
PUP.Optional.IStart.A, HKCU\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [6910dc67860496a025f8aff7b350e818], 
PUP.Optional.Wajam.A, HKCU\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, In Quarantäne, [2257c67d8a00b77fe5a3f0b9a75ca25e], 
PUP.Optional.SafeFinder.A, HKCU\SOFTWARE\SMARTBAR, In Quarantäne, [c1b851f24e3c77bfb20d3790739057a9], 
PUP.Optional.AdvancedSystemProtector.A, HKCU\SOFTWARE\SYSTWEAK\Advanced System Protector, In Quarantäne, [6d0c133036542c0a90b710b6dc272fd1], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, Löschen bei Neustart, [f683b09395f562d41e0a43a0d2313cc4], 
Adware.SmartBar, HKLM\SOFTWARE\WOW6432NODE\Smartbar, Löschen bei Neustart, [0a6f5ce7d1b9ef47ce1eb6d123e135cb], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Löschen bei Neustart, [582187bc11793006e6a08849dc270df3], 

Registrierungswerte: 14
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [ee8b98ab88022a0ccfc1cd4edd26e020], 
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [ee8b98ab88022a0ccfc1cd4edd26e020]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [ee8b98ab88022a0ccfc1cd4edd26e020]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [2c4def549eecb4827b15a873fe05bb45], 
PUP.Optional.SmartBar.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Va\AppData\Local\Smartbar\Application\SafeFinder.exe startup, In Quarantäne, [136697ac3c4ecd69cffd7a8fa95c9a66]
PUP.Optional.IStart.A, HKCU\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, In Quarantäne, [6910dc67860496a025f8aff7b350e818]
PUP.Optional.ReMarkIT.A, HKCU\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{1effa55f-843c-4f45-b36c-c1600c8b3fc6}, C:\Program Files (x86)\Re-markit\150.xpi, In Quarantäne, [5a1f99aa3357b4825a8950cf5ca9936d]
PUP.Optional.SafeFinder.A, HKCU\SOFTWARE\SMARTBAR|Publisher, IrsSF, In Quarantäne, [c1b851f24e3c77bfb20d3790739057a9]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz, C:\Program Files\shopperz\wrex.exe, Löschen bei Neustart, [babf74cf5b2fbc7a540faf038e75669a]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz64, C:\Program Files\shopperz\wrex64.exe, Löschen bei Neustart, [8dec043fccbed561135181315aa944bc]
PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [9cdd3f0401890f27c3a8ff1723e28f71]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, Löschen bei Neustart, [43364ff4206ad660caa1ef27fe07a15f]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com, Löschen bei Neustart, [4534af945f2bea4ca7cbb6813dc8dc24]
PUP.Optional.IStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com, Löschen bei Neustart, [0574ec57fc8e76c0272b1491d033ae52]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 38
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\content, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\skin, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en-US, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es-419, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-BE, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CA, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CH, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-LU, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it-CH, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pl, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pt-BR, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru-MO, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\tr, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\vi, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-CN, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-TW, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults\preferences, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 

Dateien: 83
PUP.Optional.Downloader, C:\Users\Va\AppData\Roaming\jellylam\rinti.exe, Löschen bei Neustart, [4534043f197141f5de3357ef06ff758b], 
PUP.Optional.Firseria, C:\Users\Va\Downloads\Microsoft PowerPoint.exe, In Quarantäne, [b0c960e3e5a57abc2f5e31d8808639c7], 
PUP.Optional.Softonic.A, C:\Users\Va\Downloads\SoftonicDownloader_fuer_free-powerpoint-templates.exe, In Quarantäne, [bebb3f043b4f56e014e688c21ae77f81], 
PUP.Optional.InstallCore, C:\Users\Va\Downloads\tuneup-utilities_setup.exe, In Quarantäne, [d1a874cf800acb6b082d4c666a9b9d63], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\8be45.msi, Löschen bei Neustart, [9bde0241d7b354e26ca1456a89787c84], 
PUP.Optional.VeriStaff, C:\Windows\Installer\8be53.msi, Löschen bei Neustart, [4a2f4cf73258171f99fc481537c97b85], 
PUP.Optional.Winsta.A, C:\Users\Va\AppData\Roaming\Winsta\Winsta.exe, In Quarantäne, [8aefee5597f3fc3a04b45e4f0ff49070], 
PUP.Optional.WidgetContext.A, C:\Users\Va\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi, In Quarantäne, [06734201078392a43533f3bd877c4fb1], 
PUP.Optional.MyStartSearch.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\searchplugins\MyStart Search.xml, In Quarantäne, [611891b2a1e93afc8b72faeef0139868], 
PUP.Optional.WebSearch.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\searchplugins\Web Search.xml, In Quarantäne, [116867dc890170c65640d516c2416799], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome.manifest, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\install.rdf, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\content\toolbar.js, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.SearchEngine.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com\chrome\skin\icon.png, In Quarantäne, [2d4cb48fe3a7d95d8c131b8641c27090], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome.manifest, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\install.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\index.html, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\quick_start.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\js.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\icon.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\loading.gif, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\logo.png, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\simple.css, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\chrome\skin\style.css, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\addonmanager.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\aes.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\config.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\dialogs.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\last_tab.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\misc.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\properties.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\remoterequest.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\restoreprefs.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\modules\settings.js, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\faststart.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\ff.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\istart.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\istart_ffnt#5.3.6.xpi, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\istart_ffnt.xpi, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.IStart.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com\updateinfo\lightning.update.rdf, In Quarantäne, [9cdd6bd868229b9b041b4b580cf760a0], 
PUP.Optional.Softonic.A, C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\prefs.js, Gut: (), Schlecht: (user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"s\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\",\"searchsafer.com\":\"q\",\"www.searchqu.com\":\"q\",\"searchfunmoods.com\":\"s\",\"www.searchfunmoods.com\":\"s\",\"www.searchya.com\":\"q\",\"search.lphant.net\":\"\",\"searchremagnified.com\":\"\",\"www.pagequeryresults.com\":\"\",\"www.searchqueryresults.com\":\"\",\"domainhelp.search.com\":\"q\",\"search.b1.org\":\"q\",\"search.pontofrio.com.br\":\"q\",\"search.maxonline.com.sg\":\"q\",\"search.us.com\":\"k\",\"www.picsearch.com\":\"q\",\"www.search-document.com\":\"q\",\"www.searchsafer.com\":\"q\",\"www.website-unavailable.com\":\"q\",\"search.appsarefun.info\":\"\",\"www.searchamong.com\":\"query\",\"www.savevalet.com\":\"q\",\"www.navegaki.com.br\":\"q\",\"my.rally.io\":\"\",\"isearch.glarysoft.com\":\"q\",\"websearch.mocaflix.com\":\"s\",\"search.fastaddressbar.com\":\"s\",\"search.certified-toolbar.com\":\"q\",\"www.delta-search.com\":\"q\",\"mysearch.avg.com\":\"q\",\"www1.search-results.com\":\"q\",\"search.searchya.com\":\"q\",\"websearch.just-browse.info\":\"s\",\"search.fbdownloader.com\":\"q\",\"search.startnow.com\":\"q\",\"search.protectedsearch.com\":\"q\",\"start.iminent.com\":\"q\",\"websearch.pu-results.info\":\"s\",\"22find.com\":\"\",\"search.comcast.net\":\"q\",\"rss2search.com\":\"q\",\"www.searchinq.com\":\"q\",\"search.22find.com\":\"\",\"search.genieo.com\":\"q\",\"www.safesearch.net\":\"q\",\"isearch.fantastigames.com\":\"q\",\"nortonsafe.search.ask.com\":\"q\",\"www.dnsrsearch.com\":\"search\",\"yourstartsearch.com\":\"q\",\"mixidj.delta-search.com\":\"q\",\"searchiu.com\":\"q\",\"www1.dlinksearch.com\":\"q\",\"search.eazel.com\":\"q\",\"en.eazel.com\":\"q\",\"search.smartsuggestor.net\":\"s\",\"mixidj.claro-search.com\":\"q\",\"search.buzzdock.com\":\"q\",\"search.oracle.com\":\"q\",\"visualbee.delta-search.com\":\"q\",\"filesearch.setun.net\":\"q\",\"search.smartsuggestor.com\":\"s\",\"go.findrsearch.com\":\"q\",\"search.earthlink.net\":\"q\",\"search.netzero.net\":\"query\",\"www.holasearch.com\":\"q\",\"searchengines.com\":\"query\",\"www.31searchengines.com\":\"query\",\"www.99searchengines.com\":\"query\",\"www.28searchengines.com\":\"query\",\"www.29searchengines.com\":\"query\",\"www.38searchengines.com\":\"query\",\"www.39searchengines.com\":\"query\",\"www.50searchengines.com\":\"query\",\"www.100searchengines.com\":\"query\",\"www.20searchengines.com\":\"query\",\"www.24searchengines.com\":\"query\",\"www.45searchengines.com\":\"query\",\"www.55searchengines.com\":\"query\",\"www.60searchengines.com\":\"query\",\"www.70searchengines.com\":\"query\",\"www.88searchengines.com\":\"query\",\"www.47searchengines.com\":\"query\",\"www.32searchengines.com\":\"query\",\"www.48searchengines.com\":\"query\",\"www.53searchengines.com\":\"query\",\"www.40searchengines.com\":\"query\",\"www.66searchengines.com\":\"query\",\"www.34searchengines.com\":\"query\",\"www.49searchengines.com\":\"query\",\"www.30searchengines.com\":\"query\",\"www.41searchengines.com\":\"query\",\"www.36searchengines.com\":\"query\",\"www.52searchengines.com\":\"query\",\"www.25searchengines.com\":\"query\",\"home.maxwebsearch.com\":\"query\",\"polysearch.org\":\"srch\",\"search.bnpmedia.com\":\"q\",\"start.search.us.com\":\"k\",\"www.searchnfind.org\":\"\",\"searching-gambling.com\":\"\",\"search.easylifeapp.com\":\"s\",\"www.goodsearch.com\":\"keywords\",\"search.adlux.com\":\"\",\"websearch.good-results.info\":\"s\",\"search.beesq.net\":\"k\",\"www1.delta-search.com\":\"q\",\"www.search.delta-search.com\":\"q\",\"www.yhs.delta-search.com\":\"q\",\"info.delta-search.com\":\"q\",\"www.yd.delta-search.com\":\"q\",\"www2.delta-search.com\":\"q\",\"www3.delta-search.com\":\"q\",\"websearch.helpmefindyour.info\":\"s\",\"tuvaro.com\":\"q\",\"amazon.smart-search.com\":\"query\",\"butterflysearch.net\":\"search\",\"g9search.com\":\"q\",\"images.searchcompletion.com\":\"q\",\"lab.search.conduit.com\":\"q\",\"search.autocompletepro.com\":\"q\",\"search.creativetoolbars.com\":\"q\",\"search.dudu.com\":\"q\",\"search.filebulldog.com\":\"p\",\"search.findwide.com\":\"k\",\"search.focalprice.com\":\"\",\"search.juno.com\":\"query\",\"search.peoplepc.com\":\"q\",\"search.piccshare.com\":\"q\",\"search.starburnsoftware.com\":\"q\",\"search.zonealarm.com\":\"q\",\"search27.info.com\":\"qkw\",\"search42.info.com\":\"qkw\",\"search45.info.com\":\"qkw\",\"search49.info.com\":\"qkw\",\"securesearch.lavasoft.com\":\"q\",\"shieldedsearch.com\":\"q\",\"us.aolsearch.com\":\"q\",\"websearch.brandthunder.com\":\"q\",\"websearch.youwillfind.info\":\"s\",\"websearchsimple.com\":\"q\",\"wind.search-help.net\":\"search\",\"www.21searchengines.com\":\"\",\"www.22searchengines.com\":\"\",\"www.42searchengines.com\":\"\",\"www.46searchengines.com\":\"\",\"www.85searchengines.com\":\"\",\"www.goonsearch.com\":\"q\",\"www.isearch-123.com\":\"q\",\"www.maxwebsearch.com\":\"query\",\"www.searchgby.com\":\"\",\"www.tlbsearch.com\":\"q\",\"avira.search.ask.com\":\"q\",\"search.coupons.com\":\"\",\"smartsearchfacts.com\":\"search\",\"www.27searchengines.com\":\"\",\"www.90searchengines.com\":\"\",\"www.searchgol.com\":\"q\",\"www.searchpage.com\":\"\",\"www.toastsearch.com\":\"q\",\"search.zum.com\":\"query\",\"searchzone.com\":\"query\",\"contenko.com\":\"q\",\"www.mysearch.com\":\"searchfor\",\"home.tb.ask.com\":\"searchfor\",\"isearch.shopathome.com\":\"\",\"searchy.easylifeapp.com\":\"p\",\"www.search.smartshopping.com\":\"keywords\",\"search.bitcomet.com\":\"q\",\"trusearch.com\":\"squery\",\"www.photoshopsearch.com\":\"q\",\"search.snapdo.com\":\"q\",\"search.globososo.com\":\"q\",\"search34.info.com\":\"KW\",\"start.mysearchdial.com\":\"q\",\"search.v9.com\":\"p\",\"maxwebsearch.com\":\"query\",\"search.twcc.com\":\"\",\"websearch.simplespeedy.info\":\"q\",\"search.ividi.org\":\"q\",\"securedsearch2.lavasoft.com\":\"p\",\"yumyumsearch.com\":\"q\",\"wisersearch.com\":\"q\",\"www.morefastsearch.com\":\"q\",\"search.minituner.org\":\"q\",\"websearch.searchrocket.info\":\"q\",\"www.firstsearchhere.com\":\"q\",\"infosearchresults.com\":\"q\",\"mp3tubetoolbarsearch.com\":\"p\",\"sr.searchfunmoods.com\":\"q\",\"websearch.searchdwebs.info\":\"q\",\"www.buenosearch.com\":\"q\",\"www.isearch-for.com\":\"q\",\"www.triple-search.com\":\"q\",\"onlinelivesearch.com\":\"q\",\"search.freecause.com\":\"p\",\"search.url.com\":\"query\",\"search.viewpoint.com\":\"k\",\"search2.virginmedia.com\":\"q\",\"twww1.delta-search.com\":\"q\",\"websearch.pu-result.info\":\"s\",\"websearch.searchannel.info\":\"q\",\"websearch.simplesearches.info\":\"s\",\"www.aolsearch.com\":\"q\",\"www.dalesearch.com\":\"q\",\"www.greenpoweredsearch.com\":\"q\",\"www.search.us.com\":\"k\",\"www.search30.com\":\"q\",\"www.searchfog.com\":\"q\",\"www.thedreamsearch.com\":\"q\",\"www1.delta-seawww1.delta-search.com\":\"q\",\"Searchamong.com\":\"q\",\"www.searchstarburnsoftware.com\":\"q\",\"qvo6.com\":\"p\",\"start.qone8.com\":\"q\",\"delta-homes.com\":\"p\",\"search.localstrike.net\":\"q\",\"websearch.pur-esult.info\":\"\",\"www.searchfusion.com\":\"\",\"search.rpidity.com\":\"\",\"www.isearchspace.com\":\"\",\"www.tika-search.com\":\"\",\"www.doko-search.com\":\"\",\"www.only-search.com\":\"\",\"mixidj.buenosearch.com\":\"\",\"www.golsearch.com\":\"\",\"search.splashtop.com\":\"\",\"www.dosearches.com\":\"\",\"search.all.biz\":\"q\",\"websearch.soft-quick.info\":\"s\",\"search.centrum.cz\":\"q\",\"searchfog.com\":\"q\",\"search.whitesmoke.com\":\"q\",\"search.domainnotfound.optimum.net\":\"q\",\"search.hao123.co.th\":\"wd\",\"searchiy.gboxapp.com\":\"q\",\"www.funnysearch.org\":\"q\",\"native-search.com\":\"q\",\"www2.search-results.com\":\"q\",\"www.webssearches.com\":\"q\",\"www.globasearch.com\":\"q\",\"search.hao123.com.eg\":\"wd\",\"search2.mayoclinic.com\":\"q\",\"www.onlinelivesearch.com\":\"q\",\"www.searchsheet.com\":\"q\",\"search.bigpond.net.au\":\"SearchQuery\",\"searchsearchsearch.org\":\"Keywords\",\"bar.maxwebsearch.com\":\"query\",\"search30.com\":\"q\",\"search.quebles.com\":\"q\",\"isearch.omiga-plus.com\":\"q\",\"websearch.searchpages.info\":\"q\",\"www.oursearching.com\":\"\",\"do-search.com\":\"q\",\"websearch.search-guide.info\":\"\",\"websearch.wisesearch.info\":\"\",\"www.looksafesearch.com\":\"\",\"search14.accoona.com\":\"search\",\"search.gifthulk.com\":\"\",\"folksearcher.com\":\"\",\"searchitallonline.com\":\"query\",\"searchresultsonline.com\":\"query\",\"websearch.homesearch-hub.info\":\"s\",\"www.searchnet.com\":\"utm_term\",\"www.safesearchkids.com\":\"\",\"bittorrent.inspsearch.com\":\"q\",\"dnssearch2.ono.es\":\"SearchQuery\",\"firstsearchnow.com\":\"q\",\"morefastsearch.com\":\"q\",\"r.search.adlux.com\":\"\",\"search.atajitos.com\":\"q\",\"search.bt.com\":\"p\",\"search.ominent.com\":\"q\",\"search.qone8.com\":\"q\",\"search.ueep.com\":\"q\",\"searchstarburnsoftware.com\":\"q\",\"searchstats.iminent.com\":\"\",\"ultimate-search.net\":\"q\",\"utorrent.inspsearch.com\":\"q\",\"websearch.oversearch.info\":\"q\",\"websearch.relevantsearch.info\":\"q\",\"websearch.searchboxes.info\":\"q\",\"websearch.searchere.info\":\"q\",\"websearch.searchesplace.info\":\"q\",\"websearch.the-searcheng.info\":\"q\",\"www.firstsearchnow.com\":\"q\",\"www.fullsearch.com.ar\":\"q\",\"www.infosearchresults.com\":\"q\",\"www.searcheo.fr\":\"q\",\"www.searchresultsonline.com\":\"\",\"www.superquicksearch.com\":\"\"}|||8641407788491093");), Ersetzt,[601984bf2a60e74f38d8f926b74f49b7]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:33 on 28/05/2015 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

M-K-D-B · 28.05.2015, 21:13

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

armer tor · 28.05.2015, 21:19

Hallo Matthias,

hier die Logfiles die ich schon erstellt habe. Waren zu lang für den ersten Beitrag.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Va (ATTENTION: The logged in user is not administrator) on VANESSA on 28-05-2015 20:34:14
Running from F:\
Loaded Profiles: Va & Administrator (Available Profiles: Va & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> FBAgent.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> Fuel.Service.exe
Failed to access process -> Application Hosting.exe
Failed to access process -> svchost.exe
Failed to access process -> sftvsa.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> sftlist.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> CVHSVC.EXE
Failed to access process -> NisSrv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Failed to access process -> WUDFHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Run: [Facebook Update] => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-20] (Facebook Inc.)
HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
Startup: C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-14]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
URLSearchHook: [S-1-5-21-533800774-2781401254-862098746-500] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRak5VLd2-qOELyVxZYVzEWTOSLvRC5kQFMUFB7HWxsC9qmgaEbtsWspeiXQk_8_R5znT6R1fDwhz3ZT22Ce-MfY_wYPvYB4AnBCxL1g_GQSduAYPn-8I3RnEZZS00xXKu2ObU3QI19LskZNnUYycjKHjOqjFsJR-kRbYXjgg&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257
FF NewTab: hxxp://mystart.incredibar.com/?a=6R8R6YBjbO&i=26&did=10963&loc=skw
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: MyStart Search
FF Homepage: https://de.yahoo.com/
FF Keyword.URL: hxxp://mystart.incredibar.com/?a=6R8R6YBjbO&i=26&did=10963&loc=skw&search=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Va\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-533800774-2781401254-862098746-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Va\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-10-03]
FF Extension: buyfaest - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\6b@n.edu [2015-05-15]
FF Extension: No Name - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\nbmtblkvubrszbdbolp@rybjnwmsnsyqmuck.edu [2015-05-14]
FF Extension: Adblock Plus - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com
FF Extension: No Name - C:\Program Files\IB Updater\Firefox [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 20:34 - 2015-05-28 20:34 - 00000000 ____D () C:\FRST
2015-05-28 20:17 - 2015-05-28 20:17 - 00000000 ____D () C:\Users\Va\AppData\Local\{44EFFC24-9A11-456C-9B68-99F4DE8F578A}
2015-05-28 17:52 - 2015-05-28 17:52 - 00000000 ____D () C:\Users\Va\AppData\Local\{F4AD3D71-E05D-462F-82A8-8175F86F3613}
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\Users\Va\AppData\Local\{226B8C84-8E97-4400-8B07-CA88C3F60E3F}
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{1432F450-032F-4DCA-A989-3212D395CE53}
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 ____D () C:\Users\Va\AppData\Local\{05E28185-CE2F-4D67-A3B9-969D18B71351}
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Users\Va\AppData\Local\{0B366F7F-19FB-4669-9467-4C433FEC4700}
2015-05-20 00:23 - 2015-05-20 08:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:23 - 2015-05-20 00:23 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 23:32 - 2015-05-27 22:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 23:19 - 2015-05-19 23:24 - 00000000 ____D () C:\AdwCleaner
2015-05-19 17:08 - 2015-05-19 17:08 - 00059088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-19 17:07 - 2015-05-28 20:31 - 00000000 ____D () C:\Users\Administrator
2015-05-19 15:13 - 2015-05-19 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{2D494D01-B861-49E4-B3D9-355F35CB2E4E}
2015-05-16 22:25 - 2015-05-27 21:51 - 00000272 _____ () C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
2015-05-16 22:21 - 2015-05-20 20:20 - 00058584 _____ () C:\Users\Va\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 22:20 - 2015-05-28 18:30 - 00002446 _____ () C:\Windows\setupact.log
2015-05-16 22:20 - 2015-05-16 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 22:19 - 2015-05-20 08:47 - 00002716 _____ () C:\Windows\PFRO.log
2015-05-16 22:19 - 2015-05-20 00:18 - 04822584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 22:18 - 2015-05-16 22:18 - 00088172 _____ () C:\Users\Va\Documents\cc_20150516_221800.reg
2015-05-16 21:44 - 2015-05-16 21:44 - 00001142 _____ () C:\Users\Va\Desktop\ASUS Produktregistrierung.lnk
2015-05-16 21:26 - 2015-05-16 21:26 - 00000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2015-05-16 11:04 - 2015-05-16 11:05 - 00000000 ____D () C:\Users\Va\AppData\Local\{F001455B-59BE-4115-AE64-C165EFB84113}
2015-05-15 22:36 - 2015-05-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:24 - 2015-05-15 17:24 - 00000000 ____D () C:\Users\Va\AppData\Local\{7A20DB37-FBC4-4BCF-A0D4-EE44E831AD1F}
2015-05-15 00:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 18:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 18:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 18:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 18:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 18:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 18:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 18:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 18:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 18:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 18:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 18:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 18:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 18:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 18:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 18:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 18:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 18:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 18:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 18:17 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 18:17 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 18:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:49 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:49 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:49 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:46 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:46 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:46 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:46 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:46 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:46 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:46 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:44 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 16:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 15:14 - 2015-05-14 15:14 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{799E0E24-8409-4364-BAA9-CC81AB87C1DC}
2015-05-03 14:16 - 2015-05-03 14:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{AB8A634F-5BD1-4B6B-BC2B-6BEB6328F204}
2015-05-03 12:13 - 2015-05-03 12:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{CC9CB319-0D4D-4A95-8B0E-474F65A4F04D}
2015-05-03 12:12 - 2015-05-03 12:14 - 00000000 ____D () C:\Users\Va\Documents\Fax
2015-05-02 10:55 - 2015-05-02 10:55 - 00684184 _____ (Opera Software) C:\Users\Va\Downloads\Opera_NI_stable.exe
2015-05-02 09:58 - 2015-05-02 09:59 - 00000000 ____D () C:\Users\Va\AppData\Local\{D135E88E-4572-4C5E-A949-EB6173D0C63E}
2015-04-29 20:42 - 2015-04-29 20:42 - 00000000 ____D () C:\Users\Va\AppData\Local\{827C5103-74DE-4620-B4AE-AED0DA9E9E6F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 20:16 - 2011-12-24 23:50 - 00000000 ____D () C:\Users\Va\Tracing
2015-05-28 20:16 - 2011-08-11 17:44 - 01821223 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 20:05 - 2011-12-24 22:46 - 00001126 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
2015-05-28 19:59 - 2012-04-11 22:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 18:38 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 18:38 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 18:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 15:06 - 2014-12-03 20:03 - 00001312 _____ () C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-05-28 15:05 - 2015-04-14 23:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
2015-05-27 22:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 22:07 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2015-05-27 22:07 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2015-05-27 22:07 - 2009-07-14 07:13 - 01652924 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 21:13 - 2015-04-21 17:35 - 00000000 ____D () C:\Users\Va\AppData\Roaming\jellylam
2015-05-20 21:13 - 2015-04-14 23:10 - 00000000 ____D () C:\Users\Va\AppData\Roaming\Winsta
2015-05-20 21:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-20 21:00 - 2011-04-13 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-20 20:58 - 2011-08-11 18:14 - 00000000 ____D () C:\Windows\SysWOW64\ASUS_Screensaver dir
2015-05-20 20:57 - 2014-07-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetDrive
2015-05-20 08:49 - 2011-08-11 18:12 - 00002052 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-20 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-20 00:20 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-20 00:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-19 23:41 - 2012-11-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-19 23:28 - 2011-12-24 07:02 - 00000000 ___HD () C:\ASUS.DAT
2015-05-19 23:24 - 2011-12-24 07:01 - 00000000 ____D () C:\Users\Va
2015-05-19 18:06 - 2011-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\FILSHtray
2015-05-16 22:21 - 2011-08-11 18:12 - 00002628 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-05-16 22:07 - 2015-04-14 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-15 17:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 17:08 - 2011-04-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:47 - 2012-01-17 23:23 - 01680542 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 00:47 - 2012-01-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-15 00:43 - 2014-07-13 17:46 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 00:43 - 2014-07-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 00:33 - 2013-03-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 00:30 - 2013-03-15 14:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:42 - 2015-04-21 17:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 19:41 - 2011-08-11 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-03 14:14 - 2013-10-03 19:05 - 00250368 ___SH () C:\Users\Va\Desktop\Thumbs.db
2015-04-29 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2013-10-24 21:18 - 2013-10-24 21:18 - 50053120 _____ () C:\Program Files (x86)\GUTF19F.tmp
2014-01-10 19:50 - 2014-01-10 19:52 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-06-03 19:58 - 2012-06-03 19:58 - 0003584 _____ () C:\Users\Va\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-16 21:26 - 2015-05-16 21:26 - 0000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-08-11 18:18 - 2011-08-11 18:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-11 18:17 - 2011-08-11 18:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Va\AppData\Local\Temp\_is9211.exe
C:\Users\Va\AppData\Local\Temp\_isBE10.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Va at 2015-05-28 20:35:58
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-533800774-2781401254-862098746-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-533800774-2781401254-862098746-501 - Limited - Disabled)
Va (S-1-5-21-533800774-2781401254-862098746-1001 - Limited - Enabled) => C:\Users\Va

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Chromium Browser (HKU\S-1-5-21-533800774-2781401254-862098746-1001\...\Chromium) (Version: 41.0.2231.0 - Chrome)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6403 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Search and Replace (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version:  - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533800774-2781401254-862098746-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Va\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{D937DAF1-0E89-4549-8ADF-0103B21110E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90B9A9CB-6E84-40C9-8639-F26816E9C8D9}] => (Allow) C:\Users\Va\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1AE4FF3B-5152-4233-AE6C-83F30FCA38F0}] => (Allow) C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:58:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:01:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/27/2015 09:54:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ASUSWSShellExt64.dll, Version: 1.1.0.27, Zeitstempel: 0x4c7f631d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000051da
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/27/2015 09:50:54 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/20/2015 09:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ASUSWSShellExt64.dll, Version: 1.1.0.27, Zeitstempel: 0x4c7f631d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000051da
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (05/28/2015 07:50:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 07:01:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:41:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 06:34:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office:
=========================
Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:58:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 10:01:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/27/2015 09:54:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (05/27/2015 09:50:54 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/20/2015 09:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da


CodeIntegrity Errors:
===================================
  Date: 2013-10-01 19:40:42.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:40.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:39.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:36.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:30.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:28.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:25.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:23.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:58.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:55.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD E-350 Processor
Percentage of memory in use: 40%
Total physical RAM: 3691.71 MB
Available physical RAM: 2197.28 MB
Total Pagefile: 7381.64 MB
Available Pagefile: 5672.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:60.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:142.43 GB) NTFS
Drive f: (VERBATIM) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 0C55F312)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-28 20:57:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fwldypow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000075ba1401 2 bytes JMP 75ddb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000075ba1419 2 bytes JMP 75ddb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000075ba1431 2 bytes JMP 75e58f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      0000000075ba144a 2 bytes CALL 75db489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                         0000000075ba14dd 2 bytes JMP 75e58822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  0000000075ba14f5 2 bytes JMP 75e589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                         0000000075ba150d 2 bytes JMP 75e58718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000075ba1525 2 bytes JMP 75e58ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        0000000075ba153d 2 bytes JMP 75dcfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                             0000000075ba1555 2 bytes JMP 75dd68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      0000000075ba156d 2 bytes JMP 75e58fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000075ba1585 2 bytes JMP 75e58b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                           0000000075ba159d 2 bytes JMP 75e586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        0000000075ba15b5 2 bytes JMP 75dcfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      0000000075ba15cd 2 bytes JMP 75ddb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  0000000075ba16b2 2 bytes JMP 75e58ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  0000000075ba16bd 2 bytes JMP 75e58671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                   0000000075ba1401 2 bytes JMP 75ddb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                     0000000075ba1419 2 bytes JMP 75ddb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                   0000000075ba1431 2 bytes JMP 75e58f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                   0000000075ba144a 2 bytes CALL 75db489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                       * 9
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      0000000075ba14dd 2 bytes JMP 75e58822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                               0000000075ba14f5 2 bytes JMP 75e589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      0000000075ba150d 2 bytes JMP 75e58718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                               0000000075ba1525 2 bytes JMP 75e58ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                     0000000075ba153d 2 bytes JMP 75dcfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000075ba1555 2 bytes JMP 75dd68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                   0000000075ba156d 2 bytes JMP 75e58fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                     0000000075ba1585 2 bytes JMP 75e58b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        0000000075ba159d 2 bytes JMP 75e586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                     0000000075ba15b5 2 bytes JMP 75dcfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                   0000000075ba15cd 2 bytes JMP 75ddb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                               0000000075ba16b2 2 bytes JMP 75e58ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                               0000000075ba16bd 2 bytes JMP 75e58671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                           00000000704c11a8 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                          00000000704c127d 2 bytes CALL 75db14c9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                          00000000704c1310 2 bytes CALL 75db14c9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                     00000000704c13a8 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                         00000000704c1422 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                  00000000704c1498 2 bytes [4C, 70]
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4                                               00000000704b1825 2 bytes JMP 75b6613d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4                                              00000000704b1830 2 bytes JMP 75b6615d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4                                           00000000704b183b 2 bytes JMP 75b6617d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4                                             00000000704b1846 2 bytes JMP 75b65a1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4                                   00000000704b1851 2 bytes JMP 75b6619d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4                                           00000000704b185c 2 bytes JMP 75b6627d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                                                     00000000704b1867 2 bytes JMP 75b6629d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4                                                00000000704b1872 2 bytes JMP 75b662bd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4                                             00000000704b187d 2 bytes JMP 75b662dd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                                                          00000000704b1888 2 bytes JMP 75b65a3d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4                                           00000000704b1893 2 bytes JMP 75b662fd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4                                             00000000704b189e 2 bytes JMP 75b65abd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                                                 00000000704b18a9 2 bytes JMP 75b6631d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4                                              00000000704b18b4 2 bytes JMP 75b6633d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4                                       00000000704b18bf 2 bytes JMP 75b31fcb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                                                 00000000704b18ca 2 bytes JMP 75b6637d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4                                                00000000704b18d5 2 bytes JMP 75b65add C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4                                              00000000704b18e0 2 bytes JMP 75b65b5d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4                                          00000000704b18eb 2 bytes JMP 75b65b7d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4                                       00000000704b18f6 2 bytes JMP 75b668dd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4                                          00000000704b1901 2 bytes JMP 75b65a9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4                                             00000000704b190c 2 bytes JMP 75b668fd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4                                                00000000704b1917 2 bytes JMP 75b6693d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4                                               00000000704b1922 2 bytes JMP 75b65afd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4                                               00000000704b192d 2 bytes JMP 75b6695d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                                                         00000000704b1938 2 bytes JMP 75b6697d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4                                             00000000704b1943 2 bytes JMP 75b6699d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4                                         00000000704b194e 2 bytes JMP 75b669bd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                                                 00000000704b1959 2 bytes JMP 75b669dd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                                                        00000000704b1964 2 bytes JMP 75b669fd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4                                                00000000704b196f 2 bytes JMP 75b66a1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4                                               00000000704b197a 2 bytes JMP 75b66a3d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                                                  00000000704b1985 2 bytes JMP 75b66a5d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4                                                00000000704b1990 2 bytes JMP 75b66a7d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4                                        00000000704b199b 2 bytes JMP 75b66a9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4                                            00000000704b19a6 2 bytes JMP 75b66abd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4                                             00000000704b19b1 2 bytes JMP 75b66add C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4                                               00000000704b19bc 2 bytes JMP 75b66afd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                                                  00000000704b19c7 2 bytes JMP 75b66b1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                                                         00000000704b19d2 2 bytes JMP 75b66b3d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                                                      00000000704b19dd 2 bytes JMP 75b65b9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4                                        00000000704b19e8 2 bytes JMP 75b66b7d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4                                            00000000704b19f3 2 bytes JMP 75b66b9d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4                                     00000000704b19fe 2 bytes JMP 75b66bdb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                                                    00000000704b1a09 2 bytes JMP 75b66bfb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                                                 00000000704b1a14 2 bytes JMP 75b66c1b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                                                  00000000704b1a1f 2 bytes JMP 75b65b1d C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                                                  00000000704b1a2a 2 bytes JMP 75b66c3b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4                                             00000000704b1a35 2 bytes JMP 75b66c5b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                                                 00000000704b1a40 2 bytes JMP 75b66c7b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4                                           00000000704b1a4b 2 bytes JMP 75b66c9b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4                                              00000000704b1a56 2 bytes JMP 75b66cbb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                                                       00000000704b1a61 2 bytes JMP 75b66cdb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                                                    00000000704b1a6c 2 bytes JMP 75b65bbd C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4                                                00000000704b1a77 2 bytes JMP 75b66cfb C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4                                         00000000704b1a82 2 bytes JMP 75b66d1b C:\Windows\syswow64\GDI32.dll
.text    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[3548] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52                                        00000000704b1ab2 2 bytes JMP 7520dc75 C:\Windows\syswow64\msvcrt.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                     0000000075ba1401 2 bytes JMP 75ddb21b C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                       0000000075ba1419 2 bytes JMP 75ddb346 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                     0000000075ba1431 2 bytes JMP 75e58f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                     0000000075ba144a 2 bytes CALL 75db489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                       * 9
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                        0000000075ba14dd 2 bytes JMP 75e58822 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                 0000000075ba14f5 2 bytes JMP 75e589f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                        0000000075ba150d 2 bytes JMP 75e58718 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                 0000000075ba1525 2 bytes JMP 75e58ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                       0000000075ba153d 2 bytes JMP 75dcfca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                            0000000075ba1555 2 bytes JMP 75dd68ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                     0000000075ba156d 2 bytes JMP 75e58fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                       0000000075ba1585 2 bytes JMP 75e58b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                          0000000075ba159d 2 bytes JMP 75e586dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                       0000000075ba15b5 2 bytes JMP 75dcfd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                     0000000075ba15cd 2 bytes JMP 75ddb2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                 0000000075ba16b2 2 bytes JMP 75e58ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\AsScrPro.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                 0000000075ba16bd 2 bytes JMP 75e58671 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\Application Hosting\Application Hosting.exe (*** suspicious ***) @ C:\ProgramData\Application Hosting\Application Hosting.exe [1792](2015-04-14 14:55:44)  0000000000bf0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                                           

---- EOF - GMER 2.1 ----

M-K-D-B · 28.05.2015, 21:22

Servus,

Zitat:

Ran by Va (ATTENTION: The logged in user is not administrator) on VANESSA on 28-05-2015 20:34:14

Alle unsere Tools benötigen Administratorrechte. Bitte FRST und TDSS-Killer neu als Admin ausführen.

armer tor · 28.05.2015, 21:37

Hier der TDSSKiller Report

Code:

ATTFilter

22:25:35.0874 0x0c88  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:26:06.0716 0x0c88  ============================================================
22:26:06.0716 0x0c88  Current date / time: 2015/05/28 22:26:06.0716
22:26:06.0716 0x0c88  SystemInfo:
22:26:06.0716 0x0c88  
22:26:06.0716 0x0c88  OS Version: 6.1.7601 ServicePack: 1.0
22:26:06.0716 0x0c88  Product type: Workstation
22:26:06.0716 0x0c88  ComputerName: VANESSA
22:26:06.0716 0x0c88  UserName: Administrator
22:26:06.0716 0x0c88  Windows directory: C:\Windows
22:26:06.0716 0x0c88  System windows directory: C:\Windows
22:26:06.0716 0x0c88  Running under WOW64
22:26:06.0716 0x0c88  Processor architecture: Intel x64
22:26:06.0716 0x0c88  Number of processors: 2
22:26:06.0716 0x0c88  Page size: 0x1000
22:26:06.0716 0x0c88  Boot type: Normal boot
22:26:06.0716 0x0c88  ============================================================
22:26:10.0132 0x0c88  KLMD registered as C:\Windows\system32\drivers\32857536.sys
22:26:10.0678 0x0c88  System UUID: {0D1E0FF7-115E-CC38-4964-0BA623867DBA}
22:26:11.0910 0x0c88  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:11.0942 0x0c88  Drive \Device\Harddisk1\DR1 - Size: 0xEEE00000 ( 3.73 Gb ), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:26:11.0942 0x0c88  ============================================================
22:26:11.0942 0x0c88  \Device\Harddisk0\DR0:
22:26:11.0942 0x0c88  MBR partitions:
22:26:11.0942 0x0c88  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1005B800
22:26:11.0973 0x0c88  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1325C800, BlocksNum 0x121D2000
22:26:11.0973 0x0c88  \Device\Harddisk1\DR1:
22:26:11.0988 0x0c88  MBR partitions:
22:26:11.0988 0x0c88  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x776FE0
22:26:11.0988 0x0c88  ============================================================
22:26:12.0035 0x0c88  C: <-> \Device\Harddisk0\DR0\Partition1
22:26:12.0066 0x0c88  D: <-> \Device\Harddisk0\DR0\Partition2
22:26:12.0066 0x0c88  ============================================================
22:26:12.0066 0x0c88  Initialize success
22:26:12.0066 0x0c88  ============================================================
22:26:58.0367 0x0d5c  ============================================================
22:26:58.0367 0x0d5c  Scan started
22:26:58.0367 0x0d5c  Mode: Manual; SigCheck; TDLFS; 
22:26:58.0367 0x0d5c  ============================================================
22:26:58.0367 0x0d5c  KSN ping started
22:26:58.0508 0x0d5c  KSN ping finished: false
22:27:00.0770 0x0d5c  ================ Scan system memory ========================
22:27:00.0770 0x0d5c  System memory - ok
22:27:00.0770 0x0d5c  ================ Scan services =============================
22:27:01.0035 0x0d5c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:27:01.0206 0x0d5c  1394ohci - ok
22:27:01.0269 0x0d5c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:27:01.0316 0x0d5c  ACPI - ok
22:27:01.0316 0x0d5c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:27:01.0394 0x0d5c  AcpiPmi - ok
22:27:01.0550 0x0d5c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:01.0612 0x0d5c  AdobeFlashPlayerUpdateSvc - ok
22:27:01.0659 0x0d5c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:27:01.0721 0x0d5c  adp94xx - ok
22:27:01.0768 0x0d5c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:27:01.0799 0x0d5c  adpahci - ok
22:27:01.0830 0x0d5c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:27:01.0862 0x0d5c  adpu320 - ok
22:27:01.0893 0x0d5c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:27:01.0955 0x0d5c  AeLookupSvc - ok
22:27:02.0002 0x0d5c  [ 6E79A119B0CE418FE44E0C824BF3F039, 7C7E8ED41EFCDB20C1A0C038BB6C53CDBE6709E3573C8A93B4059C0CD08759EB ] AFBAgent        C:\Windows\system32\FBAgent.exe
22:27:02.0096 0x0d5c  AFBAgent - ok
22:27:02.0158 0x0d5c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:27:02.0236 0x0d5c  AFD - ok
22:27:02.0252 0x0d5c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:27:02.0283 0x0d5c  agp440 - ok
22:27:02.0330 0x0d5c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:27:02.0376 0x0d5c  ALG - ok
22:27:02.0423 0x0d5c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:27:02.0454 0x0d5c  aliide - ok
22:27:02.0517 0x0d5c  [ 9CCAF5CCD848F8D77CD18DAA51F9C987, 1FA0A67765298F9CA701CC1C948390C2B8E71DA49D194AC2CB8FEADF4770A87D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:27:02.0642 0x0d5c  AMD External Events Utility - ok
22:27:02.0704 0x0d5c  AMD FUEL Service - ok
22:27:02.0751 0x0d5c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:27:02.0782 0x0d5c  amdide - ok
22:27:02.0813 0x0d5c  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
22:27:02.0844 0x0d5c  amdiox64 - ok
22:27:02.0891 0x0d5c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:27:02.0954 0x0d5c  AmdK8 - ok
22:27:03.0546 0x0d5c  [ 8BD152EAAEFEB8667E7E43FD8CAC3642, 19FA414A398D1C545E4C2C0322F9E35195AFD256419CCB3DFE8C84398DC03C71 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:04.0280 0x0d5c  amdkmdag - ok
22:27:04.0373 0x0d5c  [ 4112266BD3949EBE9B0B8AB198D3D0EE, 8CF582E6050013E2370A8269F4B9F12E91EA7FE35394E8E54EAC67B7A0B5D599 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:27:04.0420 0x0d5c  amdkmdap - ok
22:27:04.0451 0x0d5c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:27:04.0467 0x0d5c  AmdPPM - ok
22:27:04.0560 0x0d5c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:27:04.0607 0x0d5c  amdsata - ok
22:27:04.0732 0x0d5c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:27:04.0763 0x0d5c  amdsbs - ok
22:27:04.0779 0x0d5c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:27:04.0810 0x0d5c  amdxata - ok
22:27:04.0857 0x0d5c  [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7, B8953CC6B833E76F1483EFDB0198F14FA43E530D1A9FEA33260FD2EDB811B230 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
22:27:04.0888 0x0d5c  amd_sata - ok
22:27:04.0919 0x0d5c  [ 23726116B4FBCC84FC45B95157C08F5F, BCF1762FFB36D3846628917DC86CF26A83BDFE7D3DE54F8D6B1B1D3AC3E73F02 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
22:27:04.0950 0x0d5c  amd_xata - ok
22:27:04.0997 0x0d5c  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
22:27:05.0044 0x0d5c  androidusb - ok
22:27:05.0091 0x0d5c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
22:27:05.0153 0x0d5c  AppID - ok
22:27:05.0169 0x0d5c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:27:05.0200 0x0d5c  AppIDSvc - ok
22:27:05.0231 0x0d5c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:27:05.0294 0x0d5c  Appinfo - ok
22:27:05.0372 0x0d5c  [ 7F5028A20C78F10CA2E88EEF6D9C9BD1, 0C9C82AA7264311B38925EBD018E943686B3DDADC02FCD2BDBEF278AD6CD1C03 ] Application Hosting C:\ProgramData\Application Hosting\Application Hosting.exe
22:27:05.0387 0x0d5c  Application Hosting - detected UnsignedFile.Multi.Generic ( 1 )
22:27:05.0606 0x0d5c  Application Hosting ( UnsignedFile.Multi.Generic ) - warning
22:27:05.0621 0x0d5c  Force sending object to P2P due to detect: Application Hosting
22:27:05.0621 0x0d5c  Object send P2P result: false
22:27:05.0652 0x0d5c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:27:05.0684 0x0d5c  arc - ok
22:27:05.0699 0x0d5c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:27:05.0730 0x0d5c  arcsas - ok
22:27:05.0824 0x0d5c  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:27:05.0886 0x0d5c  ASLDRService - ok
22:27:05.0933 0x0d5c  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:27:05.0996 0x0d5c  ASMMAP64 - ok
22:27:06.0136 0x0d5c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:27:06.0183 0x0d5c  aspnet_state - ok
22:27:06.0198 0x0d5c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:06.0370 0x0d5c  AsyncMac - ok
22:27:06.0417 0x0d5c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:27:06.0432 0x0d5c  atapi - ok
22:27:06.0557 0x0d5c  [ F8633CDD09647A64EE8DB550630427FF, 565F32E6B1E8451B2DD866E4997336A47B8DC6669392BDAAF252C35C0383E8A3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:27:06.0698 0x0d5c  athr - ok
22:27:06.0760 0x0d5c  [ DBB487D09F56C674430AC454FD8BCAB9, CF6413DD5D4876CE1F65E40115994423804AA5EA5CBDEB433DB751B445C17BB8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:27:06.0791 0x0d5c  AtiHDAudioService - ok
22:27:06.0822 0x0d5c  [ 7910158929571214A959D5A6D16DD9C0, 9B4F8A3AF9E09B2F772EEF1CB8F7EAB8A226068784837F375AE97B89B0B3A383 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:27:06.0854 0x0d5c  ATKGFNEXSrv - ok
22:27:06.0916 0x0d5c  [ AC31727F9946E9009480708E4D1B9986, D1D5DC2A377D37483E10BF5F96D670712718BC27C753E86ABBB6C0708992E7C9 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:27:06.0947 0x0d5c  ATKWMIACPIIO - ok
22:27:07.0025 0x0d5c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:07.0103 0x0d5c  AudioEndpointBuilder - ok
22:27:07.0150 0x0d5c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:27:07.0212 0x0d5c  AudioSrv - ok
22:27:07.0244 0x0d5c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:27:07.0368 0x0d5c  AxInstSV - ok
22:27:07.0462 0x0d5c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:27:07.0524 0x0d5c  b06bdrv - ok
22:27:07.0618 0x0d5c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:27:07.0696 0x0d5c  b57nd60a - ok
22:27:07.0743 0x0d5c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:27:07.0774 0x0d5c  BDESVC - ok
22:27:07.0790 0x0d5c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:27:07.0868 0x0d5c  Beep - ok
22:27:07.0914 0x0d5c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:27:08.0008 0x0d5c  BFE - ok
22:27:08.0086 0x0d5c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:27:08.0367 0x0d5c  BITS - ok
22:27:08.0398 0x0d5c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:08.0429 0x0d5c  blbdrive - ok
22:27:08.0476 0x0d5c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:27:08.0523 0x0d5c  bowser - ok
22:27:08.0554 0x0d5c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:27:08.0648 0x0d5c  BrFiltLo - ok
22:27:08.0663 0x0d5c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:27:08.0694 0x0d5c  BrFiltUp - ok
22:27:08.0741 0x0d5c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:27:08.0788 0x0d5c  Browser - ok
22:27:08.0804 0x0d5c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:27:08.0866 0x0d5c  Brserid - ok
22:27:08.0866 0x0d5c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:08.0913 0x0d5c  BrSerWdm - ok
22:27:08.0928 0x0d5c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:08.0960 0x0d5c  BrUsbMdm - ok
22:27:08.0975 0x0d5c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:09.0006 0x0d5c  BrUsbSer - ok
22:27:09.0038 0x0d5c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:27:09.0084 0x0d5c  BthEnum - ok
22:27:09.0116 0x0d5c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:27:09.0162 0x0d5c  BTHMODEM - ok
22:27:09.0178 0x0d5c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:27:09.0209 0x0d5c  BthPan - ok
22:27:09.0272 0x0d5c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:27:09.0365 0x0d5c  BTHPORT - ok
22:27:09.0396 0x0d5c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:27:09.0474 0x0d5c  bthserv - ok
22:27:09.0521 0x0d5c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:27:09.0568 0x0d5c  BTHUSB - ok
22:27:09.0584 0x0d5c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:27:09.0662 0x0d5c  cdfs - ok
22:27:09.0693 0x0d5c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:27:09.0724 0x0d5c  cdrom - ok
22:27:09.0771 0x0d5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:27:09.0833 0x0d5c  CertPropSvc - ok
22:27:09.0864 0x0d5c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:27:09.0896 0x0d5c  circlass - ok
22:27:09.0942 0x0d5c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
22:27:09.0989 0x0d5c  CLFS - ok
22:27:10.0083 0x0d5c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:10.0130 0x0d5c  clr_optimization_v2.0.50727_32 - ok
22:27:10.0208 0x0d5c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:27:10.0254 0x0d5c  clr_optimization_v2.0.50727_64 - ok
22:27:10.0332 0x0d5c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:10.0379 0x0d5c  clr_optimization_v4.0.30319_32 - ok
22:27:10.0410 0x0d5c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:27:10.0442 0x0d5c  clr_optimization_v4.0.30319_64 - ok
22:27:10.0457 0x0d5c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:10.0488 0x0d5c  CmBatt - ok
22:27:10.0535 0x0d5c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:27:10.0551 0x0d5c  cmdide - ok
22:27:10.0613 0x0d5c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
22:27:10.0691 0x0d5c  CNG - ok
22:27:10.0707 0x0d5c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:27:10.0738 0x0d5c  Compbatt - ok
22:27:10.0754 0x0d5c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:27:10.0785 0x0d5c  CompositeBus - ok
22:27:10.0800 0x0d5c  COMSysApp - ok
22:27:10.0925 0x0d5c  cpuz134 - ok
22:27:10.0956 0x0d5c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:27:10.0988 0x0d5c  crcdisk - ok
22:27:11.0034 0x0d5c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:27:11.0081 0x0d5c  CryptSvc - ok
22:27:11.0237 0x0d5c  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:27:11.0331 0x0d5c  cvhsvc - ok
22:27:11.0424 0x0d5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:27:11.0534 0x0d5c  DcomLaunch - ok
22:27:11.0596 0x0d5c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:27:11.0674 0x0d5c  defragsvc - ok
22:27:11.0736 0x0d5c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:27:11.0799 0x0d5c  DfsC - ok
22:27:11.0846 0x0d5c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:27:11.0924 0x0d5c  Dhcp - ok
22:27:12.0080 0x0d5c  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
22:27:12.0220 0x0d5c  DiagTrack - ok
22:27:12.0236 0x0d5c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:27:12.0314 0x0d5c  discache - ok
22:27:12.0360 0x0d5c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:27:12.0392 0x0d5c  Disk - ok
22:27:12.0423 0x0d5c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:27:12.0470 0x0d5c  Dnscache - ok
22:27:12.0501 0x0d5c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:27:12.0594 0x0d5c  dot3svc - ok
22:27:12.0626 0x0d5c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:27:12.0704 0x0d5c  DPS - ok
22:27:12.0750 0x0d5c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:27:12.0782 0x0d5c  drmkaud - ok
22:27:12.0906 0x0d5c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:27:12.0984 0x0d5c  DXGKrnl - ok
22:27:13.0016 0x0d5c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:27:13.0094 0x0d5c  EapHost - ok
22:27:13.0312 0x0d5c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:27:13.0577 0x0d5c  ebdrv - ok
22:27:13.0624 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\Windows\System32\lsass.exe
22:27:13.0655 0x0d5c  EFS - ok
22:27:13.0764 0x0d5c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:27:13.0874 0x0d5c  ehRecvr - ok
22:27:13.0889 0x0d5c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:27:13.0952 0x0d5c  ehSched - ok
22:27:13.0998 0x0d5c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:27:14.0061 0x0d5c  elxstor - ok
22:27:14.0076 0x0d5c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:27:14.0108 0x0d5c  ErrDev - ok
22:27:14.0186 0x0d5c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:27:14.0295 0x0d5c  EventSystem - ok
22:27:14.0326 0x0d5c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:27:14.0404 0x0d5c  exfat - ok
22:27:14.0435 0x0d5c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:27:14.0513 0x0d5c  fastfat - ok
22:27:14.0591 0x0d5c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:27:14.0669 0x0d5c  Fax - ok
22:27:14.0685 0x0d5c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:27:14.0716 0x0d5c  fdc - ok
22:27:14.0747 0x0d5c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:27:14.0825 0x0d5c  fdPHost - ok
22:27:14.0841 0x0d5c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:27:14.0903 0x0d5c  FDResPub - ok
22:27:14.0934 0x0d5c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:27:14.0966 0x0d5c  FileInfo - ok
22:27:14.0981 0x0d5c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:27:15.0059 0x0d5c  Filetrace - ok
22:27:15.0075 0x0d5c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:27:15.0106 0x0d5c  flpydisk - ok
22:27:15.0153 0x0d5c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:27:15.0200 0x0d5c  FltMgr - ok
22:27:15.0324 0x0d5c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
22:27:15.0449 0x0d5c  FontCache - ok
22:27:15.0543 0x0d5c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:27:15.0574 0x0d5c  FontCache3.0.0.0 - ok
22:27:15.0590 0x0d5c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:27:15.0621 0x0d5c  FsDepends - ok
22:27:15.0668 0x0d5c  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:27:15.0683 0x0d5c  fssfltr - ok
22:27:15.0870 0x0d5c  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:27:16.0011 0x0d5c  fsssvc - ok
22:27:16.0058 0x0d5c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:27:16.0104 0x0d5c  Fs_Rec - ok
22:27:16.0151 0x0d5c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:27:16.0198 0x0d5c  fvevol - ok
22:27:16.0245 0x0d5c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:27:16.0276 0x0d5c  gagp30kx - ok
22:27:16.0385 0x0d5c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:27:16.0510 0x0d5c  gpsvc - ok
22:27:16.0541 0x0d5c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:27:16.0572 0x0d5c  hcw85cir - ok
22:27:16.0604 0x0d5c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:16.0650 0x0d5c  HdAudAddService - ok
22:27:16.0682 0x0d5c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:16.0728 0x0d5c  HDAudBus - ok
22:27:16.0728 0x0d5c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:27:16.0760 0x0d5c  HidBatt - ok
22:27:16.0791 0x0d5c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:27:16.0838 0x0d5c  HidBth - ok
22:27:16.0853 0x0d5c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:27:16.0884 0x0d5c  HidIr - ok
22:27:16.0916 0x0d5c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:27:16.0994 0x0d5c  hidserv - ok
22:27:17.0040 0x0d5c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:27:17.0072 0x0d5c  HidUsb - ok
22:27:17.0118 0x0d5c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:27:17.0196 0x0d5c  hkmsvc - ok
22:27:17.0228 0x0d5c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:27:17.0274 0x0d5c  HomeGroupListener - ok
22:27:17.0337 0x0d5c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:27:17.0462 0x0d5c  HomeGroupProvider - ok
22:27:17.0524 0x0d5c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:27:17.0571 0x0d5c  HpSAMD - ok
22:27:17.0649 0x0d5c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:27:17.0727 0x0d5c  HTTP - ok
22:27:17.0758 0x0d5c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:27:17.0774 0x0d5c  hwpolicy - ok
22:27:17.0820 0x0d5c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:17.0852 0x0d5c  i8042prt - ok
22:27:17.0930 0x0d5c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:27:17.0976 0x0d5c  iaStorV - ok
22:27:18.0086 0x0d5c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:27:18.0179 0x0d5c  idsvc - ok
22:27:18.0195 0x0d5c  IEEtwCollectorService - ok
22:27:18.0226 0x0d5c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:27:18.0257 0x0d5c  iirsp - ok
22:27:18.0335 0x0d5c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:27:18.0429 0x0d5c  IKEEXT - ok
22:27:18.0647 0x0d5c  [ 0A30A899C6295F908729EDA7F95615A8, CF99AF47C3C1CD04D3A780C3F0FA2AECD0057DF5D697F5584C6D84906E38EB17 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:27:18.0819 0x0d5c  IntcAzAudAddService - ok
22:27:18.0897 0x0d5c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:27:18.0928 0x0d5c  intelide - ok
22:27:18.0944 0x0d5c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
22:27:18.0975 0x0d5c  intelppm - ok
22:27:19.0022 0x0d5c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:27:19.0100 0x0d5c  IPBusEnum - ok
22:27:19.0115 0x0d5c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:19.0193 0x0d5c  IpFilterDriver - ok
22:27:19.0256 0x0d5c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:27:19.0334 0x0d5c  iphlpsvc - ok
22:27:19.0365 0x0d5c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:27:19.0396 0x0d5c  IPMIDRV - ok
22:27:19.0412 0x0d5c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:27:19.0490 0x0d5c  IPNAT - ok
22:27:19.0521 0x0d5c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:27:19.0599 0x0d5c  IRENUM - ok
22:27:19.0614 0x0d5c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:27:19.0646 0x0d5c  isapnp - ok
22:27:19.0724 0x0d5c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:27:19.0802 0x0d5c  iScsiPrt - ok
22:27:19.0848 0x0d5c  [ 4778C034B12DB297F47C9E75E839CC30, 0B676213D2DE1C9DE07F3AFD51DA3E9C65575A2167D1773D4F1F63B1CB80B035 ] jetdrive        C:\Windows\system32\DRIVERS\jddrv.sys
22:27:19.0895 0x0d5c  jetdrive - ok
22:27:19.0911 0x0d5c  JetDrive WindowsClosingService - ok
22:27:19.0942 0x0d5c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:19.0958 0x0d5c  kbdclass - ok
22:27:19.0973 0x0d5c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:27:20.0004 0x0d5c  kbdhid - ok
22:27:20.0051 0x0d5c  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
22:27:20.0098 0x0d5c  kbfiltr - ok
22:27:20.0129 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
22:27:20.0145 0x0d5c  KeyIso - ok
22:27:20.0192 0x0d5c  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:27:20.0223 0x0d5c  KSecDD - ok
22:27:20.0254 0x0d5c  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:27:20.0285 0x0d5c  KSecPkg - ok
22:27:20.0301 0x0d5c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:27:20.0379 0x0d5c  ksthunk - ok
22:27:20.0457 0x0d5c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:27:20.0566 0x0d5c  KtmRm - ok
22:27:20.0597 0x0d5c  [ 033B4AED2C5519072C0D81E00804D003, 6C450A604C382416C482FED43098B4E95BD61B480B0CEFD728A269446AF18708 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:27:20.0628 0x0d5c  L1C - ok
22:27:20.0675 0x0d5c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:27:20.0769 0x0d5c  LanmanServer - ok
22:27:20.0831 0x0d5c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:20.0909 0x0d5c  LanmanWorkstation - ok
22:27:20.0940 0x0d5c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:27:21.0018 0x0d5c  lltdio - ok
22:27:21.0065 0x0d5c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:27:21.0159 0x0d5c  lltdsvc - ok
22:27:21.0190 0x0d5c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:27:21.0268 0x0d5c  lmhosts - ok
22:27:21.0315 0x0d5c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:27:21.0346 0x0d5c  LSI_FC - ok
22:27:21.0362 0x0d5c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:27:21.0393 0x0d5c  LSI_SAS - ok
22:27:21.0408 0x0d5c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:27:21.0440 0x0d5c  LSI_SAS2 - ok
22:27:21.0455 0x0d5c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:27:21.0486 0x0d5c  LSI_SCSI - ok
22:27:21.0518 0x0d5c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:27:21.0596 0x0d5c  luafv - ok
22:27:21.0689 0x0d5c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:27:21.0720 0x0d5c  MBAMProtector - ok
22:27:21.0876 0x0d5c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
22:27:21.0970 0x0d5c  MBAMService - ok
22:27:22.0032 0x0d5c  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:27:22.0079 0x0d5c  MBAMWebAccessControl - ok
22:27:22.0142 0x0d5c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:27:22.0173 0x0d5c  Mcx2Svc - ok
22:27:22.0188 0x0d5c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:27:22.0220 0x0d5c  megasas - ok
22:27:22.0266 0x0d5c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:27:22.0298 0x0d5c  MegaSR - ok
22:27:22.0329 0x0d5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:27:22.0407 0x0d5c  MMCSS - ok
22:27:22.0422 0x0d5c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:27:22.0500 0x0d5c  Modem - ok
22:27:22.0516 0x0d5c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:27:22.0563 0x0d5c  monitor - ok
22:27:22.0594 0x0d5c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:27:22.0625 0x0d5c  mouclass - ok
22:27:22.0656 0x0d5c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:27:22.0688 0x0d5c  mouhid - ok
22:27:22.0734 0x0d5c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:27:22.0766 0x0d5c  mountmgr - ok
22:27:22.0859 0x0d5c  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:27:22.0906 0x0d5c  MpFilter - ok
22:27:22.0937 0x0d5c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:27:22.0984 0x0d5c  mpio - ok
22:27:23.0031 0x0d5c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:27:23.0109 0x0d5c  mpsdrv - ok
22:27:23.0218 0x0d5c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:27:23.0343 0x0d5c  MpsSvc - ok
22:27:23.0405 0x0d5c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:27:23.0436 0x0d5c  MRxDAV - ok
22:27:23.0483 0x0d5c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:23.0530 0x0d5c  mrxsmb - ok
22:27:23.0577 0x0d5c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:23.0624 0x0d5c  mrxsmb10 - ok
22:27:23.0670 0x0d5c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:23.0702 0x0d5c  mrxsmb20 - ok
22:27:23.0748 0x0d5c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:27:23.0764 0x0d5c  msahci - ok
22:27:23.0842 0x0d5c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:27:23.0873 0x0d5c  msdsm - ok
22:27:23.0904 0x0d5c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:27:23.0936 0x0d5c  MSDTC - ok
22:27:23.0982 0x0d5c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:27:24.0060 0x0d5c  Msfs - ok
22:27:24.0076 0x0d5c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:27:24.0154 0x0d5c  mshidkmdf - ok
22:27:24.0170 0x0d5c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:27:24.0201 0x0d5c  msisadrv - ok
22:27:24.0248 0x0d5c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:27:24.0341 0x0d5c  MSiSCSI - ok
22:27:24.0357 0x0d5c  msiserver - ok
22:27:24.0372 0x0d5c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:27:24.0450 0x0d5c  MSKSSRV - ok
22:27:24.0544 0x0d5c  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:27:24.0575 0x0d5c  MsMpSvc - ok
22:27:24.0591 0x0d5c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:24.0669 0x0d5c  MSPCLOCK - ok
22:27:24.0684 0x0d5c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:27:24.0747 0x0d5c  MSPQM - ok
22:27:24.0794 0x0d5c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:27:24.0856 0x0d5c  MsRPC - ok
22:27:24.0903 0x0d5c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:24.0934 0x0d5c  mssmbios - ok
22:27:24.0950 0x0d5c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:27:25.0028 0x0d5c  MSTEE - ok
22:27:25.0043 0x0d5c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:27:25.0074 0x0d5c  MTConfig - ok
22:27:25.0106 0x0d5c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:27:25.0137 0x0d5c  Mup - ok
22:27:25.0199 0x0d5c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:27:25.0308 0x0d5c  napagent - ok
22:27:25.0355 0x0d5c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:27:25.0402 0x0d5c  NativeWifiP - ok
22:27:25.0511 0x0d5c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:27:25.0589 0x0d5c  NDIS - ok
22:27:25.0652 0x0d5c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:25.0745 0x0d5c  NdisCap - ok
22:27:25.0776 0x0d5c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:25.0854 0x0d5c  NdisTapi - ok
22:27:25.0870 0x0d5c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:25.0948 0x0d5c  Ndisuio - ok
22:27:25.0979 0x0d5c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:26.0057 0x0d5c  NdisWan - ok
22:27:26.0088 0x0d5c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:27:26.0166 0x0d5c  NDProxy - ok
22:27:26.0198 0x0d5c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:27:26.0260 0x0d5c  NetBIOS - ok
22:27:26.0307 0x0d5c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:27:26.0385 0x0d5c  NetBT - ok
22:27:26.0416 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
22:27:26.0447 0x0d5c  Netlogon - ok
22:27:26.0510 0x0d5c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:27:26.0619 0x0d5c  Netman - ok
22:27:26.0712 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:26.0759 0x0d5c  NetMsmqActivator - ok
22:27:26.0790 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:26.0822 0x0d5c  NetPipeActivator - ok
22:27:26.0868 0x0d5c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:27:26.0962 0x0d5c  netprofm - ok
22:27:26.0993 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:27.0024 0x0d5c  NetTcpActivator - ok
22:27:27.0040 0x0d5c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:27.0071 0x0d5c  NetTcpPortSharing - ok
22:27:27.0102 0x0d5c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:27:27.0134 0x0d5c  nfrd960 - ok
22:27:27.0212 0x0d5c  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:27:27.0243 0x0d5c  NisDrv - ok
22:27:27.0321 0x0d5c  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
22:27:27.0399 0x0d5c  NisSrv - ok
22:27:27.0477 0x0d5c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:27:27.0617 0x0d5c  NlaSvc - ok
22:27:27.0648 0x0d5c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:27:27.0711 0x0d5c  Npfs - ok
22:27:27.0789 0x0d5c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:27:27.0851 0x0d5c  nsi - ok
22:27:27.0929 0x0d5c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:27:27.0992 0x0d5c  nsiproxy - ok
22:27:28.0148 0x0d5c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:27:28.0319 0x0d5c  Ntfs - ok
22:27:28.0350 0x0d5c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:27:28.0413 0x0d5c  Null - ok
22:27:28.0460 0x0d5c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:27:28.0491 0x0d5c  nvraid - ok
22:27:28.0553 0x0d5c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:27:28.0616 0x0d5c  nvstor - ok
22:27:28.0678 0x0d5c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:27:28.0709 0x0d5c  nv_agp - ok
22:27:28.0725 0x0d5c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:27:28.0756 0x0d5c  ohci1394 - ok
22:27:28.0803 0x0d5c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:28.0834 0x0d5c  ose - ok
22:27:29.0224 0x0d5c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:27:29.0583 0x0d5c  osppsvc - ok
22:27:29.0692 0x0d5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:27:29.0754 0x0d5c  p2pimsvc - ok
22:27:29.0832 0x0d5c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:27:29.0895 0x0d5c  p2psvc - ok
22:27:29.0957 0x0d5c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:27:30.0004 0x0d5c  Parport - ok
22:27:30.0066 0x0d5c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:27:30.0082 0x0d5c  partmgr - ok
22:27:30.0144 0x0d5c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:27:30.0191 0x0d5c  PcaSvc - ok
22:27:30.0222 0x0d5c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:27:30.0269 0x0d5c  pci - ok
22:27:30.0300 0x0d5c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:27:30.0332 0x0d5c  pciide - ok
22:27:30.0363 0x0d5c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:27:30.0410 0x0d5c  pcmcia - ok
22:27:30.0425 0x0d5c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:27:30.0456 0x0d5c  pcw - ok
22:27:30.0519 0x0d5c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:27:30.0597 0x0d5c  PEAUTH - ok
22:27:30.0753 0x0d5c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:27:30.0784 0x0d5c  PerfHost - ok
22:27:30.0987 0x0d5c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:27:31.0174 0x0d5c  pla - ok
22:27:31.0252 0x0d5c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:27:31.0330 0x0d5c  PlugPlay - ok
22:27:31.0361 0x0d5c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:27:31.0392 0x0d5c  PNRPAutoReg - ok
22:27:31.0424 0x0d5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:27:31.0470 0x0d5c  PNRPsvc - ok
22:27:31.0548 0x0d5c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:27:31.0642 0x0d5c  PolicyAgent - ok
22:27:31.0720 0x0d5c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:27:31.0814 0x0d5c  Power - ok
22:27:31.0876 0x0d5c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:27:31.0938 0x0d5c  PptpMiniport - ok
22:27:32.0001 0x0d5c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:27:32.0032 0x0d5c  Processor - ok
22:27:32.0094 0x0d5c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:27:32.0141 0x0d5c  ProfSvc - ok
22:27:32.0172 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:32.0204 0x0d5c  ProtectedStorage - ok
22:27:32.0235 0x0d5c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:27:32.0313 0x0d5c  Psched - ok
22:27:32.0438 0x0d5c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:27:32.0562 0x0d5c  ql2300 - ok
22:27:32.0594 0x0d5c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:27:32.0625 0x0d5c  ql40xx - ok
22:27:32.0687 0x0d5c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:27:32.0734 0x0d5c  QWAVE - ok
22:27:32.0765 0x0d5c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:27:32.0812 0x0d5c  QWAVEdrv - ok
22:27:32.0828 0x0d5c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:27:32.0906 0x0d5c  RasAcd - ok
22:27:32.0952 0x0d5c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:33.0015 0x0d5c  RasAgileVpn - ok
22:27:33.0062 0x0d5c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:27:33.0140 0x0d5c  RasAuto - ok
22:27:33.0171 0x0d5c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:33.0249 0x0d5c  Rasl2tp - ok
22:27:33.0327 0x0d5c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:27:33.0436 0x0d5c  RasMan - ok
22:27:33.0467 0x0d5c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:33.0545 0x0d5c  RasPppoe - ok
22:27:33.0561 0x0d5c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:27:33.0639 0x0d5c  RasSstp - ok
22:27:33.0686 0x0d5c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:27:33.0779 0x0d5c  rdbss - ok
22:27:33.0826 0x0d5c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:27:33.0857 0x0d5c  rdpbus - ok
22:27:33.0888 0x0d5c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:33.0966 0x0d5c  RDPCDD - ok
22:27:34.0013 0x0d5c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:27:34.0076 0x0d5c  RDPENCDD - ok
22:27:34.0138 0x0d5c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:27:34.0200 0x0d5c  RDPREFMP - ok
22:27:34.0294 0x0d5c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:27:34.0341 0x0d5c  RdpVideoMiniport - ok
22:27:34.0419 0x0d5c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:27:34.0481 0x0d5c  RDPWD - ok
22:27:34.0512 0x0d5c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:27:34.0544 0x0d5c  rdyboost - ok
22:27:34.0606 0x0d5c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:27:34.0684 0x0d5c  RemoteAccess - ok
22:27:34.0746 0x0d5c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:27:34.0840 0x0d5c  RemoteRegistry - ok
22:27:34.0871 0x0d5c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:27:34.0918 0x0d5c  RFCOMM - ok
22:27:34.0949 0x0d5c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:27:35.0027 0x0d5c  RpcEptMapper - ok
22:27:35.0074 0x0d5c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:27:35.0105 0x0d5c  RpcLocator - ok
22:27:35.0152 0x0d5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:27:35.0246 0x0d5c  RpcSs - ok
22:27:35.0293 0x0d5c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:27:35.0371 0x0d5c  rspndr - ok
22:27:35.0433 0x0d5c  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
22:27:35.0480 0x0d5c  RSUSBSTOR - ok
22:27:35.0573 0x0d5c  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:27:35.0636 0x0d5c  RTL8167 - ok
22:27:35.0651 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\Windows\system32\lsass.exe
22:27:35.0683 0x0d5c  SamSs - ok
22:27:35.0729 0x0d5c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:27:35.0761 0x0d5c  sbp2port - ok
22:27:35.0792 0x0d5c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:27:35.0870 0x0d5c  SCardSvr - ok
22:27:35.0917 0x0d5c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:27:35.0979 0x0d5c  scfilter - ok
22:27:36.0073 0x0d5c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:27:36.0213 0x0d5c  Schedule - ok
22:27:36.0275 0x0d5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:27:36.0353 0x0d5c  SCPolicySvc - ok
22:27:36.0385 0x0d5c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:27:36.0431 0x0d5c  SDRSVC - ok
22:27:36.0494 0x0d5c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:27:36.0556 0x0d5c  secdrv - ok
22:27:36.0587 0x0d5c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:27:36.0665 0x0d5c  seclogon - ok
22:27:36.0697 0x0d5c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:27:36.0775 0x0d5c  SENS - ok
22:27:36.0806 0x0d5c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:27:36.0837 0x0d5c  SensrSvc - ok
22:27:36.0868 0x0d5c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:27:36.0899 0x0d5c  Serenum - ok
22:27:36.0931 0x0d5c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
22:27:36.0962 0x0d5c  Serial - ok
22:27:36.0977 0x0d5c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:27:37.0009 0x0d5c  sermouse - ok
22:27:37.0118 0x0d5c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:27:37.0196 0x0d5c  SessionEnv - ok
22:27:37.0227 0x0d5c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:27:37.0258 0x0d5c  sffdisk - ok
22:27:37.0274 0x0d5c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:27:37.0305 0x0d5c  sffp_mmc - ok
22:27:37.0336 0x0d5c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:27:37.0367 0x0d5c  sffp_sd - ok
22:27:37.0399 0x0d5c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:27:37.0414 0x0d5c  sfloppy - ok
22:27:37.0523 0x0d5c  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:27:37.0617 0x0d5c  Sftfs - ok
22:27:37.0711 0x0d5c  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:27:37.0757 0x0d5c  sftlist - ok
22:27:37.0820 0x0d5c  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:27:37.0851 0x0d5c  Sftplay - ok
22:27:37.0882 0x0d5c  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:27:37.0913 0x0d5c  Sftredir - ok
22:27:37.0945 0x0d5c  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:27:37.0976 0x0d5c  Sftvol - ok
22:27:38.0007 0x0d5c  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:27:38.0054 0x0d5c  sftvsa - ok
22:27:38.0147 0x0d5c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:27:38.0257 0x0d5c  SharedAccess - ok
22:27:38.0319 0x0d5c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:38.0444 0x0d5c  ShellHWDetection - ok
22:27:38.0506 0x0d5c  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
22:27:38.0537 0x0d5c  SiSGbeLH - ok
22:27:38.0569 0x0d5c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:27:38.0584 0x0d5c  SiSRaid2 - ok
22:27:38.0615 0x0d5c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:27:38.0647 0x0d5c  SiSRaid4 - ok
22:27:38.0740 0x0d5c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:27:38.0818 0x0d5c  SkypeUpdate - ok
22:27:38.0849 0x0d5c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:27:38.0927 0x0d5c  Smb - ok
22:27:38.0990 0x0d5c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:27:39.0021 0x0d5c  SNMPTRAP - ok
22:27:39.0052 0x0d5c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:27:39.0083 0x0d5c  spldr - ok
22:27:39.0146 0x0d5c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:27:39.0239 0x0d5c  Spooler - ok
22:27:39.0489 0x0d5c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:27:39.0785 0x0d5c  sppsvc - ok
22:27:39.0848 0x0d5c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:27:39.0910 0x0d5c  sppuinotify - ok
22:27:39.0988 0x0d5c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:27:40.0066 0x0d5c  srv - ok
22:27:40.0129 0x0d5c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:27:40.0207 0x0d5c  srv2 - ok
22:27:40.0253 0x0d5c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:27:40.0285 0x0d5c  srvnet - ok
22:27:40.0347 0x0d5c  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
22:27:40.0409 0x0d5c  ssadbus - ok
22:27:40.0456 0x0d5c  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:27:40.0503 0x0d5c  ssadmdfl - ok
22:27:40.0550 0x0d5c  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
22:27:40.0612 0x0d5c  ssadmdm - ok
22:27:40.0675 0x0d5c  [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
22:27:40.0737 0x0d5c  ssadserd - ok
22:27:40.0815 0x0d5c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:27:40.0893 0x0d5c  SSDPSRV - ok
22:27:40.0924 0x0d5c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:27:41.0002 0x0d5c  SstpSvc - ok
22:27:41.0065 0x0d5c  [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
22:27:41.0096 0x0d5c  ss_bbus - ok
22:27:41.0127 0x0d5c  [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
22:27:41.0158 0x0d5c  ss_bmdfl - ok
22:27:41.0236 0x0d5c  [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
22:27:41.0283 0x0d5c  ss_bmdm - ok
22:27:41.0361 0x0d5c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:27:41.0392 0x0d5c  stexstor - ok
22:27:41.0486 0x0d5c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:27:41.0564 0x0d5c  stisvc - ok
22:27:41.0595 0x0d5c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:27:41.0626 0x0d5c  swenum - ok
22:27:41.0782 0x0d5c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:27:41.0860 0x0d5c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:27:41.0860 0x0d5c  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:27:41.0954 0x0d5c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:27:42.0063 0x0d5c  swprv - ok
22:27:42.0188 0x0d5c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:27:42.0359 0x0d5c  SysMain - ok
22:27:42.0406 0x0d5c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:42.0453 0x0d5c  TabletInputService - ok
22:27:42.0500 0x0d5c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:27:42.0625 0x0d5c  TapiSrv - ok
22:27:42.0656 0x0d5c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:27:42.0734 0x0d5c  TBS - ok
22:27:42.0890 0x0d5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:27:43.0046 0x0d5c  Tcpip - ok
22:27:43.0171 0x0d5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:27:43.0280 0x0d5c  TCPIP6 - ok
22:27:43.0405 0x0d5c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:27:43.0436 0x0d5c  tcpipreg - ok
22:27:43.0514 0x0d5c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:27:43.0561 0x0d5c  TDPIPE - ok
22:27:43.0639 0x0d5c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:27:43.0670 0x0d5c  TDTCP - ok
22:27:43.0732 0x0d5c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:27:43.0763 0x0d5c  tdx - ok
22:27:43.0810 0x0d5c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:27:43.0826 0x0d5c  TermDD - ok
22:27:43.0935 0x0d5c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
22:27:44.0044 0x0d5c  TermService - ok
22:27:44.0091 0x0d5c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:27:44.0138 0x0d5c  Themes - ok
22:27:44.0185 0x0d5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:27:44.0263 0x0d5c  THREADORDER - ok
22:27:44.0309 0x0d5c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:27:44.0387 0x0d5c  TrkWks - ok
22:27:44.0465 0x0d5c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:44.0543 0x0d5c  TrustedInstaller - ok
22:27:44.0653 0x0d5c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:44.0684 0x0d5c  tssecsrv - ok
22:27:44.0762 0x0d5c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:27:44.0793 0x0d5c  TsUsbFlt - ok
22:27:44.0840 0x0d5c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:27:44.0871 0x0d5c  TsUsbGD - ok
22:27:44.0933 0x0d5c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:27:45.0011 0x0d5c  tunnel - ok
22:27:45.0058 0x0d5c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:27:45.0089 0x0d5c  uagp35 - ok
22:27:45.0121 0x0d5c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:27:45.0214 0x0d5c  udfs - ok
22:27:45.0292 0x0d5c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:27:45.0323 0x0d5c  UI0Detect - ok
22:27:45.0355 0x0d5c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:27:45.0386 0x0d5c  uliagpkx - ok
22:27:45.0417 0x0d5c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:27:45.0448 0x0d5c  umbus - ok
22:27:45.0479 0x0d5c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:27:45.0495 0x0d5c  UmPass - ok
22:27:45.0557 0x0d5c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:27:45.0682 0x0d5c  upnphost - ok
22:27:45.0729 0x0d5c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:45.0776 0x0d5c  usbccgp - ok
22:27:45.0823 0x0d5c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:27:45.0869 0x0d5c  usbcir - ok
22:27:45.0916 0x0d5c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:27:45.0947 0x0d5c  usbehci - ok
22:27:46.0010 0x0d5c  [ 76E2FFAD301490BA27B947C6507752FB, A4C6FC5C3BF428C624D0792873CB01C8F16F49B0E8B36422025A1094F0AAE231 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:27:46.0041 0x0d5c  usbfilter - ok
22:27:46.0103 0x0d5c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:27:46.0150 0x0d5c  usbhub - ok
22:27:46.0197 0x0d5c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:27:46.0213 0x0d5c  usbohci - ok
22:27:46.0291 0x0d5c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:27:46.0322 0x0d5c  usbprint - ok
22:27:46.0384 0x0d5c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
22:27:46.0431 0x0d5c  usbscan - ok
22:27:46.0462 0x0d5c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:46.0509 0x0d5c  USBSTOR - ok
22:27:46.0571 0x0d5c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:27:46.0603 0x0d5c  usbuhci - ok
22:27:46.0665 0x0d5c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:27:46.0727 0x0d5c  usbvideo - ok
22:27:46.0759 0x0d5c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:27:46.0837 0x0d5c  UxSms - ok
22:27:46.0883 0x0d5c  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
22:27:46.0915 0x0d5c  VaultSvc - ok
22:27:46.0961 0x0d5c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:27:46.0993 0x0d5c  vdrvroot - ok
22:27:47.0055 0x0d5c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:27:47.0180 0x0d5c  vds - ok
22:27:47.0211 0x0d5c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:47.0258 0x0d5c  vga - ok
22:27:47.0289 0x0d5c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:27:47.0367 0x0d5c  VgaSave - ok
22:27:47.0398 0x0d5c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:27:47.0429 0x0d5c  vhdmp - ok
22:27:47.0523 0x0d5c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:27:47.0554 0x0d5c  viaide - ok
22:27:47.0601 0x0d5c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:27:47.0617 0x0d5c  volmgr - ok
22:27:47.0679 0x0d5c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:27:47.0726 0x0d5c  volmgrx - ok
22:27:47.0757 0x0d5c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:27:47.0804 0x0d5c  volsnap - ok
22:27:47.0851 0x0d5c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:27:47.0882 0x0d5c  vsmraid - ok
22:27:48.0007 0x0d5c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:27:48.0209 0x0d5c  VSS - ok
22:27:48.0256 0x0d5c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:27:48.0287 0x0d5c  vwifibus - ok
22:27:48.0319 0x0d5c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:27:48.0365 0x0d5c  vwififlt - ok
22:27:48.0397 0x0d5c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:27:48.0428 0x0d5c  vwifimp - ok
22:27:48.0475 0x0d5c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:27:48.0568 0x0d5c  W32Time - ok
22:27:48.0631 0x0d5c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:27:48.0646 0x0d5c  WacomPen - ok
22:27:48.0693 0x0d5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:27:48.0771 0x0d5c  WANARP - ok
22:27:48.0802 0x0d5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:27:48.0865 0x0d5c  Wanarpv6 - ok
22:27:49.0021 0x0d5c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:27:49.0130 0x0d5c  WatAdminSvc - ok
22:27:49.0255 0x0d5c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:27:49.0379 0x0d5c  wbengine - ok
22:27:49.0442 0x0d5c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:27:49.0489 0x0d5c  WbioSrvc - ok
22:27:49.0535 0x0d5c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:27:49.0613 0x0d5c  wcncsvc - ok
22:27:49.0660 0x0d5c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:49.0707 0x0d5c  WcsPlugInService - ok
22:27:49.0769 0x0d5c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:27:49.0785 0x0d5c  Wd - ok
22:27:49.0894 0x0d5c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:27:49.0988 0x0d5c  Wdf01000 - ok
22:27:50.0035 0x0d5c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:27:50.0081 0x0d5c  WdiServiceHost - ok
22:27:50.0113 0x0d5c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:27:50.0144 0x0d5c  WdiSystemHost - ok
22:27:50.0206 0x0d5c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:27:50.0284 0x0d5c  WebClient - ok
22:27:50.0362 0x0d5c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:27:50.0440 0x0d5c  Wecsvc - ok
22:27:50.0503 0x0d5c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:27:50.0581 0x0d5c  wercplsupport - ok
22:27:50.0612 0x0d5c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:27:50.0690 0x0d5c  WerSvc - ok
22:27:50.0737 0x0d5c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:50.0799 0x0d5c  WfpLwf - ok
22:27:50.0893 0x0d5c  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:27:50.0924 0x0d5c  WimFltr - ok
22:27:50.0986 0x0d5c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:27:51.0017 0x0d5c  WIMMount - ok
22:27:51.0080 0x0d5c  WinDefend - ok
22:27:51.0142 0x0d5c  WinHttpAutoProxySvc - ok
22:27:51.0251 0x0d5c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:27:51.0361 0x0d5c  Winmgmt - ok
22:27:51.0532 0x0d5c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
22:27:51.0719 0x0d5c  WinRM - ok
22:27:51.0860 0x0d5c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
22:27:51.0907 0x0d5c  WinUsb - ok
22:27:52.0016 0x0d5c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:27:52.0109 0x0d5c  Wlansvc - ok
22:27:52.0234 0x0d5c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:27:52.0265 0x0d5c  wlcrasvc - ok
22:27:52.0468 0x0d5c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:27:52.0624 0x0d5c  wlidsvc - ok
22:27:52.0671 0x0d5c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:27:52.0702 0x0d5c  WmiAcpi - ok
22:27:52.0796 0x0d5c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:27:52.0827 0x0d5c  wmiApSrv - ok
22:27:52.0889 0x0d5c  WMPNetworkSvc - ok
22:27:52.0952 0x0d5c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:27:52.0983 0x0d5c  WPCSvc - ok
22:27:53.0030 0x0d5c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:27:53.0061 0x0d5c  WPDBusEnum - ok
22:27:53.0123 0x0d5c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:27:53.0201 0x0d5c  ws2ifsl - ok
22:27:53.0233 0x0d5c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:27:53.0279 0x0d5c  wscsvc - ok
22:27:53.0326 0x0d5c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:27:53.0373 0x0d5c  WSDPrintDevice - ok
22:27:53.0420 0x0d5c  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:27:53.0451 0x0d5c  WSDScan - ok
22:27:53.0482 0x0d5c  WSearch - ok
22:27:53.0701 0x0d5c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:27:53.0935 0x0d5c  wuauserv - ok
22:27:53.0997 0x0d5c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:27:54.0075 0x0d5c  WudfPf - ok
22:27:54.0106 0x0d5c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:54.0137 0x0d5c  WUDFRd - ok
22:27:54.0200 0x0d5c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:27:54.0231 0x0d5c  wudfsvc - ok
22:27:54.0293 0x0d5c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:27:54.0356 0x0d5c  WwanSvc - ok
22:27:54.0481 0x0d5c  ================ Scan global ===============================
22:27:54.0543 0x0d5c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:27:54.0590 0x0d5c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
22:27:54.0652 0x0d5c  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
22:27:54.0699 0x0d5c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:27:54.0761 0x0d5c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:27:54.0777 0x0d5c  [ Global ] - ok
22:27:54.0777 0x0d5c  ================ Scan MBR ==================================
22:27:54.0808 0x0d5c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:55.0385 0x0d5c  \Device\Harddisk0\DR0 - ok
22:27:55.0401 0x0d5c  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
22:27:55.0619 0x0d5c  \Device\Harddisk1\DR1 - ok
22:27:55.0619 0x0d5c  ================ Scan VBR ==================================
22:27:55.0635 0x0d5c  [ B4A6047DFC0BE341D16F429E084E05C2 ] \Device\Harddisk0\DR0\Partition1
22:27:55.0651 0x0d5c  \Device\Harddisk0\DR0\Partition1 - ok
22:27:55.0682 0x0d5c  [ 35F4BBC6B937761AE7440AC5822564C4 ] \Device\Harddisk0\DR0\Partition2
22:27:55.0682 0x0d5c  \Device\Harddisk0\DR0\Partition2 - ok
22:27:55.0697 0x0d5c  [ 80B1C80F0A2A638CA190B3A87D5A8DCE ] \Device\Harddisk1\DR1\Partition1
22:27:55.0697 0x0d5c  \Device\Harddisk1\DR1\Partition1 - ok
22:27:55.0697 0x0d5c  ================ Scan generic autorun ======================
22:27:55.0885 0x0d5c  [ 0BE126224273ACB0925C07B30A0E4209, CFFFCA6E70B1818438157209A99B573D06F8FC9F773F8EF3DE4A997A1992F25A ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
22:27:56.0056 0x0d5c  RtHDVBg - ok
22:27:56.0134 0x0d5c  [ 5447AF432CDA61159ADDE218C468FFD9, 63BD74521F679F195C24C1818267ECCBD8A7F5C2B4CEF3E60EC46B5AE0AC72A8 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
22:27:56.0181 0x0d5c  AdobeAAMUpdater-1.0 - ok
22:27:56.0337 0x0d5c  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
22:27:56.0462 0x0d5c  MSC - ok
22:27:56.0477 0x0d5c  shopperz - ok
22:27:56.0477 0x0d5c  shopperz64 - ok
22:27:56.0555 0x0d5c  [ 8784236EED5079493DA9FC95B28B89F8, E59C349B964F585C27F63FBF7C1B5D7C6CF8CC958BD35100A36D57542DC13972 ] C:\Windows\SYSTEM32\WerFault.exe
22:27:56.0602 0x0d5c  *WerKernelReporting - ok
22:27:56.0696 0x0d5c  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
22:27:56.0727 0x0d5c  HControlUser - ok
22:27:56.0899 0x0d5c  [ 36E7CE6EA4C190AA88C25CDD3C89D84C, F5F927116329982712310295CBFB3B9EA228FF9A7054E6BCB395B37C45D8DEA8 ] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
22:27:57.0070 0x0d5c  Wireless Console 3 - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0070 0x0d5c  Wireless Console 3 ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0164 0x0d5c  [ 8F9DCED3A575C7DC6011934AF06A052F, B37AC51B31991AEA1404F484C25C80A0004426F7377943423C35AE67D0D4EC5F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:27:57.0211 0x0d5c  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0211 0x0d5c  StartCCC ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0289 0x0d5c  [ 27CFFB1E41A2BE2A25957A679BD84E10, 521DC8F3439EAA780AE0DA68B0FC6E671963AF76E165590EA83D2F6896B1C941 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
22:27:57.0335 0x0d5c  AdobeCS5ServiceManager - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0335 0x0d5c  AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0382 0x0d5c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:27:57.0429 0x0d5c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:27:57.0429 0x0d5c  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0460 0x0d5c  Sidebar - ok
22:27:57.0491 0x0d5c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:27:57.0538 0x0d5c  mctadmin - ok
22:27:57.0554 0x0d5c  Sidebar - ok
22:27:57.0569 0x0d5c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:27:57.0601 0x0d5c  mctadmin - ok
22:27:57.0788 0x0d5c  [ 9EB925EDC8CF1C3D06E50E9348B54A0A, 99C1F8D40A65E1F4975B0D1180B3056712832E0E8FBE829785FDD505B6222AEA ] C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
22:27:57.0819 0x0d5c  Facebook Update - ok
22:27:58.0147 0x0d5c  [ 24B1666FD14CC71C7B0679AC61625B90, 4243F0B91BF9EAB365BBC724F5984FEB3AD74DF91EAF15F36A44DEA0AEDB7D20 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
22:27:58.0443 0x0d5c  msnmsgr - ok
22:27:58.0583 0x0d5c  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
22:27:58.0615 0x0d5c  ISUSPM - ok
22:27:58.0661 0x0d5c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61010 ( enabled : outofdate )
22:27:58.0693 0x0d5c  Win FW state via NFP2: enabled
22:27:58.0693 0x0d5c  ============================================================
22:27:58.0693 0x0d5c  Scan finished
22:27:58.0693 0x0d5c  ============================================================
22:27:58.0708 0x0ebc  Detected object count: 6
22:27:58.0708 0x0ebc  Actual detected object count: 6
22:28:51.0951 0x0ebc  Application Hosting ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  Application Hosting ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0951 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0951 0x0ebc  Wireless Console 3 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  Wireless Console 3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0951 0x0ebc  StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0951 0x0ebc  StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0967 0x0ebc  AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0967 0x0ebc  AdobeCS5ServiceManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:28:51.0967 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:51.0967 0x0ebc  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

M-K-D-B · 28.05.2015, 22:00

Servus,

FRST nochmal als Administrator ausführen:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

armer tor · 28.05.2015, 22:08

Hallo Matthias,

anbei die neuen Logs. Dazu noch ne Frage: Soll ich mit dem infizierten Laptop ins Internet gehen? Ich hab bisher die Check-programme auf meinen PC runtergeladen, auf einen USB-Stick gepackt und von diesem aus auf dem Laptop gestartet. Kann ich das alles problemlos auf dem Laptop machen? Mein bisheriges Verfahren ist bischen umständlich.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Administrator (administrator) on VANESSA on 28-05-2015 22:49:24
Running from F:\
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\Application Hosting\Application Hosting.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-533800774-2781401254-862098746-500\...\MountPoints2: E - E:\tools\shelexec.exe html\index.htm
HKU\S-1-5-21-533800774-2781401254-862098746-500\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-14]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe (No File)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRak5VLd2-qOELyVxZYVzEWTOSLvRC5kQFMUFB7HWxsC9qmgaEbtsWspeiXQk_8_R5znT6R1fDwhz3ZT22Ce-MfY_wYPvYB4AnBCxL1g_GQSduAYPn-8I3RnEZZS00xXKu2ObU3QI19LskZNnUYycjKHjOqjFsJR-kRbYXjgg&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Va\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-10-03]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Va\AppData\Roaming\Mozilla\Firefox\Profiles\f5c4pyvy.default-1405273851257\extensions\istart_ffnt@gmail.com
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-15] <==== ATTENTION

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\Users\Va\AppData\Local\{D84737A7-566F-467F-AF2D-8B712DAC0561}
2015-05-28 21:25 - 2015-05-28 21:25 - 576024606 _____ () C:\Windows\MEMORY.DMP
2015-05-28 21:25 - 2015-05-28 21:25 - 00455656 _____ () C:\Windows\Minidump\052815-46254-01.dmp
2015-05-28 21:25 - 2015-05-28 21:25 - 00000000 ____D () C:\Windows\Minidump
2015-05-28 20:34 - 2015-05-28 22:49 - 00000000 ____D () C:\FRST
2015-05-28 20:31 - 2015-05-28 20:31 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-28 20:17 - 2015-05-28 20:17 - 00000000 ____D () C:\Users\Va\AppData\Local\{44EFFC24-9A11-456C-9B68-99F4DE8F578A}
2015-05-28 17:52 - 2015-05-28 17:52 - 00000000 ____D () C:\Users\Va\AppData\Local\{F4AD3D71-E05D-462F-82A8-8175F86F3613}
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\Users\Va\AppData\Local\{226B8C84-8E97-4400-8B07-CA88C3F60E3F}
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{1432F450-032F-4DCA-A989-3212D395CE53}
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 ____D () C:\Users\Va\AppData\Local\{05E28185-CE2F-4D67-A3B9-969D18B71351}
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Users\Va\AppData\Local\{0B366F7F-19FB-4669-9467-4C433FEC4700}
2015-05-20 00:23 - 2015-05-20 08:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:23 - 2015-05-20 00:23 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-05-19 23:32 - 2015-05-27 22:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 23:19 - 2015-05-19 23:24 - 00000000 ____D () C:\AdwCleaner
2015-05-19 17:08 - 2015-05-20 00:21 - 00058584 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00059088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\Documents\FILSHtray
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FILSH_Media_GmbH
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-19 17:07 - 2015-05-28 20:31 - 00000000 ____D () C:\Users\Administrator
2015-05-19 17:07 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-05-19 17:07 - 2015-05-19 17:07 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go
2015-05-19 17:07 - 2012-10-14 18:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-05-19 17:07 - 2012-10-11 09:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-05-19 17:07 - 2011-08-11 18:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-05-19 17:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 17:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 15:13 - 2015-05-19 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{2D494D01-B861-49E4-B3D9-355F35CB2E4E}
2015-05-16 22:25 - 2015-05-27 21:51 - 00000272 _____ () C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
2015-05-16 22:21 - 2015-05-20 20:20 - 00058584 _____ () C:\Users\Va\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 22:20 - 2015-05-28 22:41 - 00002558 _____ () C:\Windows\setupact.log
2015-05-16 22:20 - 2015-05-16 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 22:19 - 2015-05-20 08:47 - 00002716 _____ () C:\Windows\PFRO.log
2015-05-16 22:19 - 2015-05-20 00:18 - 04822584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 22:18 - 2015-05-16 22:18 - 00088172 _____ () C:\Users\Va\Documents\cc_20150516_221800.reg
2015-05-16 21:44 - 2015-05-16 21:44 - 00001142 _____ () C:\Users\Va\Desktop\ASUS Produktregistrierung.lnk
2015-05-16 21:26 - 2015-05-16 21:26 - 00000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2015-05-16 11:04 - 2015-05-16 11:05 - 00000000 ____D () C:\Users\Va\AppData\Local\{F001455B-59BE-4115-AE64-C165EFB84113}
2015-05-15 22:36 - 2015-05-19 23:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:24 - 2015-05-15 17:24 - 00000000 ____D () C:\Users\Va\AppData\Local\{7A20DB37-FBC4-4BCF-A0D4-EE44E831AD1F}
2015-05-15 00:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 18:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 18:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 18:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 18:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 18:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 18:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 18:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 18:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 18:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 18:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 18:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 18:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 18:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 18:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 18:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 18:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 18:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 18:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 18:17 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 18:17 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 18:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:49 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:49 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:49 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:46 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:46 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:46 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:46 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:46 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:46 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:46 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:44 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 16:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 15:14 - 2015-05-14 15:14 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{799E0E24-8409-4364-BAA9-CC81AB87C1DC}
2015-05-03 14:16 - 2015-05-03 14:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{AB8A634F-5BD1-4B6B-BC2B-6BEB6328F204}
2015-05-03 12:13 - 2015-05-03 12:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{CC9CB319-0D4D-4A95-8B0E-474F65A4F04D}
2015-05-03 12:12 - 2015-05-03 12:14 - 00000000 ____D () C:\Users\Va\Documents\Fax
2015-05-02 10:55 - 2015-05-02 10:55 - 00684184 _____ (Opera Software) C:\Users\Va\Downloads\Opera_NI_stable.exe
2015-05-02 09:58 - 2015-05-02 09:59 - 00000000 ____D () C:\Users\Va\AppData\Local\{D135E88E-4572-4C5E-A949-EB6173D0C63E}
2015-04-29 20:50 - 2015-05-14 19:42 - 00003736 _____ () C:\Windows\System32\Tasks\keepup
2015-04-29 20:42 - 2015-04-29 20:42 - 00000000 ____D () C:\Users\Va\AppData\Local\{827C5103-74DE-4620-B4AE-AED0DA9E9E6F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 22:48 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 22:48 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 22:44 - 2011-08-11 17:44 - 01896372 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 22:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 22:25 - 2011-12-24 23:50 - 00000000 ____D () C:\Users\Va\Tracing
2015-05-28 21:59 - 2012-04-11 22:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 20:05 - 2011-12-24 22:46 - 00001126 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
2015-05-28 15:06 - 2014-12-03 20:03 - 00001312 _____ () C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-05-28 15:05 - 2015-04-14 23:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
2015-05-27 22:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 22:07 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2015-05-27 22:07 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2015-05-27 22:07 - 2009-07-14 07:13 - 01652924 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 21:13 - 2015-04-21 17:35 - 00000000 ____D () C:\Users\Va\AppData\Roaming\jellylam
2015-05-20 21:13 - 2015-04-14 23:10 - 00000000 ____D () C:\Users\Va\AppData\Roaming\Winsta
2015-05-20 21:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-20 21:00 - 2011-04-13 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-20 20:58 - 2011-08-11 18:14 - 00000000 ____D () C:\Windows\SysWOW64\ASUS_Screensaver dir
2015-05-20 20:57 - 2014-07-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetDrive
2015-05-20 08:49 - 2011-08-11 18:12 - 00002052 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-20 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-20 00:20 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-20 00:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-19 23:41 - 2012-11-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-19 23:28 - 2011-12-24 07:02 - 00000000 ___HD () C:\ASUS.DAT
2015-05-19 23:24 - 2011-12-24 07:01 - 00000000 ____D () C:\Users\Va
2015-05-19 18:06 - 2011-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\FILSHtray
2015-05-16 22:21 - 2011-08-11 18:12 - 00002628 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-05-16 22:16 - 2015-04-14 23:13 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429045976
2015-05-16 22:07 - 2015-04-14 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-16 21:38 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-15 17:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 17:08 - 2011-04-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:47 - 2012-01-17 23:23 - 01680542 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 00:47 - 2012-01-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-15 00:43 - 2014-07-13 17:46 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-15 00:43 - 2014-07-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-15 00:42 - 2014-07-13 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-15 00:33 - 2013-03-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 00:30 - 2013-03-15 14:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:42 - 2015-04-21 17:35 - 00003212 _____ () C:\Windows\System32\Tasks\DriverMgr
2015-05-14 19:42 - 2015-04-21 17:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 19:42 - 2015-04-14 23:11 - 00003264 _____ () C:\Windows\System32\Tasks\Winsta Update
2015-05-14 19:41 - 2011-08-11 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-03 14:14 - 2013-10-03 19:05 - 00250368 ___SH () C:\Users\Va\Desktop\Thumbs.db
2015-04-29 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2013-10-24 21:18 - 2013-10-24 21:18 - 50053120 _____ () C:\Program Files (x86)\GUTF19F.tmp
2014-01-10 19:50 - 2014-01-10 19:52 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-08-11 18:18 - 2011-08-11 18:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-11 18:17 - 2011-08-11 18:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Va\AppData\Local\Temp\_is9211.exe
C:\Users\Va\AppData\Local\Temp\_isBE10.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-28 21:55

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Administrator at 2015-05-28 22:57:11
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-533800774-2781401254-862098746-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-533800774-2781401254-862098746-501 - Limited - Disabled)
Va (S-1-5-21-533800774-2781401254-862098746-1001 - Limited - Enabled) => C:\Users\Va

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6403 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Search and Replace (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version:  - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-05-2015 22:02:22 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - System32\Tasks\DriverMgr => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
Task: {1ED7DB9C-9C9E-403A-8E88-D09EC3827B95} - System32\Tasks\Opera scheduled Autoupdate 1429045976 => C:\Program Files (x86)\Opera\launcher.exe
Task: {3784E8E7-FBBC-48C9-B9AE-70952BC1AF51} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {3F28BADE-562D-461D-AD2D-FCE062CA8124} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {56F6D449-E585-438C-8A51-E64B9230733C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - System32\Tasks\Winsta Update => C:\Users\Va\AppData\Roaming\Winsta\Winsta.exe
Task: {6B9B662E-6011-4EB7-9083-5716BFBBEDE4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {727A5C42-AD25-48B6-BBC6-74F4DC93E0D7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
Task: {BDD2569C-506C-4570-921A-144F215CF5CC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {BE1B5CC3-1DD1-4857-B50C-E391162850A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C7F92DC1-6EE9-43D7-95AC-812DD896364C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CD261114-0A77-4821-BF44-202A1628E6D9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D4D32529-B039-4D5E-871A-DB6AD6F8AA06} - System32\Tasks\{F1E2C16D-7C1B-447B-89AF-DBE53988F55C} => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Task: {E8C2F878-1D4C-4360-8446-67CEF041D04C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {ED8BBEC9-7191-4B92-B1FD-65A54AEBFE91} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {F2BD4C9B-69AC-43FC-A620-B7C58FF2355E} - System32\Tasks\AdobeAAMUpdater-1.0-VANESSA-Va => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F7A0A87A-1FD8-41EA-9942-FA91F2662CA5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-13 19:23 - 2011-07-13 19:23 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-04-14 16:55 - 2015-04-14 16:55 - 00034304 _____ () C:\ProgramData\Application Hosting\Application Hosting.exe
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-06-10 19:49 - 2011-06-10 19:49 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533800774-2781401254-862098746-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{D937DAF1-0E89-4549-8ADF-0103B21110E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90B9A9CB-6E84-40C9-8639-F26816E9C8D9}] => (Allow) C:\Users\Va\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1AE4FF3B-5152-4233-AE6C-83F30FCA38F0}] => (Allow) C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 10:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 09:26:00 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 08:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005107c
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (05/28/2015 08:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005107c
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig


System errors:
=============
Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:52:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/28/2015 10:52:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (05/28/2015 10:45:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/28/2015 10:43:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.16.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:43:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/28/2015 10:43:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.197.2716.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office:
=========================
Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 10:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 09:26:00 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 08:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c

Error: (05/28/2015 08:41:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c

Error: (05/28/2015 06:41:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 06:31:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/28/2015 06:02:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (05/28/2015 05:52:05 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/27/2015 11:02:21 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig


CodeIntegrity Errors:
===================================
  Date: 2013-10-01 19:40:42.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:40.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:39.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:36.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:30.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:28.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:25.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:23.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:58.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:33:55.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD E-350 Processor
Percentage of memory in use: 30%
Total physical RAM: 3691.71 MB
Available physical RAM: 2576.95 MB
Total Pagefile: 7381.64 MB
Available Pagefile: 6118.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:59.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:142.43 GB) NTFS
Drive f: (VERBATIM) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0CD9B3F5)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=128.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 0C55F312)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

M-K-D-B · 29.05.2015, 20:12

Servus,

sofern es möglich ist, sollst du natürlich alle Programme auf den infizierten PC laden (direkt auf den Desktop) und von dort starten.

Auch so mit FRST:

Zitat:

Running from F:\

Alle Tools zukünftig auf den Desktop des infizierten Laptops laden und von dort starten, immer mit Internetverbindung.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

armer tor · 29.05.2015, 23:27

Hallo Matthias,

hat leider etwas gedauert bis ich alles auf dem Laptop hatte. Der Scan ist zwei mal gelaufen, weil beim ersten Durchgang was gefunden wurde. Hab dann laut Anleitung CleanUp gemacht und ein zweites Mal gescannt. Jetzt ohne Befund. Hier das Logfile.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.29.06
  rootkit: v2015.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Administrator :: VANESSA [administrator]

29.05.2015 22:59:10
mbar-log-2015-05-29 (22-59-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 397591
Time elapsed: 40 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

armer tor · 31.05.2015, 13:40

Hallo,

hier die restlichen Logfiles.

Kurze Frage: Ist das ok, dass auf Filepony immer ein Popup aufgeht mit "Enfernen von Malware" oder "Computerabstürze fixen" von reimageplus.com.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.05.2015
Suchlauf-Zeit: 13:26:24
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.30.06
Rootkit Datenbank: v2015.05.24.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 409834
Verstrichene Zeit: 34 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 13
PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [3a944c4de4a690a6bc9d6af29c679e62], 
PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [3a944c4de4a690a6bc9d6af29c679e62], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [9d3199003456d462e3d32578bf44a060], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [6668e6b3eaa0de587d1bd7495aaac040], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [309ea4f5c1c9ce6873e1a8d6ee171ae6], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [ce00aaef6822f93deeb705775ca941bf], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [ab23eeab078345f155ffdba349bc8977], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.5, In Quarantäne, [8c42afea66245ed85f0b0025c34151af], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [517dbfdabbcf57dfa8fab237857ee917], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [725ce8b1dfaba195aff32bbe000327d9], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [2f9fb3e61d6d73c30e9252269a6bf30d], 
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\OPTIMIZER PRO, In Quarantäne, [57771f7ac1c916201fbeb8c5a85dc43c], 
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\SUPER OPTIMIZER, In Quarantäne, [ab2356435c2e290d6b69a6d56c992dd3], 

Registrierungswerte: 7
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz, C:\Program Files\shopperz\wrex.exe, In Quarantäne, [bc1242574a409b9bc727bb3941c27f81]
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz64, C:\Program Files\shopperz\wrex64.exe, In Quarantäne, [05c9f9a07e0c23139d52e50fe91a7a86]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [309ea4f5c1c9ce6873e1a8d6ee171ae6]
PUP.Optional.SonicSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRak5VLd2-qOELyVxZYVzEWTOSLvRC5kQFMUFB7HWxsC9qmgaEbtsWspeiXQk_8_R5znT6R1fDwhz3ZT22Ce-MfY_wYPvYB4AnBCxL1g_GQSduAYPn-8I3RnEZZS00xXKu2ObU3QI19LskZNnUYycjKHjOqjFsJR-kRbYXjgg&q={searchTerms}, In Quarantäne, [a7279405e9a11521ecfeda9c83825ea2]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [ab23eeab078345f155ffdba349bc8977]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, hxxp://www.safeshopgate.com/r?s=121000700&g=42457F94-7277-4D23-AF91-6A92F4C914B9, In Quarantäne, [57771f7ac1c916201fbeb8c5a85dc43c]
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, hxxp://supc6.superpctools.revenuewire.net/spu/register?221001702_6D64DB99-379B-496B-A4BC-51CD328B2B79, In Quarantäne, [ab2356435c2e290d6b69a6d56c992dd3]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 7
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, In Quarantäne, [01cd4752e5a51b1bf8bea440b15202fe], 
PUP.Optional.OptimizerPro.A, C:\Users\Va\Documents\Optimizer Pro, In Quarantäne, [9e30b3e61278f93d00dbe697ad58d729], 
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], 
PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], 
PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro\Backup, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], 
PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro\Log, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], 
PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro\Undo, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], 

Dateien: 9
PUP.Optional.Multiplug.A, C:\Program Files (x86)\TrimModule\TrimModule.dll, In Quarantäne, [98369603addd82b4a4e10d410ff3659b], 
PUP.Optional.InstallCore.SID.C, C:\Users\Va\Downloads\Setup.exe, In Quarantäne, [46884c4dbad05fd7a606a7c41ceaae52], 
PUP.Optional.VeriStaff, C:\Windows\Installer\8be53.msi, In Quarantäne, [d1fda7f2098148ee3c22312e5da39070], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\8be45.msi, In Quarantäne, [ffcfd6c33d4d6ec8f0d8aa0e758c40c0], 
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, In Quarantäne, [01cd4752e5a51b1bf8bea440b15202fe], 
PUP.Optional.OptimizerPro.A, C:\Users\Va\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [9e30b3e61278f93d00dbe697ad58d729], 
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], 
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], 
PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on 31.05.2015 at 14:17:40,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\DriverMgr
Successfully deleted: [Task] C:\Windows\system32\tasks\Winsta Update



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\mozilla firefox\firefox.cfg
Successfully deleted: [File] C:\Windows\syswow64\sho50D4.tmp



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2015 at 14:22:16,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 05/31/2015 02:23:18 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Administrator\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 05/31/2015 02:23:20 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Administrator (administrator) on VANESSA on 31-05-2015 14:25:09
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dq67a9fw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Va\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
StartMenuInternet: FIREFOX.EXE - C:\Users\Administrator\Desktop\Firefox\firefox.exe

Chrome: 
=======
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 14:25 - 2015-05-31 14:25 - 00010964 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-05-31 14:23 - 2015-05-31 14:23 - 00001922 _____ () C:\Users\Administrator\Desktop\sc-cleaner.txt
2015-05-31 14:22 - 2015-05-31 14:22 - 00001733 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-05-31 14:17 - 2015-05-31 14:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VANESSA-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 14:17 - 2015-05-31 14:17 - 00000000 ____D () C:\RegBackup
2015-05-31 14:14 - 2015-05-31 14:16 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\sc-cleaner.exe
2015-05-31 14:11 - 2015-05-31 14:11 - 02947635 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2015-05-31 12:25 - 2015-05-31 14:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Logfiles_2015-05-31
2015-05-31 12:24 - 2015-05-31 12:24 - 02222592 _____ () C:\Users\Administrator\Desktop\AdwCleaner_4.205.exe
2015-05-31 00:15 - 2015-05-31 00:15 - 00028665 _____ () C:\ComboFix.txt
2015-05-30 23:56 - 2015-05-31 00:15 - 00000000 ____D () C:\Qoobox
2015-05-30 23:56 - 2015-05-31 00:12 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 23:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 23:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 23:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 23:48 - 2015-05-30 23:48 - 05628678 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2015-05-30 12:05 - 2015-05-30 12:05 - 00001114 _____ () C:\Users\Administrator\Desktop\mbar.exe.lnk
2015-05-30 00:21 - 2015-05-30 00:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia
2015-05-30 00:12 - 2015-05-30 00:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2015-05-30 00:12 - 2015-05-30 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-30 00:10 - 2015-05-30 00:10 - 00000000 ____D () C:\ProgramData\Avira
2015-05-30 00:10 - 2015-05-30 00:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-30 00:10 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-30 00:10 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-30 00:10 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-30 00:10 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-30 00:03 - 2015-05-30 12:02 - 00000000 ____D () C:\Users\Administrator\Desktop\avira
2015-05-30 00:02 - 2015-05-30 00:02 - 02108928 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-05-29 23:47 - 2015-05-29 23:47 - 00000000 ____D () C:\Users\Administrator\Desktop\bitdefender_free
2015-05-29 22:09 - 2015-05-29 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-29 22:04 - 2015-05-29 22:57 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-05-29 22:04 - 2015-05-29 22:04 - 00000000 ____D () C:\Users\Administrator\Desktop\Firefox
2015-05-29 22:00 - 2015-05-29 22:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2015-05-29 22:00 - 2015-05-29 22:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\Users\Va\AppData\Local\{D84737A7-566F-467F-AF2D-8B712DAC0561}
2015-05-28 21:25 - 2015-05-28 21:25 - 576024606 _____ () C:\Windows\MEMORY.DMP
2015-05-28 21:25 - 2015-05-28 21:25 - 00455656 _____ () C:\Windows\Minidump\052815-46254-01.dmp
2015-05-28 21:25 - 2015-05-28 21:25 - 00000000 ____D () C:\Windows\Minidump
2015-05-28 20:34 - 2015-05-31 14:25 - 00000000 ____D () C:\FRST
2015-05-28 20:31 - 2015-05-28 20:31 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-28 20:17 - 2015-05-28 20:17 - 00000000 ____D () C:\Users\Va\AppData\Local\{44EFFC24-9A11-456C-9B68-99F4DE8F578A}
2015-05-28 17:52 - 2015-05-28 17:52 - 00000000 ____D () C:\Users\Va\AppData\Local\{F4AD3D71-E05D-462F-82A8-8175F86F3613}
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\Users\Va\AppData\Local\{226B8C84-8E97-4400-8B07-CA88C3F60E3F}
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{1432F450-032F-4DCA-A989-3212D395CE53}
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 ____D () C:\Users\Va\AppData\Local\{05E28185-CE2F-4D67-A3B9-969D18B71351}
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Users\Va\AppData\Local\{0B366F7F-19FB-4669-9467-4C433FEC4700}
2015-05-20 00:23 - 2015-05-31 14:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:23 - 2015-05-29 22:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 00:23 - 2015-05-20 00:23 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-20 00:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-05-19 23:32 - 2015-05-27 22:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 23:19 - 2015-05-31 12:30 - 00000000 ____D () C:\AdwCleaner
2015-05-19 17:08 - 2015-05-20 00:21 - 00058584 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00059088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\Documents\FILSHtray
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FILSH_Media_GmbH
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-19 17:07 - 2015-05-28 20:31 - 00000000 ____D () C:\Users\Administrator
2015-05-19 17:07 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-05-19 17:07 - 2015-05-19 17:07 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go
2015-05-19 17:07 - 2012-10-14 18:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-05-19 17:07 - 2012-10-11 09:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-05-19 17:07 - 2011-08-11 18:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-05-19 17:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 17:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 15:13 - 2015-05-19 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{2D494D01-B861-49E4-B3D9-355F35CB2E4E}
2015-05-16 22:25 - 2015-05-27 21:51 - 00000272 _____ () C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
2015-05-16 22:21 - 2015-05-20 20:20 - 00058584 _____ () C:\Users\Va\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 22:20 - 2015-05-31 14:03 - 00002838 _____ () C:\Windows\setupact.log
2015-05-16 22:20 - 2015-05-16 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 22:19 - 2015-05-31 14:02 - 00211622 _____ () C:\Windows\PFRO.log
2015-05-16 22:19 - 2015-05-20 00:18 - 04822584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 22:18 - 2015-05-16 22:18 - 00088172 _____ () C:\Users\Va\Documents\cc_20150516_221800.reg
2015-05-16 21:44 - 2015-05-16 21:44 - 00001142 _____ () C:\Users\Va\Desktop\ASUS Produktregistrierung.lnk
2015-05-16 21:26 - 2015-05-16 21:26 - 00000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2015-05-16 11:04 - 2015-05-16 11:05 - 00000000 ____D () C:\Users\Va\AppData\Local\{F001455B-59BE-4115-AE64-C165EFB84113}
2015-05-15 22:36 - 2015-05-31 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:24 - 2015-05-15 17:24 - 00000000 ____D () C:\Users\Va\AppData\Local\{7A20DB37-FBC4-4BCF-A0D4-EE44E831AD1F}
2015-05-15 00:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 18:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 18:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 18:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 18:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 18:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 18:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 18:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 18:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 18:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 18:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 18:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 18:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 18:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 18:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 18:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 18:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 18:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 18:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 18:17 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 18:17 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 18:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:49 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:49 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:49 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:46 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:46 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:46 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:46 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:46 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:46 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:46 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:44 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 16:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 15:14 - 2015-05-31 14:01 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{799E0E24-8409-4364-BAA9-CC81AB87C1DC}
2015-05-03 14:16 - 2015-05-03 14:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{AB8A634F-5BD1-4B6B-BC2B-6BEB6328F204}
2015-05-03 12:13 - 2015-05-03 12:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{CC9CB319-0D4D-4A95-8B0E-474F65A4F04D}
2015-05-03 12:12 - 2015-05-03 12:14 - 00000000 ____D () C:\Users\Va\Documents\Fax
2015-05-02 10:55 - 2015-05-02 10:55 - 00684184 _____ (Opera Software) C:\Users\Va\Downloads\Opera_NI_stable.exe
2015-05-02 09:58 - 2015-05-02 09:59 - 00000000 ____D () C:\Users\Va\AppData\Local\{D135E88E-4572-4C5E-A949-EB6173D0C63E}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 14:11 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 14:11 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 14:08 - 2011-08-11 17:44 - 01122214 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 14:05 - 2011-12-24 22:46 - 00001126 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
2015-05-31 14:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 14:02 - 2012-04-24 22:53 - 00000000 ____D () C:\Windows\en
2015-05-31 13:59 - 2012-04-11 22:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 12:13 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2015-05-31 12:13 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2015-05-31 12:13 - 2009-07-14 07:13 - 01652988 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 11:51 - 2013-08-23 15:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-31 11:28 - 2015-04-04 20:58 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-31 11:28 - 2015-04-04 20:58 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-31 00:15 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-31 00:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-30 10:59 - 2011-08-11 18:12 - 00002640 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-05-30 10:58 - 2011-08-11 18:12 - 00002128 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-30 10:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-30 00:08 - 2014-07-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-29 21:48 - 2011-12-24 22:46 - 00001104 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job
2015-05-28 22:25 - 2011-12-24 23:50 - 00000000 ____D () C:\Users\Va\Tracing
2015-05-28 15:06 - 2014-12-03 20:03 - 00001312 _____ () C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-05-20 21:13 - 2015-04-21 17:35 - 00000000 ____D () C:\Users\Va\AppData\Roaming\jellylam
2015-05-20 21:13 - 2015-04-14 23:10 - 00000000 ____D () C:\Users\Va\AppData\Roaming\Winsta
2015-05-20 21:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-20 21:00 - 2011-04-13 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-20 20:58 - 2011-08-11 18:14 - 00000000 ____D () C:\Windows\SysWOW64\ASUS_Screensaver dir
2015-05-20 20:57 - 2014-07-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetDrive
2015-05-20 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-20 00:20 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-20 00:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-19 23:41 - 2012-11-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-19 23:28 - 2011-12-24 07:02 - 00000000 ____D () C:\ASUS.DAT
2015-05-19 23:24 - 2011-12-24 07:01 - 00000000 ____D () C:\Users\Va
2015-05-19 18:06 - 2011-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\FILSHtray
2015-05-16 22:16 - 2015-04-14 23:13 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429045976
2015-05-16 21:38 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-15 17:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 17:08 - 2011-04-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:47 - 2012-01-17 23:23 - 01680542 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 00:47 - 2012-01-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-15 00:33 - 2013-03-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 00:30 - 2013-03-15 14:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:42 - 2015-04-29 20:50 - 00003736 _____ () C:\Windows\System32\Tasks\keepup
2015-05-14 19:42 - 2015-04-21 17:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 19:41 - 2011-08-11 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-03 14:14 - 2013-10-03 19:05 - 00250368 ___SH () C:\Users\Va\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2013-10-24 21:18 - 2013-10-24 21:18 - 50053120 _____ () C:\Program Files (x86)\GUTF19F.tmp
2014-01-10 19:50 - 2014-01-10 19:52 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-08-11 18:18 - 2011-08-11 18:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-11 18:17 - 2011-08-11 18:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-28 21:55

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-05-31 14:26:44
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-533800774-2781401254-862098746-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-533800774-2781401254-862098746-501 - Limited - Disabled)
Va (S-1-5-21-533800774-2781401254-862098746-1001 - Limited - Enabled) => C:\Users\Va

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6403 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Search and Replace (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version:  - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-05-2015 22:02:22 Geplanter Prüfpunkt
29-05-2015 22:08:10 Windows Update
29-05-2015 22:49:47 Malwarebytes Anti-Rootkit Restore Point
31-05-2015 00:26:31 Windows Update
31-05-2015 11:37:28 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-31 00:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - \DriverMgr No Task File <==== ATTENTION
Task: {1ED7DB9C-9C9E-403A-8E88-D09EC3827B95} - System32\Tasks\Opera scheduled Autoupdate 1429045976 => C:\Program Files (x86)\Opera\launcher.exe
Task: {48E2E45C-642A-4ECD-BC69-EFB69714442D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {49355D55-C6EC-4FCD-ADCC-124F7F643A4A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {56F6D449-E585-438C-8A51-E64B9230733C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - \Winsta Update No Task File <==== ATTENTION
Task: {69B328C2-3D26-455E-A5A8-9CCCB88CA324} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-14] (Microsoft Corporation)
Task: {727A5C42-AD25-48B6-BBC6-74F4DC93E0D7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
Task: {A7EB7D78-5961-4558-9A23-752BA3062C97} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BDD2569C-506C-4570-921A-144F215CF5CC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C7F92DC1-6EE9-43D7-95AC-812DD896364C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CD261114-0A77-4821-BF44-202A1628E6D9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D4D32529-B039-4D5E-871A-DB6AD6F8AA06} - System32\Tasks\{F1E2C16D-7C1B-447B-89AF-DBE53988F55C} => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Task: {E8C2F878-1D4C-4360-8446-67CEF041D04C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {EAA7F83F-CA92-4C11-B08A-83FC3CA12A9E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {ED8BBEC9-7191-4B92-B1FD-65A54AEBFE91} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {F2BD4C9B-69AC-43FC-A620-B7C58FF2355E} - System32\Tasks\AdobeAAMUpdater-1.0-VANESSA-Va => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F5070213-97F0-4233-AFB2-F44997F5EAA7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F7A0A87A-1FD8-41EA-9942-FA91F2662CA5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533800774-2781401254-862098746-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{D937DAF1-0E89-4549-8ADF-0103B21110E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90B9A9CB-6E84-40C9-8639-F26816E9C8D9}] => (Allow) C:\Users\Va\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1AE4FF3B-5152-4233-AE6C-83F30FCA38F0}] => (Allow) C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe
FirewallRules: [{BDC340A4-2739-48BB-AF06-5222C18E184D}] => (Allow) C:\Users\Administrator\Desktop\firefox.exe
FirewallRules: [{2205AE3F-F62B-48C6-82C0-443A5CE3CAC6}] => (Allow) C:\Users\Administrator\Desktop\Firefox\firefox.exe
FirewallRules: [{39731CCA-C09C-42BD-B934-3D355D028AB6}] => (Allow) C:\Users\Administrator\Desktop\Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 02:03:35 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/31/2015 00:33:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/31/2015 11:29:21 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/30/2015 10:57:44 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/29/2015 11:48:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: VANESSA)
Description: Product: BitDefender Free Edition v10 -- This BitDefender product is not compatible with your operating system. It can only be installed on Windows 98, ME, 2000, XP or Vista 32b. The installation is aborted.

Error: (05/29/2015 10:56:24 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/29/2015 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000bfc22
ID des fehlerhaften Prozesses: 0xcc
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (05/29/2015 10:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ASUSWSShellExt64.dll, Version: 1.1.0.27, Zeitstempel: 0x4c7f631d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000051da
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (05/29/2015 10:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005107c
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


System errors:
=============
Error: (05/31/2015 02:18:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2015 02:18:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2015 02:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Hosting service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ATKGFNEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (05/31/2015 02:03:35 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/31/2015 00:33:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/31/2015 11:29:21 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/30/2015 10:57:44 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/29/2015 11:48:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: VANESSA)
Description: Product: BitDefender Free Edition v10 -- This BitDefender product is not compatible with your operating system. It can only be installed on Windows 98, ME, 2000, XP or Vista 32b. The installation is aborted.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/29/2015 10:56:24 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (05/29/2015 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac000037400000000000bfc22cc01d09a4a729400ffC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dlla962ac11-0644-11e5-88e8-14dae9a3019b

Error: (05/29/2015 10:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (05/29/2015 10:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c

Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


CodeIntegrity Errors:
===================================
  Date: 2015-05-31 00:10:02.183
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-31 00:10:02.083
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-01 19:40:42.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:40.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:39.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:40:36.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:30.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:28.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:25.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-01 19:34:23.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD E-350 Processor
Percentage of memory in use: 27%
Total physical RAM: 3691.71 MB
Available physical RAM: 2692.03 MB
Total Pagefile: 7381.64 MB
Available Pagefile: 6068.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:57.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:142.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0CD9B3F5)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=128.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.9 GB) - (Type=OF Extended)

==================== End of log ============================

M-K-D-B · 01.06.2015, 16:16

Servus,

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:
Code:
ATTFilter
```
Optimizer Pro;TrimModule;crossrider;mystartsearch;Winsta;Search and Replace;jellylam;shopperz;
         
```
Drücke auf Search Registry.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei Search.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

armer tor · 01.06.2015, 17:28

Hallo,

hier die neuen Daten.

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-06-01 18:22:11
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal

================== Search Registry: "Optimizer Pro;TrimModule;crossrider;mystartsearch;Winsta;Search and Replace;jellylam;shopperz" ===========


===================== Search result for "TrimModule" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_f0e9047b]
"svn"="TrimModule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_f0e9047b]
"Install_Dir"="C:\Program Files (x86)\TrimModule"


===================== Search result for "crossrider" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160}\ProgID]
""="CrossriderApp0049060.BHO.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}]
""="CrossriderApp0049060.Sandbox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}\VersionIndependentProgID]
""="CrossriderApp0049060.Sandbox"


===================== Search result for "mystartsearch" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY\shell\open\command]
""=""C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY\shell\open\command]
""=""C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606"


===================== Search result for "Winsta" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529]
"f!qwinsta.exe"="0x7100770069006E007300740061002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_a77e2496eea5135b]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_a9770602ebbe1ab3]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.22750_none_a9f5d4c804e3d395]

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682]
"f!rwinsta.exe"="0x7200770069006E007300740061002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc53e808eda33786]
"f!rwinsta.exe.mui"="0x7200770069006E007300740061002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_3b05f4d3e2a0703c]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.22750_none_3b603be4fbe23136]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_dee759502a42ff06]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.22750_none_df41a0614384c000]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_0.0.0.0_none_cb6e1978d58a35c6]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD450BA768E04E63CA593238B0811FF4]
"C937315C61F55B73A9FC9929F51F1C3F"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\de\SqlWorkflowInstanceStoreLogic.sql"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1DAC66B389FFFC478F646EBC0D681D8]
"6414876250E69FF3395387C6C7F05BEB"="C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreLogic.sql"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6}]
"Path"="\Winsta Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"WinStationsDisabled"="0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp]
"fEnableWinStation"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp]
"fEnableWinStation"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"fEnableWinStation"="1"


===================== Search result for "Search and Replace" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}]
"ProductName"="Search and Replace"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}]
"UninstallString"=""C:\Program Files (x86)\Search and Replace\Search and Replace.exe" /s /n /i:"ExecuteCommands;UninstallCommands" """


===================== Search result for "shopperz" ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz]

====== End of Search ======

Beste Grüße

M-K-D-B · 01.06.2015, 18:25

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
C:\ProgramData\Application Hosting
C:\Program Files (x86)\TrimModule
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - \DriverMgr No Task File <==== ATTENTION
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - \Winsta Update No Task File <==== ATTENTION
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
C:\Users\Va\AppData\Roaming\jellylam
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA
C:\Users\Va\AppData\Roaming\Winsta
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

armer tor · 01.06.2015, 21:25

So, geschafft. Hier sind die Files.

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-06-01 19:42:17 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
C:\ProgramData\Application Hosting
C:\Program Files (x86)\TrimModule
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - \DriverMgr No Task File <==== ATTENTION
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - \Winsta Update No Task File <==== ATTENTION
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
C:\Users\Va\AppData\Roaming\jellylam
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA
C:\Users\Va\AppData\Roaming\Winsta
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}
RemoveProxy:
EmptyTemp:
end
         
*****************

Processes closed successfully.
Application Hosting => Service Removed successfully
C:\ProgramData\Application Hosting => Moved successfully.
C:\Program Files (x86)\TrimModule => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
"HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key Removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKCR\PROTOCOLS\Handler\linkscanner" => key Removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. 
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18C88628-D204-4C08-8843-FC9C4CB67F50}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18C88628-D204-4C08-8843-FC9C4CB67F50}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverMgr" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta Update" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C70175E-20CF-4B61-BCC6-37D01DF88636}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C70175E-20CF-4B61-BCC6-37D01DF88636}" => key Removed successfully
C:\Windows\System32\Tasks\keepup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\keepup" => key Removed successfully
C:\Users\Va\AppData\Roaming\jellylam => Moved successfully.
C:\ProgramData\Temp => ":5D458568" ADS Removed successfully.
C:\ProgramData\Temp => ":981884E7" ADS Removed successfully.
C:\ProgramData\Temp => ":D20FFA63" ADS Removed successfully.
C:\Users\Va\Documents\boot => ":$WIMMOUNTDATA" ADS Removed successfully.
C:\Users\Va\AppData\Roaming\Winsta => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6} => key Removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => Removed 188.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:42:33 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=200aad1942bdde4eab5d4bed40ae098b
# engine=24119
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-01 08:04:12
# local_time=2015-06-01 10:04:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 27924496 184818902 0 0
# scanned=208834
# found=142
# cleaned=0
# scan_time=6908
sh=984A756CCC52B4FB93431768C789239CC6CD5958 ft=1 fh=c71c001148eb71fa vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\DGChrome.exe.vir"
sh=775D36458D022E18DD83B8AFF3DC75F20DA0E38D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\source.crx.vir"
sh=05F172E15709DB6378CA6C23C9EF970A58C6B0E4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir"
sh=A737CF026A21828C497230C26F723D3EF2C8FB6E ft=1 fh=3251843335aa1425 vn="Win32/Toolbar.Perion.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir"
sh=A3FA2A08C0993F0EB1864DDC769C1B07A4FE16F4 ft=1 fh=03a22e3198b025ca vn="Variante von Win32/Toolbar.Perion.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\garrus.dll.vir"
sh=56AC31EBC54597C6E194D9B5ADDF6B29458245F9 ft=1 fh=5f3daecbd404e087 vn="Win32/Toolbar.Perion.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\grunt.exe.vir"
sh=66608BCB88F6457E34237167FA6FBC49DD251CED ft=1 fh=d4755eb64e31f0fe vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi32.dll.vir"
sh=A2778D4B49DA215BBD11D9D8CF67F97DF9455757 ft=1 fh=ec14f6e921ad2e8b vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir"
sh=B3B169E220BD591802B05759ADEE1C353E15B112 ft=1 fh=9d6c1fda665ceb54 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=014302BCFCE8E95F675D856ADC42614B6769BD78 ft=1 fh=d796cde0598a222b vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=F5E9CFA83893B70D39165F042DBE6BBDC5BC9DF3 ft=1 fh=cef96969f9ed33f7 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir"
sh=F640C06B85B961C0E251E1302D2913EDD8B44292 ft=1 fh=f978b8eb4c0264ff vn="Variante von Win32/Toolbar.Perion.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\tsoni.dll.vir"
sh=2F4C208655A7EC2BA1D2EE29C6383AAC17948A9E ft=1 fh=e78b89200277aa28 vn="Win32/Toolbar.Perion.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\wrex.exe.vir"
sh=5A10F30C11DCE52228B78385750B0B8BC1ABC042 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir"
sh=4E55C0EC79269F13F711A73D78FB83A64568F31A ft=1 fh=bb107bfadd65c8b9 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_419\gamesdesktop_widget.exe.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\ProxySettings.dll.vir"
sh=7A25525A155F22BF98F1E6E1D016A9812A117B18 ft=1 fh=b7fbaed19c0a7686 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Common.dll.vir"
sh=863FE39D295E1D7E96A7EE009B2C7456FED16449 ft=1 fh=18674c0a95b0173f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Communication.dll.vir"
sh=56BD28D693AD3BC8FA79C638DDC4121AE4DA6B55 ft=1 fh=940d9f22e74044fa vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir"
sh=FB5B4A391B7324EB112F3FD7C9BD21639E72D6CA ft=1 fh=865f29a73454d98e vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir"
sh=4BDFBD817FCB92C32C674BB1DFFBDC6B15A28A0E ft=1 fh=d7d963aa43b1729b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir"
sh=99269E8A756D170BC324090E431BFED6C919400D ft=1 fh=c71c00111e79b2cc vn="Variante von Win32/Adware.MultiPlug.IY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir"
sh=15F1E27ADBADAC6EE9A4A14E7C1A8D11AB3D7EBF ft=1 fh=e9bee964907e3b91 vn="Variante von Win32/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MPCBClient.dll.vir"
sh=9B28F35A352DE4C5512BC252EBC813DBEB26BC61 ft=1 fh=d37c366403454630 vn="MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe.vir"
sh=4076B25C54DFB5A9D716D40C83C2A42666413471 ft=1 fh=d622c00b02cc5622 vn="Variante von Win32/OptimizerPro.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.79\OptProHelper.dll.vir"
sh=69E0FD6EE8D42ED64BEB68AD5EACB7D9C9365321 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\49060.crx.vir"
sh=FDAC8FF9733C76A92831E0D617792282C15D50EE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\49060.xpi.vir"
sh=8C6C5A05E6178631081221F7255EF7B16413A491 ft=1 fh=eff2dd2b8c8aa5ae vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-bho64.dll.vir"
sh=263FED76DF59686B957050785B1E3F17E2F1DB57 ft=1 fh=63a402a635839bc5 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-buttonutil.dll.vir"
sh=2F35DC8FA0BCDD0F63B3DB0D56761D857DCD4F6C ft=1 fh=fce415159ec96148 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-buttonutil64.dll.vir"
sh=0F67A64C5CEEE4D63D0DD4633AE7E8DF84C53EA7 ft=1 fh=107467f9a54705a0 vn="Variante von Win64/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-buttonutil64.exe.vir"
sh=88C2CBED99DC8D7B1B3A3D4BBF4A08F670391074 ft=1 fh=3085df0f90946eec vn="Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-helper.exe.vir"
sh=8C485596C56C1F62B4818010A86A1CA70A494275 ft=1 fh=57df024c01627137 vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Uninstall.exe.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=0DCB6451E8AE2DC56847E34CF7F1A560E4C212F5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi.vir"
sh=F63121CDD14D9BCFA93BB10AF315FB5FC0823C03 ft=1 fh=02dcb7dc424bbbda vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=15D0246DBDBC07ECFB0A33970BC2571EF50E40D0 ft=1 fh=5ff352995c132b5c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=564160696ED3A767BEB3A5B77DA5107F05EBCBA4 ft=1 fh=62fd1985c73163e4 vn="Variante von Win32/Adware.Yontoo.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=F3A14D61B71E61567F337192A9FA16E5C5BC30A0 ft=1 fh=4fda23faae2191a1 vn="Variante von Win32/Adware.CouponMarvel.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\RfndNSIS.dll.vir"
sh=B859E1E3C5F38DA8EA82D4940325EC60B19FF339 ft=1 fh=30f7fbf806dee4f1 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=923F0F4E5840532B91715F7A286A95F98357E4BE ft=1 fh=79d0db80be7a90bf vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\ProxySettings.dll.vir"
sh=7E47A57ED8B727A31476E461735B6D4382F52FC2 ft=1 fh=aee3bc185f460d7d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=82D5BA9ED459A56889AB2F52A994E5D9A67280E6 ft=1 fh=1cc7a8b23dfb8150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=42DE5AC4ED9371EC4586F3707A9DBF08FEDE9F5F ft=1 fh=57f5791ff7e05ab3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srut.dll.vir"
sh=FB5B4A391B7324EB112F3FD7C9BD21639E72D6CA ft=1 fh=865f29a73454d98e vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Resources\ntdis_32.dll.vir"
sh=4BDFBD817FCB92C32C674BB1DFFBDC6B15A28A0E ft=1 fh=d7d963aa43b1729b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Resources\ntdis_64.dll.vir"
sh=3B0392ADB64821DAD5347AA89CA7ADA85D4AD5C9 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.2.zip.vir"
sh=A2D473E09F7C019315030A2124DCED3B90CB4F87 ft=1 fh=37fc42c7c433ae0f vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=5454230820B9172472548B91677FA99352A16A35 ft=1 fh=83c1a584ac14f3e4 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=5BC0BBC3AC54D016E4C7878598350F9BE2A134F9 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=04DF5DA720E5E531F57BD14454EAF99E750D8BED ft=1 fh=f3c242e732b4b342 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=5E6B1EE002F2130A58AE5CCEC8D2E17D4DDC522D ft=1 fh=c71c00110ed4918b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\cjsu.dll.vir"
sh=740CBD99FEDB9C8BD394E07BDB48F07B82A1F492 ft=1 fh=c71c001184bb3793 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\fnqitf.dll.vir"
sh=BBD0B7F7445843568230A3C7CCABDF3B54349D1E ft=1 fh=3614f6bb1a5023c8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\jsukwu.exe.vir"
sh=F6389A956DE9FD2471954F84EA6386CE6FAADC10 ft=1 fh=c71c0011af938b92 vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\mapebhok.dll.vir"
sh=65808029CAC0FB87549557D02F13FDE09C308187 ft=1 fh=f706438655ddba66 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\mfpono.exe.vir"
sh=DEF493B414D196E9819ED83C771DCB9F292B3D20 ft=1 fh=6bafd9f7d982dd86 vn="Variante von MSIL/Toolbar.Linkury.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\RBS\ResetBrowserSettings.exe.vir"
sh=24D575C22C0C1FA57F2D2245DD918D18306645DF ft=1 fh=f1e72098b72e1248 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Lrcnta.exe.vir"
sh=7BDA27CCC99E1FE20EE3E942C5AE82E9FCE292D2 ft=1 fh=bff3daf48b331a65 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SafeFinder.exe.vir"
sh=DA95D398B00B219310DDD1144A1FA51276AD9FE5 ft=1 fh=86416bd3734619a6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=318465326EF6213765E8A0F287052F1DFF36399C ft=1 fh=ea5191c021a7d919 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=AFE7283469C8B808B5B7B3BF1800A0F4B7C13353 ft=1 fh=ae7c39f970e541cb vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=07C83F77F5A05EC69BF0BA62927FC762CEA79881 ft=1 fh=6f7b42aa38161cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=026EA40C81AE8292222C028D7089208F145CB7BE ft=1 fh=58693addbdf74244 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=CFB134DC5B3D59D91432CCC830108D24E65411DF ft=1 fh=325523c45a4e101c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=CFB134DC5B3D59D91432CCC830108D24E65411DF ft=1 fh=325523c45a4e101c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=DF602B96F4BDA04EA9352C926DCB8F078363E434 ft=1 fh=b1f6dc399231e851 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=DF602B96F4BDA04EA9352C926DCB8F078363E434 ft=1 fh=b1f6dc399231e851 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=C71C710C1040A560B54C93A9510ABC7B91971A94 ft=1 fh=d5108a5ed53ddda7 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smia64.exe.vir"
sh=0DA7D61F40A8B4933710EFEFE30548D683A5CF0B ft=1 fh=b29b280f2f40be86 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smsp.dll.vir"
sh=B923997BBCBE56159609899B347B093958A7A1A7 ft=1 fh=563813c5ff239bb0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=911641D491D5B4E43502AACBEC983F874388A776 ft=1 fh=b99bc1b220079c79 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=7C4F700CCD5CEDA9FBB58D61D9BF89EE4441A89E ft=1 fh=f7a4ed5e1e698c26 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=739CA8DC9E2E55936778AC68C9E509ACD91C8598 ft=1 fh=16a98f21b81a3037 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=2CB199FEC232033540D08747F20F82E472174DA4 ft=1 fh=7246b04e5129a9e1 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=5FAF467F8E399C07CB2D70F32DA35A728EF39848 ft=1 fh=f10771e2b66702d4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=5E126B25B2C9A4A8227988B2ADFED3596DE544B4 ft=1 fh=22930e547155467a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=0743EB9C6E585FB817668E30B03474AABF0919C4 ft=1 fh=0f5e6bb2c675d399 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=D6447454569EB94DD06200CCF37F12BD72771195 ft=1 fh=aebce48e0015d581 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=D175F5D0832FC14C5AAAB008AA0F994FC961FCF6 ft=1 fh=447b03d757fdad33 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=7EF38DBE4E68777EF54E1DD7DA04C47534701F07 ft=1 fh=d3493b0d6ef7d73d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7490AEEF60C67035A17073C7E22948D780998B0E ft=1 fh=6af4360a4bb034a6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=26082D5DB9B347F437494C4C653142E9955602C3 ft=1 fh=703cca51fc20c81a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=9F0960865FDEF1980F6819E256EEB3D3B7D02509 ft=1 fh=7244fccad6277424 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=0D3F379B123A44B84640F39DEC0EF089AD09118C ft=1 fh=f95a2dc466a76cfe vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=6B8689ED74F52CF66DA70B37BAEB6774F3BD20A8 ft=1 fh=dc5c298251a2ce0b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=9432F0B83856109CE9FB238A2F1625209D2E65AB ft=1 fh=1fe9360e40e47706 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_32.dll.vir"
sh=27CBDA09C882FE37209720D614AEB69E2721061B ft=1 fh=d1028eb61eb079bc vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Roaming\Convertor\Convertor.exe.vir"
sh=E463ACFE9829A72AB2E222BAFADB1C3F7BD6785B ft=1 fh=c71c001116150659 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Roaming\mystartsearch\UninstallManager.exe.vir"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Roaming\WinKit\Updater.exe.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Va\AppData\Roaming\Winsta\bin\Winsta.exe"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe"
sh=C254B47D1546532D7343E96EC98D9EE640503175 ft=1 fh=df00c81c8225020a vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Va\Downloads\rcp_de79_sec_pd.exe"
sh=4F6F2C3DB42C81F0BE514A212C91F6F7FC81F50B ft=1 fh=5e5bd5be8d7bbf63 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Va\Downloads\ReimageRepair (1).exe"
sh=4F6F2C3DB42C81F0BE514A212C91F6F7FC81F50B ft=1 fh=5e5bd5be8d7bbf63 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Va\Downloads\ReimageRepair.exe"
sh=4E5D92595443236644E528632B6699C8A7EBE8D5 ft=1 fh=1eb7510ee00f9c58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"

Code:

ATTFilter

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Mozilla Firefox (38.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Beste Grüße vom armen Tor

armer tor · 02.06.2015, 18:09

Hallo,

hier die neuste Fixlog.

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-06-02 17:09:29 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe
C:\Users\Va\Downloads\rcp_de79_sec_pd.exe
C:\Users\Va\Downloads\ReimageRepa*.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
EmptyTemp:
end
         
*****************

Processes closed successfully.
C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe => Moved successfully.
C:\Users\Va\Downloads\rcp_de79_sec_pd.exe => Moved successfully.
C:\Users\Va\Downloads\ReimageRepa*.exe => Moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully.
EmptyTemp: => Removed 20.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:09:35 ====

Gruß, Chris

Hallo,
hat alles super geklappt. Vielen Dank.

Nur noch zwei kleine Probleme: Der Chrome Browser lässt sich nicht deinstallieren, auch nicht in der Systemsteuerung. Ich will aber keine zwei Browser auf dem Rechner haben, und ab jetzt wieder Firefox installieren. Kannst du mir da nochmal helfen?

Das Zweite ist: Es taucht z.B. auf Filepony immer ein Popup auf (so ein Käfer-Verbotsschild und "Entfernen von Malware" kostenlos herunterladen, Winzip).
Ist das irgendwie relevant, oder soll es ignoriert werden.

LG vom armen Tor

28.05.2015, 22:00	#6
M-K-D-B /// TB-Ausbilder	WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Servus, FRST nochmal als Administrator ausführen: Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort.

WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam

Log-Analyse und Auswertung: WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam