Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: unmöglich ein Virenprogramm zu installieren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 03.06.2015, 19:55   #1
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Hallo ich bin neu hier und brauche dringend Hilfe.

Ich habe mir anscheinend einen Trojaner gefangen mit einer gefakten Post E-Mail.
Ich habe versucht zwei Anti Virenprogramme zu installieren starten jedoch nicht.

Ich habe Malewarebits Anti Maleware installiert und 90 betroffene Datein gefunden und gelöscht.

Daraufhin habe ich Combofix ausgeführt und benötige Hilfe.

Vg Marc

Alt 03.06.2015, 20:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 03.06.2015, 21:00   #3
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Marc (administrator) on MARC-PC on 03-06-2015 21:50:29
Running from C:\Users\Marc\Downloads
Loaded Profiles: Marc (Available Profiles: Marc & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(C4B Com For Business AG) C:\Program Files (x86)\XPhone20\XPhone.exe
(Dropbox, Inc.) C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe [3707704 2010-04-09] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2015-05-29]
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk [2015-05-29]
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XPhone 2.0.lnk [2015-05-29]
ShortcutTarget: XPhone 2.0.lnk -> C:\Windows\Installer\{6D36E55D-E2D6-4617-9DE6-AB1A012C8EE2}\XPhone.exe (InstallShield Software Corp.)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: ViewerHelper Class -> {78104A01-8E71-4F30-9A36-3793799615B4} -> C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Filter-x32: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} -  No File
Filter-x32: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\..\Interfaces\{B2B7DE8A-EF73-417D-B0D2-C38ED8F64CAB}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\h1ekxa2x.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-03] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-06-03] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-06-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2013-10-31] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
S2 AVMPORT; C:\Windows\SysWOW64\drivers\avmport.sys [66472 2009-10-02] (AVM Berlin)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R3 isdnusb; C:\Windows\System32\DRIVERS\isdnusb.sys [263224 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-05-18] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-05-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 usbcdc; C:\Windows\System32\DRIVERS\usbcdc.sys [154680 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R1 vcdc; C:\Windows\System32\DRIVERS\vcdc.sys [153912 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 23:02 - 2015-11-01 23:07 - 196019032 _____ (Buhl Data Service GmbH) C:\Users\Marc\Downloads\WISOFinanz2015 (1).exe
2015-06-03 21:50 - 2015-06-03 21:50 - 00023402 _____ C:\Users\Marc\Downloads\FRST.txt
2015-06-03 21:50 - 2015-06-03 21:50 - 00000000 ____D C:\FRST
2015-06-03 21:49 - 2015-06-03 21:50 - 02108928 _____ (Farbar) C:\Users\Marc\Downloads\FRST64.exe
2015-06-03 20:38 - 2015-06-03 20:38 - 00002334 _____ C:\Users\Marc\Desktop\Sicherer Zahlungsverkehr.lnk
2015-06-03 16:32 - 2015-06-03 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-06-03 16:32 - 2015-06-03 16:31 - 00002140 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-06-03 16:31 - 2015-06-03 20:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-03 16:31 - 2015-06-03 16:31 - 00000000 ____D C:\Windows\ELAMBKUP
2015-06-03 16:31 - 2015-06-03 16:31 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-03 16:31 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-06-03 16:30 - 2015-05-18 22:16 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-06-03 16:30 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-06-03 16:30 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-06-03 16:27 - 2015-06-03 16:27 - 00001196 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-03 16:26 - 2015-06-03 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-03 16:26 - 2015-06-03 16:26 - 00000000 ____D C:\ProgramData\Avira
2015-06-03 16:26 - 2015-06-03 16:26 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-03 16:02 - 2015-06-03 16:02 - 00030305 _____ C:\ComboFix.txt
2015-06-03 10:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-03 10:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-03 10:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-03 10:20 - 2015-06-03 16:02 - 00000000 ____D C:\Qoobox
2015-06-03 10:20 - 2015-06-03 16:00 - 00000000 ____D C:\Windows\erdnt
2015-06-03 10:19 - 2015-06-03 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 10:16 - 2015-06-03 10:17 - 05628238 ____R (Swearware) C:\Users\Marc\Downloads\ComboFix.exe
2015-06-03 10:11 - 2015-06-03 20:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 10:10 - 2015-06-03 10:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marc\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 10:10 - 2015-06-03 10:10 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-03 10:10 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 10:10 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-03 10:10 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-03 09:43 - 2015-06-03 09:43 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Marc\Downloads\avira_de_av_556eb136e785a__ws.exe
2015-06-02 21:19 - 2015-06-03 10:49 - 00012150 _____ C:\Users\Marc\Desktop\Paralelogramm Marc Himmel.xlsx
2015-06-01 13:52 - 2015-06-01 13:57 - 00000000 ____D C:\Users\Marc\Desktop\ReportMaker
2015-06-01 13:52 - 2015-06-01 13:52 - 06360161 _____ C:\Users\Marc\Downloads\ReportMaker.exe
2015-06-01 08:49 - 2015-06-01 08:49 - 00000000 ____D C:\Users\Marc\AppData\Local\GWX
2015-05-28 13:47 - 2015-06-03 15:42 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L}
2015-05-26 15:10 - 2015-05-26 15:10 - 00004096 ____H C:\Users\Marc\AppData\Local\keyfile3.drm
2015-05-19 14:13 - 2015-05-19 14:14 - 20097224 _____ C:\Users\Marc\Downloads\GetSystemInfo6.0.exe
2015-05-18 22:16 - 2015-05-18 22:16 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-05-14 20:31 - 2015-05-14 20:31 - 00003024 _____ C:\Windows\System32\Tasks\{CB13C861-9AA2-444C-96EA-6F336EA16D4D}
2015-05-14 20:31 - 2015-05-14 20:31 - 00003024 _____ C:\Windows\System32\Tasks\{80C1809E-555E-4215-94B6-043315CBFB9F}
2015-05-14 20:30 - 2015-05-14 20:30 - 00003020 _____ C:\Windows\System32\Tasks\{EA5E40D5-C811-4128-B852-CCBA780F6358}
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\ProgramData\ATI
2015-05-14 19:53 - 2015-05-14 19:54 - 01773376 _____ (Kaspersky Lab) C:\Users\Marc\Downloads\kis15.0.2.361de_7539.exe
2015-05-14 13:23 - 2015-05-14 13:23 - 00000000 ____D C:\Users\Marc\AppData\Roaming\library_dir
2015-05-14 13:22 - 2015-05-14 13:27 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-14 13:22 - 2015-05-14 13:22 - 00058826 _____ C:\Windows\SysWOW64\CCCInstall_201505141322367696.log
2015-05-14 13:22 - 2015-05-14 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-14 13:22 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-05-14 13:18 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AMD
2015-05-14 13:18 - 2015-05-14 13:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-05-14 13:17 - 2015-06-03 16:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-14 13:16 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files\AMD
2015-05-14 13:15 - 2015-05-14 13:15 - 00000000 ____D C:\AMD
2015-05-14 13:09 - 2015-05-14 13:09 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Marc\Downloads\autodetectutility.exe
2015-05-14 10:43 - 2015-05-14 10:45 - 197295744 _____ (Kaspersky Lab) C:\Users\Marc\Downloads\kis15.0.2.361de-de.exe
2015-05-14 09:26 - 2015-05-14 09:28 - 204166464 _____ C:\Users\Marc\Downloads\kis15.0.1.415DE_7068.exe
2015-05-14 03:02 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:02 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:21 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 11:21 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 11:21 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 11:21 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 11:21 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 11:21 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 11:21 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 11:21 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 11:21 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 11:21 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 11:21 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 11:21 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 11:21 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 11:21 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 11:21 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 11:21 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 11:21 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 11:21 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 11:21 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:21 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 11:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 11:21 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 11:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 11:21 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 11:21 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 11:21 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 11:21 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 11:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 11:21 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 11:21 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 11:21 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 11:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 11:21 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 11:21 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 11:21 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 11:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 11:21 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 11:21 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 11:21 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 11:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 11:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 11:21 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 11:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 11:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 11:21 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 11:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 11:21 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 11:21 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 11:21 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 11:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 11:21 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 11:21 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 11:21 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 11:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 11:21 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 11:21 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 11:21 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 11:21 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 11:21 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 11:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 11:21 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 11:21 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 11:21 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 11:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 11:21 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 11:21 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 11:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 11:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 11:21 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 11:21 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 11:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 11:21 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 11:21 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 11:21 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 11:21 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 11:21 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 11:21 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 11:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 11:21 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 11:21 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 11:21 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 11:21 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 11:20 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 11:20 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 11:20 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 11:20 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 11:20 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 11:20 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 11:20 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 11:20 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 11:20 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 11:20 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 11:20 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 11:16 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 11:16 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 11:16 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 11:16 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:31 - 2015-05-13 09:32 - 00000000 ____D C:\Users\Marc\Desktop\Datenrettung
2015-05-11 20:30 - 2015-05-22 09:38 - 00000000 ____D C:\Users\Marc\Desktop\Haus Service MYK
2015-05-10 20:36 - 2015-05-10 20:46 - 00000000 ____D C:\Users\Marc\Desktop\Frau Westerhold
2015-05-04 14:52 - 2015-05-04 14:55 - 00000494 _____ C:\Users\Marc\Documents\WUPDATE.LOG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 21:46 - 2013-02-21 19:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 21:24 - 2013-02-21 22:54 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2015-06-03 20:00 - 2013-02-21 18:00 - 01202515 _____ C:\Windows\WindowsUpdate.log
2015-06-03 16:30 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 16:30 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 16:25 - 2014-04-16 16:12 - 00000000 ___RD C:\Users\Marc\Dropbox
2015-06-03 16:25 - 2014-04-16 16:10 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Dropbox
2015-06-03 16:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-03 16:23 - 2009-07-14 06:51 - 00045107 _____ C:\Windows\setupact.log
2015-06-03 16:10 - 2013-02-21 18:01 - 00000000 ____D C:\Users\Marc
2015-06-03 16:02 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-03 15:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-03 15:55 - 2013-02-21 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 15:55 - 2013-02-21 19:17 - 00212040 _____ C:\Windows\PFRO.log
2015-06-03 15:55 - 2009-07-14 04:34 - 85983232 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 62390272 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\SYSTEM.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-03 15:37 - 2013-02-21 19:05 - 00000000 ____D C:\Windows\PCHEALTH
2015-06-03 10:21 - 2013-02-24 23:35 - 00000000 ____D C:\Users\Marc\AppData\Roaming\XPhone20
2015-06-02 22:09 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-02 22:09 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-02 22:09 - 2014-10-15 18:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-02 22:09 - 2014-01-23 20:55 - 00000000 ____D C:\Users\Administrator
2015-06-02 22:09 - 2013-10-24 19:14 - 00000000 ____D C:\Windows\pss
2015-06-02 22:09 - 2013-02-21 23:27 - 00000000 ____D C:\Users\Marc\AppData\Local\HP
2015-06-02 22:09 - 2013-02-21 22:54 - 00000000 ____D C:\ProgramData\Skype
2015-06-02 22:09 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-02 22:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-01 15:21 - 2013-11-14 13:18 - 00000593 _____ C:\Windows\ulead32.ini
2015-06-01 08:48 - 2013-09-23 11:13 - 00000000 ____D C:\Users\Marc\Documents\WISO Mein Geld
2015-05-22 08:49 - 2015-02-21 13:08 - 00000000 ____D C:\Users\Marc\Documents\Elterngeld
2015-05-14 13:40 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Marc\AppData\Local\Google
2015-05-14 13:35 - 2009-07-14 19:58 - 00702942 _____ C:\Windows\system32\perfh007.dat
2015-05-14 13:35 - 2009-07-14 19:58 - 00150582 _____ C:\Windows\system32\perfc007.dat
2015-05-14 13:35 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-14 13:27 - 2013-02-21 19:28 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Mozilla
2015-05-14 13:22 - 2013-02-21 18:19 - 00000000 ____D C:\ProgramData\AMD
2015-05-14 13:20 - 2013-02-21 18:13 - 00000000 ____D C:\Program Files\ATI Technologies
2015-05-14 04:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 03:32 - 2013-03-14 04:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:32 - 2013-03-14 04:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:32 - 2009-07-14 06:45 - 00456456 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-14 03:30 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:10 - 2013-07-20 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:10 - 2013-02-21 19:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 03:05 - 2013-02-25 00:14 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:02 - 2013-03-14 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 09:38 - 2014-11-10 16:51 - 00000000 ____D C:\ProgramData\firebird
2015-05-11 20:24 - 2014-04-16 16:12 - 00001013 _____ C:\Users\Marc\Desktop\Dropbox.lnk
2015-05-11 20:24 - 2014-04-16 16:11 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2013-11-20 11:32 - 2013-11-20 11:32 - 0003584 _____ () C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-26 15:10 - 2015-05-26 15:10 - 0004096 ____H () C:\Users\Marc\AppData\Local\keyfile3.drm
2014-02-24 17:38 - 2014-09-09 21:18 - 0007628 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2013-12-31 22:23 - 2014-01-02 10:56 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-11-10 16:50 - 2014-12-11 18:56 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Marc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqkyldq.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 12:32

==================== End of log ============================
         
__________________

Alt 03.06.2015, 21:02   #4
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Marc at 2015-06-03 21:51:11
Running from C:\Users\Marc\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1819806683-1531827388-2595170997-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-1819806683-1531827388-2595170997-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1819806683-1531827388-2595170997-1003 - Limited - Enabled)
Marc (S-1-5-21-1819806683-1531827388-2595170997-1000 - Administrator - Enabled) => C:\Users\Marc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - EFG) (Version: 7.0.0 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version:  - AVM Berlin)
AVM ISDN TAPI Services for CAPI (HKLM-x32\...\AVM ISDN TAPI Services) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CallBridge Collection (HKLM\...\{0F9DA620-7664-4E37-8F79-6D24A9E61609}) (Version: 2.2.01.00 - Siemens Enterprise Communications GmbH & Co. KG)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{5CCF8330-F742-411A-8A04-719806D168B5}) (Version: 2.3.0 - Deutsche Post AG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DiskInternals Linux Recovery (HKLM-x32\...\DiskInternals Linux Recovery) (Version: 4.3 - DiskInternals Research)
DiskInternals Uneraser (HKLM-x32\...\DiskInternals Uneraser) (Version: 6.4 - DiskInternals Research)
Dropbox (HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
English Network 2 Aussprache-CD-ROM (HKLM-x32\...\{D9DCC53C-D199-4261-8A60-FA7616F73F19}) (Version: 1.0.0000 - Langenscheidt)
FloorPlan 3D V.9 (HKLM-x32\...\{B22C0B70-6EE0-4027-A16B-4023C5C5B747}) (Version: 9.0 - IMSI)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
HiPath 3000 Manager E  68.50.207.0 (HKLM-x32\...\{4736607E-57BF-11D4-9881-005004EDBBBD}) (Version:  - )
HP LaserJet Professional CM1410 Series (HKLM-x32\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version:  - Hewlett-Packard)
HP LJ CM1410 MFP Series HP Scan (HKLM-x32\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{22FE3793-5961-4ADE-AE66-69D9291C22B1}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0007 - HP)
hppCM1410LaserJetService (x32 Version: 001.007.00319 - Hewlett-Packard) Hidden
hppFaxDrvCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1410 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden
hppSendFaxCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM1410 (x32 Version: 001.007.00647 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.007.00770 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mein Büro (HKLM-x32\...\{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1) (Version: 15.0 - Buhl Data Service GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Rechteverwaltungs-Add-On für Internet Explorer (HKLM-x32\...\{3505E1E2-8127-4681-A3EC-F9B5CAAA07C9}) (Version: 1.0.1.0000 - Microsoft)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
R-Studio 7.6 (HKLM-x32\...\R-Studio 7.6NSIS) (Version: 7.6.156433 - R-Tools Technology Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Siemens USB Driver V2 R1.2.0 (HKLM\...\{9CD6D175-052D-4D70-9467-C2F209012E7F}) (Version: 2.1.2 - Siemens Enterprise Communications GmbH & Co. KG)
Sigel Beschriftungssoftware für PC-Mahnbescheide (HKLM-x32\...\Sigel Beschriftungssoftware für PC-Mahnbescheide) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartTools Publishing • Excel OutlookToXL (HKLM-x32\...\SmartToolsOutlookToXLv4.50) (Version: v4.50 - SmartTools Publishing)
t@x 2012 Professional (HKLM-x32\...\{0E806605-5B82-4A4F-BC31-AA4FADA03C42}) (Version: 19.00.7303 - Buhl Data Service GmbH)
t@x 2013 Professional (HKLM-x32\...\{6737F045-A91A-4177-9C8C-59460FC1C84D}) (Version: 20.00.8137 - Buhl Data Service GmbH)
t@x 2014 Professional (HKLM-x32\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ulead PhotoImpact 10 TBYB (HKLM-x32\...\{FE58B892-3825-4610-A6A2-E6EFCA83BD97}) (Version: 10.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WISO Mein Geld 2015 Professional - Klassik (HKLM-x32\...\WISO Mein Geld 2015 Professional - Klassik) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional - Klassik (x32 Version: 17.0.0.0 - Buhl Data Service GmbH) Hidden
XPhone 2.x (HKLM-x32\...\{6D36E55D-E2D6-4617-9DE6-AB1A012C8EE2}) (Version: 2.00.0215 - C4B Com For Business AG)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1819806683-1531827388-2595170997-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

10-11-2013 21:12:39 Windows Update
11-11-2013 04:00:29 Windows Update
15-12-2013 18:40:50 Windows Update
16-12-2013 04:00:21 Windows Update
22-12-2013 21:43:54 Windows Update
23-12-2013 18:06:28 Windows Update
26-12-2013 04:00:13 Windows Update
18-01-2014 21:44:26 Windows Update
08-02-2014 12:49:23 Windows Update
24-02-2014 14:48:59 Windows Update
25-02-2014 13:59:53 Windows Update
25-02-2014 14:11:33 Windows Update
02-06-2015 09:35:59 Windows Update
02-06-2015 21:43:43 Wiederherstellungsvorgang
03-06-2015 09:36:00 Windows Update
03-06-2015 09:36:06 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-03 15:54 - 2015-06-03 15:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E009A65-F95D-4276-9171-9EF980C71D93} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {3F6C3D42-6C28-4D6B-820B-7CDDF8975CC4} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-1819806683-1531827388-2595170997-1000\{750FDF10-2A26-11D1-A3EA-080036587F03}\Offlinedateien-Synchronisierungszeitplan 1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {44117027-455F-45B3-92FA-3838416F9F50} - System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L} => C:\Users\Marc\AppData\Local\Adobe_User_Feed_Synchronization-{7764EE77-0M61-4F38-V100-96E2C039847L}.exe
Task: {4908CD5E-D371-4AB7-A82D-46095B736ECA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {4A791DB6-7DF6-4B81-B701-68AE9DCC2202} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4E759EC1-F5C3-4084-9E34-1353FE590457} - System32\Tasks\{CB13C861-9AA2-444C-96EA-6F336EA16D4D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe [2014-12-23] (Kaspersky Lab ZAO)
Task: {50C581AD-1EE4-409F-8920-D55FD519BA25} - System32\Tasks\{80C1809E-555E-4215-94B6-043315CBFB9F} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe [2014-12-23] (Kaspersky Lab ZAO)
Task: {79F83426-8A85-49FA-A064-AA027FF2BE83} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-04-13] (Hewlett Packard)
Task: {7FD5A3FB-4F3D-4E3B-8143-CB8E65CE3533} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91B49054-8904-4BA3-A6A3-1988A751EF12} - System32\Tasks\{E876D14E-E0AF-43FB-9785-6601175E93E6} => pcalua.exe -a "C:\Program Files (x86)\XPhone20\xpwiz.exe" -d "C:\Program Files (x86)\XPhone20" -c /Auto
Task: {9B2BFFC8-A84D-422D-964B-FBDDCE95E3D3} - System32\Tasks\{EA5E40D5-C811-4128-B852-CCBA780F6358} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [2014-12-23] (Kaspersky Lab ZAO)
Task: {C1CE432B-00EF-488B-8F4A-70BA9CC86DAC} - System32\Tasks\{7CFF763D-2A0E-4F57-A963-E429BA2392FA} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe" -c /M{99CC78D1-2356-497C-84C1-F239884001EC}
Task: {C6605AE5-08C4-4C43-AA35-939781FD878B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C9B8ABBA-A947-41C0-907E-7037F33254FA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F3242DD7-9EAC-43D6-92D7-E0DB462DFA36} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {F681BFD2-766E-49BC-AADD-03AB744E8A50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-26 13:08 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-09 10:57 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2015-06-03 16:24 - 2015-06-03 16:24 - 00043008 _____ () c:\users\marc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqkyldq.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Marc\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Marc\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Marc\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Marc\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-11-14 13:17 - 2004-07-26 18:11 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2010-04-16 12:29 - 2010-04-16 12:29 - 00119864 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5BD37525-0813-4A45-BF25-BF24912C791C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{1E604943-3447-47A0-8C9A-D9A80A6B4500}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{BD24FB9A-8E90-4705-B53D-C56974A0B419}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{FA184574-65C0-4575-9655-48B2FEA67528}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{79DEA2B2-B57A-4FAD-A545-60BDB5F63333}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{F02A8024-A15A-4F0E-9591-CC5FCB219220}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{5F8ECDA0-E81A-4267-BE5C-DC61D8075E54}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{43CAB5D2-E077-4E8F-AD5E-25FDD0F21DA6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{16794FD4-73D3-4239-BE60-8451AD5086BD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E6061537-3148-4EA8-8358-C14E4499B64F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FA83CEC-695D-4304-A5DC-AFBF17DEE09A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F80DBF86-C049-4B84-8E8B-FE47FF6A8464}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F45531C9-2A00-4D8E-87F8-3D9313BC3E30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA4152F6-D90C-4874-AFE7-487398BB1CD2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{0849C605-8D2F-4164-BF05-E86B9346A9D0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{647C8995-0598-4998-ABF0-2B45D19DFBC6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{6560BFB0-F753-4963-9C4B-9B8580A0501D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{6B521C13-12D5-4359-A837-9B8643D458B8}] => (Allow) C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{929ECEDC-D8D4-4F57-A140-1C795BE81B54}] => (Allow) C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A0C5EFA2-E261-4AE8-AAA8-62F20CB4A8FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3A85627-9AF7-4ED5-A897-298A68E952BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5455C6CF-B92A-439E-8C90-52BCE4C0419D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B40C48B2-CF1C-4ADE-A8DC-05CF1A548290}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{240BFB37-2D61-4C9B-B3F6-1DB85A28C77A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E2B5C415-FC6C-45A6-8801-7CA787C061C9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{75D9AC3F-28EE-48E0-B65C-FBC68DDD799C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{BC2ECE90-89D1-4887-9A1E-D1D1A98C9726}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0E8952B5-B5DA-4D5F-AEAE-5B9D27650375}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{68FAC333-ED65-4466-906F-D41C1BE2F836}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{38210624-44A2-4D61-8405-4CE3B81ECE11}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 08:38:33 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Anwendung: avpui.exe
Frameworkversion: v4.0.30319
Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an.
Meldung: Terminate on fatal exception
Stapel:
   bei System.Environment.FailFast(System.String, System.Exception)
   bei KasperskyLab.UI.Common.ExceptionPolicy.ProcessFatalException(System.Exception, System.String)
   bei KasperskyLab.Kis.UI.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei KasperskyLab.Kis.UI.EntryPoint.Start(System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>, System.Action)
   bei KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass3.<Preload>b__1()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (06/03/2015 08:38:28 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Anwendung: avpui.exe
Frameworkversion: v4.0.30319
Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an.
Meldung: Terminate on fatal exception
Stapel:
   bei System.Environment.FailFast(System.String, System.Exception)
   bei KasperskyLab.UI.Common.ExceptionPolicy.ProcessFatalException(System.Exception, System.String)
   bei KasperskyLab.Kis.UI.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei KasperskyLab.Kis.UI.EntryPoint.Start(System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>, System.Action)
   bei KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass3.<Preload>b__1()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (06/03/2015 08:38:24 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Anwendung: avpui.exe
Frameworkversion: v4.0.30319
Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an.
Meldung: Terminate on fatal exception
Stapel:
   bei System.Environment.FailFast(System.String, System.Exception)
   bei KasperskyLab.UI.Common.ExceptionPolicy.ProcessFatalException(System.Exception, System.String)
   bei KasperskyLab.Kis.UI.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei KasperskyLab.Kis.UI.EntryPoint.Start(System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>, System.Action)
   bei KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass3.<Preload>b__1()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (06/03/2015 08:38:16 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Anwendung: avpui.exe
Frameworkversion: v4.0.30319
Beschreibung: Die Anwendung forderte die Beendigung des Prozesses durch System.Environment.FailFast(Zeichenfolgenmeldung) an.
Meldung: Terminate on fatal exception
Stapel:
   bei System.Environment.FailFast(System.String, System.Exception)
   bei KasperskyLab.UI.Common.ExceptionPolicy.ProcessFatalException(System.Exception, System.String)
   bei KasperskyLab.Kis.UI.App.OnStartup(System.Windows.StartupEventArgs)
   bei System.Windows.Application.<.ctor>b__1(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.DispatcherOperation.InvokeImpl()
   bei System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Windows.Threading.DispatcherOperation.Invoke()
   bei System.Windows.Threading.Dispatcher.ProcessQueue()
   bei System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunDispatcher(System.Object)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run(System.Windows.Window)
   bei KasperskyLab.Kis.UI.EntryPoint.Start(System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>, System.Action)
   bei KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass3.<Preload>b__1()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (06/03/2015 04:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.39.18040, Zeitstempel: 0x555d9ee0
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xc50
Startzeit der fehlerhaften Anwendung: 0xAvira.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.Systray.exe2
Berichtskennung: Avira.Systray.exe3

Error: (06/03/2015 04:28:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
   bei Avira.OE.Systray.Program.Main(System.String[])

Error: (06/03/2015 04:26:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.ServiceHost.exe, Version: 1.1.39.17987, Zeitstempel: 0x555d9e76
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x190c
Startzeit der fehlerhaften Anwendung: 0xAvira.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.ServiceHost.exe2
Berichtskennung: Avira.ServiceHost.exe3

Error: (06/03/2015 04:26:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.ReflectionTypeLoadException
Stapel:
   bei System.Reflection.RuntimeModule.GetTypes(System.Reflection.RuntimeModule)
   bei System.Reflection.RuntimeModule.GetTypes()
   bei System.Reflection.Assembly.GetTypes()
   bei System.ComponentModel.Composition.Hosting.AssemblyCatalog.get_InnerCatalog()
   bei System.ComponentModel.Composition.Hosting.AssemblyCatalog.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition)
   bei System.ComponentModel.Composition.Hosting.AggregateCatalog.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.InternalGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+InnerCatalogExportProvider.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.AggregateExportProvider.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.CompositionContainer.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportsCore(System.Type, System.Type, System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/03/2015 04:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.ServiceHost.exe, Version: 1.1.39.17987, Zeitstempel: 0x555d9e76
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x191c
Startzeit der fehlerhaften Anwendung: 0xAvira.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.ServiceHost.exe2
Berichtskennung: Avira.ServiceHost.exe3

Error: (06/03/2015 04:26:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.ReflectionTypeLoadException
Stapel:
   bei System.Reflection.RuntimeModule.GetTypes(System.Reflection.RuntimeModule)
   bei System.Reflection.RuntimeModule.GetTypes()
   bei System.Reflection.Assembly.GetTypes()
   bei System.ComponentModel.Composition.Hosting.AssemblyCatalog.get_InnerCatalog()
   bei System.ComponentModel.Composition.Hosting.AssemblyCatalog.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition)
   bei System.ComponentModel.Composition.Hosting.AggregateCatalog.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.InternalGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+InnerCatalogExportProvider.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.AggregateExportProvider.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.CompositionContainer.GetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.TryGetExportsCore(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition, System.Collections.Generic.IEnumerable`1<System.ComponentModel.Composition.Primitives.Export> ByRef)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExports(System.ComponentModel.Composition.Primitives.ImportDefinition, System.ComponentModel.Composition.Hosting.AtomicComposition)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportsCore(System.Type, System.Type, System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.ImportCardinality)
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (06/03/2015 04:31:04 PM) (Source: KLIF) (EventID: 0) (User: )
Description: Сonnection is not established

Error: (06/03/2015 04:31:04 PM) (Source: KLIF) (EventID: 0) (User: )
Description: Сonnection is not established

Error: (06/03/2015 04:26:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/03/2015 04:26:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/03/2015 04:26:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/03/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVMPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/03/2015 04:23:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\avmport.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/03/2015 03:58:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/03/2015 03:57:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/03/2015 03:57:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (10/21/2013 08:52:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 734 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-06-03 15:54:07.385
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-03 15:54:07.285
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-14 13:13:47.982
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-14 13:13:47.922
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-14 10:28:39.295
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-14 10:28:39.275
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-14 10:26:55.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-14 10:26:55.603
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-25 03:36:04.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-25 03:36:04.239
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD A6-3500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 5626.41 MB
Available physical RAM: 3434.14 MB
Total Pagefile: 11251.04 MB
Available Pagefile: 8612.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:38.96 GB) NTFS
Drive e: () (Fixed) (Total:221.62 GB) (Free:176.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E41FD94)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

Alt 04.06.2015, 11:14   #5
schrauber
/// the machine
/// TB-Ausbilder
 

unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2015, 11:38   #6
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Hi vielen Dank für deine Hilfe.

mbar.exe läuft, aber der download von TDSSKiller.exe klappt nicht. der Server stehe nicht zur verfügung.


gruß Marc

Habe TDSSkiller direkt von der Seite von Kaspersky geladen wird im anschluss ausgeführt.

Alt 04.06.2015, 12:15   #7
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Malware hat nichts gefunden. Ich starte jetzt TDSSKiller
Angehängte Grafiken
Dateityp: png Malwarebyts.PNG (127,3 KB, 144x aufgerufen)

Alt 04.06.2015, 12:21   #8
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Code:
ATTFilter
13:16:32.0755 0x2094  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:16:36.0244 0x2094  ============================================================
13:16:36.0244 0x2094  Current date / time: 2015/06/04 13:16:36.0244
13:16:36.0244 0x2094  SystemInfo:
13:16:36.0244 0x2094  
13:16:36.0244 0x2094  OS Version: 6.1.7601 ServicePack: 1.0
13:16:36.0244 0x2094  Product type: Workstation
13:16:36.0245 0x2094  ComputerName: MARC-PC
13:16:36.0245 0x2094  UserName: Marc
13:16:36.0245 0x2094  Windows directory: C:\Windows
13:16:36.0245 0x2094  System windows directory: C:\Windows
13:16:36.0245 0x2094  Running under WOW64
13:16:36.0245 0x2094  Processor architecture: Intel x64
13:16:36.0245 0x2094  Number of processors: 3
13:16:36.0245 0x2094  Page size: 0x1000
13:16:36.0245 0x2094  Boot type: Normal boot
13:16:36.0245 0x2094  ============================================================
13:16:37.0745 0x2094  KLMD registered as C:\Windows\system32\drivers\82770245.sys
13:16:38.0097 0x2094  System UUID: {81AF9677-DF08-67BE-48BF-B49024799BD3}
13:16:38.0759 0x2094  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:16:38.0765 0x2094  ============================================================
13:16:38.0765 0x2094  \Device\Harddisk0\DR0:
13:16:38.0765 0x2094  MBR partitions:
13:16:38.0765 0x2094  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:16:38.0765 0x2094  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E816000
13:16:38.0765 0x2094  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E848800, BlocksNum 0x1BB3D000
13:16:38.0765 0x2094  ============================================================
13:16:38.0785 0x2094  C: <-> \Device\Harddisk0\DR0\Partition2
13:16:38.0834 0x2094  E: <-> \Device\Harddisk0\DR0\Partition3
13:16:38.0834 0x2094  ============================================================
13:16:38.0835 0x2094  Initialize success
13:16:38.0835 0x2094  ============================================================
13:16:57.0954 0x1e24  ============================================================
13:16:57.0954 0x1e24  Scan started
13:16:57.0954 0x1e24  Mode: Manual; SigCheck; TDLFS; 
13:16:57.0954 0x1e24  ============================================================
13:16:57.0954 0x1e24  KSN ping started
13:17:00.0671 0x1e24  KSN ping finished: true
13:17:01.0711 0x1e24  ================ Scan system memory ========================
13:17:01.0711 0x1e24  System memory - ok
13:17:01.0712 0x1e24  ================ Scan services =============================
13:17:01.0870 0x1e24  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:17:02.0020 0x1e24  1394ohci - ok
13:17:02.0066 0x1e24  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:17:02.0095 0x1e24  ACPI - ok
13:17:02.0125 0x1e24  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:17:02.0190 0x1e24  AcpiPmi - ok
13:17:02.0249 0x1e24  [ 6D182C31ACF16213407F2768F1107FE3, 92B602152AB9F93A7AC510A01AEF714ED8EE30C9306E3D44BECEE10EC3464184 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:17:02.0273 0x1e24  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
13:17:04.0999 0x1e24  Detect skipped due to KSN trusted
13:17:04.0999 0x1e24  Adobe LM Service - ok
13:17:05.0066 0x1e24  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:17:05.0084 0x1e24  AdobeARMservice - ok
13:17:05.0156 0x1e24  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:17:05.0176 0x1e24  AdobeFlashPlayerUpdateSvc - ok
13:17:05.0219 0x1e24  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:17:05.0259 0x1e24  adp94xx - ok
13:17:05.0287 0x1e24  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:17:05.0316 0x1e24  adpahci - ok
13:17:05.0333 0x1e24  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:17:05.0352 0x1e24  adpu320 - ok
13:17:05.0391 0x1e24  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:17:05.0429 0x1e24  AeLookupSvc - ok
13:17:05.0482 0x1e24  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:17:05.0543 0x1e24  AFD - ok
13:17:05.0579 0x1e24  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:17:05.0591 0x1e24  agp440 - ok
13:17:05.0627 0x1e24  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:17:05.0694 0x1e24  ALG - ok
13:17:05.0724 0x1e24  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:17:05.0740 0x1e24  aliide - ok
13:17:05.0780 0x1e24  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:17:05.0874 0x1e24  AMD External Events Utility - ok
13:17:05.0922 0x1e24  AMD FUEL Service - ok
13:17:05.0932 0x1e24  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:17:05.0943 0x1e24  amdide - ok
13:17:05.0953 0x1e24  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
13:17:05.0987 0x1e24  amdiox64 - ok
13:17:06.0014 0x1e24  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:17:06.0051 0x1e24  AmdK8 - ok
13:17:06.0640 0x1e24  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:17:07.0365 0x1e24  amdkmdag - ok
13:17:07.0453 0x1e24  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:17:07.0506 0x1e24  amdkmdap - ok
13:17:07.0526 0x1e24  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:17:07.0553 0x1e24  AmdPPM - ok
13:17:07.0602 0x1e24  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:17:07.0617 0x1e24  amdsata - ok
13:17:07.0642 0x1e24  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:17:07.0661 0x1e24  amdsbs - ok
13:17:07.0672 0x1e24  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:17:07.0684 0x1e24  amdxata - ok
13:17:07.0701 0x1e24  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:17:07.0716 0x1e24  AODDriver4.3 - ok
13:17:07.0739 0x1e24  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
13:17:07.0776 0x1e24  AppID - ok
13:17:07.0794 0x1e24  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:17:07.0829 0x1e24  AppIDSvc - ok
13:17:07.0855 0x1e24  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:17:07.0893 0x1e24  Appinfo - ok
13:17:07.0989 0x1e24  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:17:08.0017 0x1e24  Apple Mobile Device Service - ok
13:17:08.0055 0x1e24  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:17:08.0097 0x1e24  AppMgmt - ok
13:17:08.0126 0x1e24  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:17:08.0139 0x1e24  arc - ok
13:17:08.0150 0x1e24  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:17:08.0164 0x1e24  arcsas - ok
13:17:08.0199 0x1e24  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
13:17:08.0259 0x1e24  asmthub3 - ok
13:17:08.0290 0x1e24  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
13:17:08.0323 0x1e24  asmtxhci - ok
13:17:08.0414 0x1e24  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:17:08.0430 0x1e24  aspnet_state - ok
13:17:08.0461 0x1e24  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:17:08.0645 0x1e24  AsyncMac - ok
13:17:08.0670 0x1e24  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:17:08.0686 0x1e24  atapi - ok
13:17:08.0724 0x1e24  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:17:08.0767 0x1e24  AtiHDAudioService - ok
13:17:08.0839 0x1e24  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:17:08.0881 0x1e24  AudioEndpointBuilder - ok
13:17:08.0905 0x1e24  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:17:08.0935 0x1e24  AudioSrv - ok
13:17:09.0020 0x1e24  [ 8884C9DDA76D76BADFD390B33D1DE70D, 0C7EE611C6E8255A280F1C13F7BFE493679E78D05986FB47BF5EF799637F6584 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
13:17:09.0038 0x1e24  Avira.ServiceHost - ok
13:17:09.0066 0x1e24  [ 43744F1D3CDE20F3925F10927C9036C2, 47374A71D1A38572B8C247E924C0F3F063A6281743C9B7D818D63CA576B5D289 ] AVMCOWAN        C:\Windows\system32\DRIVERS\AVMCOWAN.sys
13:17:09.0126 0x1e24  AVMCOWAN - ok
13:17:09.0155 0x1e24  AVMPORT - ok
13:17:09.0204 0x1e24  [ CF467DE3D15EFB58C4DB780DF234EB34, B75CB9DFB86BE951505419A078F5993268062E2586CBA896B36E97BA768BD15D ] AVP15.0.2       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
13:17:09.0221 0x1e24  AVP15.0.2 - ok
13:17:09.0272 0x1e24  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:17:09.0342 0x1e24  AxInstSV - ok
13:17:09.0381 0x1e24  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:17:09.0413 0x1e24  b06bdrv - ok
13:17:09.0439 0x1e24  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:17:09.0487 0x1e24  b57nd60a - ok
13:17:09.0513 0x1e24  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:17:09.0557 0x1e24  BDESVC - ok
13:17:09.0566 0x1e24  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:17:09.0612 0x1e24  Beep - ok
13:17:09.0679 0x1e24  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:17:09.0767 0x1e24  BFE - ok
13:17:09.0840 0x1e24  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
13:17:09.0970 0x1e24  BITS - ok
13:17:09.0994 0x1e24  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:17:10.0022 0x1e24  blbdrive - ok
13:17:10.0064 0x1e24  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:17:10.0085 0x1e24  Bonjour Service - ok
13:17:10.0112 0x1e24  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:17:10.0151 0x1e24  bowser - ok
13:17:10.0170 0x1e24  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:17:10.0198 0x1e24  BrFiltLo - ok
13:17:10.0218 0x1e24  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:17:10.0247 0x1e24  BrFiltUp - ok
13:17:10.0263 0x1e24  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:17:10.0311 0x1e24  BridgeMP - ok
13:17:10.0339 0x1e24  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:17:10.0367 0x1e24  Browser - ok
13:17:10.0384 0x1e24  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:17:10.0446 0x1e24  Brserid - ok
13:17:10.0462 0x1e24  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:17:10.0498 0x1e24  BrSerWdm - ok
13:17:10.0514 0x1e24  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:17:10.0560 0x1e24  BrUsbMdm - ok
13:17:10.0582 0x1e24  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:17:10.0597 0x1e24  BrUsbSer - ok
13:17:10.0615 0x1e24  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:17:10.0646 0x1e24  BTHMODEM - ok
13:17:10.0685 0x1e24  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:17:10.0730 0x1e24  bthserv - ok
13:17:10.0752 0x1e24  catchme - ok
13:17:10.0765 0x1e24  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:17:10.0817 0x1e24  cdfs - ok
13:17:10.0867 0x1e24  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:17:10.0892 0x1e24  cdrom - ok
13:17:10.0937 0x1e24  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:17:10.0985 0x1e24  CertPropSvc - ok
13:17:11.0003 0x1e24  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:17:11.0032 0x1e24  circlass - ok
13:17:11.0074 0x1e24  [ 84605AC538DEB9163C0B5DC3591CCF96, FA1169A35D947F0FC57A45FB000ECBE942A05A8E58FA0B415BBFAE3368D9884F ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
13:17:11.0104 0x1e24  cjpcsc - ok
13:17:11.0125 0x1e24  [ F790E369579A718C8A41F3B94A389ADC, 70FBEAF9BBE890E0BBF4871F2A6CEC374BA5124097811725F41CDD89A40C30BA ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
13:17:11.0135 0x1e24  cjusb - ok
13:17:11.0174 0x1e24  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
13:17:11.0204 0x1e24  CLFS - ok
13:17:11.0257 0x1e24  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:17:11.0270 0x1e24  clr_optimization_v2.0.50727_32 - ok
13:17:11.0299 0x1e24  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:17:11.0313 0x1e24  clr_optimization_v2.0.50727_64 - ok
13:17:11.0392 0x1e24  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:17:11.0413 0x1e24  clr_optimization_v4.0.30319_32 - ok
13:17:11.0424 0x1e24  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:17:11.0442 0x1e24  clr_optimization_v4.0.30319_64 - ok
13:17:11.0455 0x1e24  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:17:11.0468 0x1e24  CmBatt - ok
13:17:11.0499 0x1e24  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:17:11.0511 0x1e24  cmdide - ok
13:17:11.0553 0x1e24  [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w         C:\Windows\system32\DRIVERS\cm_km_w.sys
13:17:11.0580 0x1e24  cm_km_w - ok
13:17:11.0624 0x1e24  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
13:17:11.0681 0x1e24  CNG - ok
13:17:11.0696 0x1e24  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:17:11.0708 0x1e24  Compbatt - ok
13:17:11.0741 0x1e24  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:17:11.0781 0x1e24  CompositeBus - ok
13:17:11.0794 0x1e24  COMSysApp - ok
13:17:11.0810 0x1e24  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:17:11.0822 0x1e24  crcdisk - ok
13:17:11.0861 0x1e24  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:17:11.0907 0x1e24  CryptSvc - ok
13:17:11.0947 0x1e24  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:17:12.0008 0x1e24  CSC - ok
13:17:12.0057 0x1e24  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:17:12.0107 0x1e24  CscService - ok
13:17:12.0141 0x1e24  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:17:12.0189 0x1e24  DcomLaunch - ok
13:17:12.0228 0x1e24  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:17:12.0280 0x1e24  defragsvc - ok
13:17:12.0320 0x1e24  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:17:12.0368 0x1e24  DfsC - ok
13:17:12.0394 0x1e24  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:17:12.0408 0x1e24  dg_ssudbus - ok
13:17:12.0437 0x1e24  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:17:12.0488 0x1e24  Dhcp - ok
13:17:12.0584 0x1e24  [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack       C:\Windows\system32\diagtrack.dll
13:17:12.0655 0x1e24  DiagTrack - ok
13:17:12.0682 0x1e24  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:17:12.0726 0x1e24  discache - ok
13:17:12.0747 0x1e24  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:17:12.0760 0x1e24  Disk - ok
13:17:12.0797 0x1e24  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:17:12.0838 0x1e24  Dnscache - ok
13:17:12.0881 0x1e24  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:17:12.0942 0x1e24  dot3svc - ok
13:17:12.0969 0x1e24  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:17:13.0034 0x1e24  DPS - ok
13:17:13.0069 0x1e24  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:17:13.0103 0x1e24  drmkaud - ok
13:17:13.0157 0x1e24  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:17:13.0208 0x1e24  DXGKrnl - ok
13:17:13.0230 0x1e24  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:17:13.0280 0x1e24  EapHost - ok
13:17:13.0411 0x1e24  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:17:13.0539 0x1e24  ebdrv - ok
13:17:13.0580 0x1e24  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS             C:\Windows\System32\lsass.exe
13:17:13.0610 0x1e24  EFS - ok
13:17:13.0651 0x1e24  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:17:13.0700 0x1e24  ehRecvr - ok
13:17:13.0720 0x1e24  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:17:13.0759 0x1e24  ehSched - ok
13:17:13.0797 0x1e24  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:17:13.0827 0x1e24  elxstor - ok
13:17:13.0859 0x1e24  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:17:13.0880 0x1e24  ErrDev - ok
13:17:13.0917 0x1e24  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:17:13.0977 0x1e24  EventSystem - ok
13:17:14.0000 0x1e24  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:17:14.0047 0x1e24  exfat - ok
13:17:14.0073 0x1e24  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:17:14.0115 0x1e24  fastfat - ok
13:17:14.0189 0x1e24  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:17:14.0266 0x1e24  Fax - ok
13:17:14.0284 0x1e24  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:17:14.0310 0x1e24  fdc - ok
13:17:14.0328 0x1e24  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:17:14.0376 0x1e24  fdPHost - ok
13:17:14.0395 0x1e24  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:17:14.0437 0x1e24  FDResPub - ok
13:17:14.0455 0x1e24  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:17:14.0468 0x1e24  FileInfo - ok
13:17:14.0481 0x1e24  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:17:14.0530 0x1e24  Filetrace - ok
13:17:14.0548 0x1e24  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:17:14.0571 0x1e24  flpydisk - ok
13:17:14.0622 0x1e24  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:17:14.0639 0x1e24  FltMgr - ok
13:17:14.0711 0x1e24  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
13:17:14.0793 0x1e24  FontCache - ok
13:17:14.0836 0x1e24  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:17:14.0847 0x1e24  FontCache3.0.0.0 - ok
13:17:14.0899 0x1e24  [ CE7593C10A04D08F9B043890216F5728, 21E4AD5643BCDCB811E49C74F682672032A603078EDD80DE6E37249C9A005407 ] FPCIBASE        C:\Windows\system32\DRIVERS\fpcibase.sys
13:17:14.0950 0x1e24  FPCIBASE - ok
13:17:14.0963 0x1e24  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:17:14.0975 0x1e24  FsDepends - ok
13:17:15.0000 0x1e24  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:17:15.0012 0x1e24  Fs_Rec - ok
13:17:15.0040 0x1e24  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:17:15.0060 0x1e24  fvevol - ok
13:17:15.0072 0x1e24  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:17:15.0085 0x1e24  gagp30kx - ok
13:17:15.0109 0x1e24  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:17:15.0119 0x1e24  GEARAspiWDM - ok
13:17:15.0166 0x1e24  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:17:15.0237 0x1e24  gpsvc - ok
13:17:15.0253 0x1e24  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:17:15.0287 0x1e24  hcw85cir - ok
13:17:15.0328 0x1e24  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:17:15.0385 0x1e24  HdAudAddService - ok
13:17:15.0424 0x1e24  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:17:15.0457 0x1e24  HDAudBus - ok
13:17:15.0470 0x1e24  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:17:15.0495 0x1e24  HidBatt - ok
13:17:15.0516 0x1e24  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:17:15.0545 0x1e24  HidBth - ok
13:17:15.0562 0x1e24  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:17:15.0591 0x1e24  HidIr - ok
13:17:15.0612 0x1e24  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
13:17:15.0646 0x1e24  hidserv - ok
13:17:15.0690 0x1e24  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:17:15.0705 0x1e24  HidUsb - ok
13:17:15.0753 0x1e24  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:17:15.0844 0x1e24  hkmsvc - ok
13:17:15.0875 0x1e24  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:17:15.0920 0x1e24  HomeGroupListener - ok
13:17:15.0957 0x1e24  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:17:15.0996 0x1e24  HomeGroupProvider - ok
13:17:16.0094 0x1e24  [ 16959F84844DC9B2CEF0D5B1A412370F, 60FAE3931AC8DB4B351F42AD49D1189D90BF037739BA02EBEBC2F24A22114D3A ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
13:17:16.0121 0x1e24  HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 )
13:17:18.0844 0x1e24  Detect skipped due to KSN trusted
13:17:18.0845 0x1e24  HP LaserJet Service - ok
13:17:18.0875 0x1e24  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:17:18.0902 0x1e24  HpSAMD - ok
13:17:18.0969 0x1e24  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:17:19.0047 0x1e24  HTTP - ok
13:17:19.0077 0x1e24  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:17:19.0088 0x1e24  hwpolicy - ok
13:17:19.0116 0x1e24  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:17:19.0130 0x1e24  i8042prt - ok
13:17:19.0178 0x1e24  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:17:19.0207 0x1e24  iaStorV - ok
13:17:19.0262 0x1e24  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:17:19.0311 0x1e24  idsvc - ok
13:17:19.0322 0x1e24  IEEtwCollectorService - ok
13:17:19.0338 0x1e24  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:17:19.0351 0x1e24  iirsp - ok
13:17:19.0409 0x1e24  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:17:19.0471 0x1e24  IKEEXT - ok
13:17:19.0647 0x1e24  [ 150AC23F21DBDBF8488408BA944B0D65, 77A3A0FB5208AA061224CFACC4D136A260132CC4BA01D105AE1532B749968708 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:17:19.0823 0x1e24  IntcAzAudAddService - ok
13:17:19.0866 0x1e24  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:17:19.0878 0x1e24  intelide - ok
13:17:19.0896 0x1e24  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:17:19.0922 0x1e24  intelppm - ok
13:17:19.0955 0x1e24  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:17:20.0002 0x1e24  IPBusEnum - ok
13:17:20.0035 0x1e24  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:17:20.0081 0x1e24  IpFilterDriver - ok
13:17:20.0117 0x1e24  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:17:20.0179 0x1e24  iphlpsvc - ok
13:17:20.0206 0x1e24  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:17:20.0233 0x1e24  IPMIDRV - ok
13:17:20.0251 0x1e24  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:17:20.0286 0x1e24  IPNAT - ok
13:17:20.0363 0x1e24  [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:17:20.0389 0x1e24  iPod Service - ok
13:17:20.0407 0x1e24  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:17:20.0466 0x1e24  IRENUM - ok
13:17:20.0504 0x1e24  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:17:20.0518 0x1e24  isapnp - ok
13:17:20.0559 0x1e24  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:17:20.0590 0x1e24  iScsiPrt - ok
13:17:20.0622 0x1e24  [ 33358E0FAAF664B1B9B830400A4417B6, C5479057ADC7F8910703BB2312719D0546F117DB0C28E1FF939C7B2B001BF727 ] isdnusb         C:\Windows\system32\DRIVERS\isdnusb.sys
13:17:20.0680 0x1e24  isdnusb - detected UnsignedFile.Multi.Generic ( 1 )
13:17:24.0015 0x1e24  Detect skipped due to KSN trusted
13:17:24.0016 0x1e24  isdnusb - ok
13:17:24.0050 0x1e24  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:17:24.0068 0x1e24  kbdclass - ok
13:17:24.0111 0x1e24  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:17:24.0136 0x1e24  kbdhid - ok
13:17:24.0155 0x1e24  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso          C:\Windows\system32\lsass.exe
13:17:24.0166 0x1e24  KeyIso - ok
13:17:24.0210 0x1e24  [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
13:17:24.0240 0x1e24  kl1 - ok
13:17:24.0253 0x1e24  [ 885A70560731342CBD0D6BE8A72254B6, 91F93F1727ACF01EC3777C7D42522690010005FB67E12C461E935A880D11CD30 ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
13:17:24.0267 0x1e24  kldisk - ok
13:17:24.0311 0x1e24  [ DDC9CC7D29254D8886DAFD62E265AE7C, 0DF72FC780BEB87E85F877EB4E864AF0530E8CCD599C24D469B1B0226E339DF1 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
13:17:24.0327 0x1e24  klflt - ok
13:17:24.0360 0x1e24  [ 658ADE6B5345B24D28B84A49495B0CF8, 2373DC12B737145F4A8949B8446CEB38B2C6C2B8B69054F32183FD2ED12FD915 ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
13:17:24.0389 0x1e24  klhk - ok
13:17:24.0425 0x1e24  [ E05F3D847556FE0F5F14F46002CD6433, 8E7A3ABF617BDD00213615D5E1C7E1769580A220716D2881B21F5656BFBF6782 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
13:17:24.0475 0x1e24  KLIF - ok
13:17:24.0509 0x1e24  [ 366A0C2D4AD22E54F1B03DAC4B96E1C4, C81D8DFD1D4381E0DE94A54E03F3D2C0AB24B47350EC175181EBD7224FCE4BE5 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
13:17:24.0522 0x1e24  KLIM6 - ok
13:17:24.0530 0x1e24  [ 8BB0EA085EA9661B9218CCC5011C1CBE, 7FF590135F18F4EB339B5E71F790A49FA1EB5104604EE952E2694EC0CBFA3D21 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
13:17:24.0542 0x1e24  klkbdflt - ok
13:17:24.0548 0x1e24  klkbdflt2 - ok
13:17:24.0563 0x1e24  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
13:17:24.0575 0x1e24  klmouflt - ok
13:17:24.0590 0x1e24  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
13:17:24.0601 0x1e24  klpd - ok
13:17:24.0613 0x1e24  [ AB3A62C17F342E195AFDA108867E6381, 77E3C17FC302FFC1585B013E5707C541061AF5011681980F870C9B6E346F3379 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
13:17:24.0629 0x1e24  kltdi - ok
13:17:24.0648 0x1e24  [ B699439F46FE914F3F8F60C0AA3148D3, 14C4A72DAE6713EF96CB47F3494BC9CD2BC06679CB139A2B571F55D4B4BC0512 ] Klwtp           C:\Windows\system32\DRIVERS\klwtp.sys
13:17:24.0663 0x1e24  Klwtp - ok
13:17:24.0695 0x1e24  [ 8FBA7BEF56D0B29FC9FEBF480E8C3902, D8CA78E71E860AAAB166FAD7A6902A59DF3F5B598C162AD5CF68A571E8E437E9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
13:17:24.0715 0x1e24  kneps - ok
13:17:24.0745 0x1e24  [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:17:24.0758 0x1e24  KSecDD - ok
13:17:24.0774 0x1e24  [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:17:24.0793 0x1e24  KSecPkg - ok
13:17:24.0819 0x1e24  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:17:24.0877 0x1e24  ksthunk - ok
13:17:24.0913 0x1e24  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:17:24.0980 0x1e24  KtmRm - ok
13:17:25.0029 0x1e24  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:17:25.0096 0x1e24  LanmanServer - ok
13:17:25.0145 0x1e24  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:17:25.0198 0x1e24  LanmanWorkstation - ok
13:17:25.0227 0x1e24  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:17:25.0262 0x1e24  lltdio - ok
13:17:25.0290 0x1e24  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:17:25.0341 0x1e24  lltdsvc - ok
13:17:25.0356 0x1e24  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:17:25.0405 0x1e24  lmhosts - ok
13:17:25.0432 0x1e24  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:17:25.0449 0x1e24  LSI_FC - ok
13:17:25.0463 0x1e24  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:17:25.0478 0x1e24  LSI_SAS - ok
13:17:25.0494 0x1e24  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:17:25.0507 0x1e24  LSI_SAS2 - ok
13:17:25.0525 0x1e24  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:17:25.0541 0x1e24  LSI_SCSI - ok
13:17:25.0552 0x1e24  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:17:25.0607 0x1e24  luafv - ok
13:17:25.0646 0x1e24  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:17:25.0657 0x1e24  MBAMProtector - ok
13:17:25.0745 0x1e24  [ 516E29AD03BDF610CC36A95AE692FE42, 09F913B169AD775FF587AE59AEC5DD2A2D8646803F48BF616C74EEC0DE3BE7A2 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
13:17:25.0801 0x1e24  MBAMScheduler - ok
13:17:25.0850 0x1e24  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
13:17:25.0886 0x1e24  MBAMService - ok
13:17:25.0949 0x1e24  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:17:25.0962 0x1e24  MBAMSwissArmy - ok
13:17:25.0974 0x1e24  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:17:25.0988 0x1e24  MBAMWebAccessControl - ok
13:17:26.0024 0x1e24  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:17:26.0044 0x1e24  Mcx2Svc - ok
13:17:26.0059 0x1e24  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:17:26.0072 0x1e24  megasas - ok
13:17:26.0090 0x1e24  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:17:26.0120 0x1e24  MegaSR - ok
13:17:26.0151 0x1e24  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:17:26.0197 0x1e24  MMCSS - ok
13:17:26.0219 0x1e24  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:17:26.0255 0x1e24  Modem - ok
13:17:26.0280 0x1e24  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:17:26.0303 0x1e24  monitor - ok
13:17:26.0342 0x1e24  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:17:26.0355 0x1e24  mouclass - ok
13:17:26.0371 0x1e24  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:17:26.0396 0x1e24  mouhid - ok
13:17:26.0420 0x1e24  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:17:26.0433 0x1e24  mountmgr - ok
13:17:26.0464 0x1e24  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:17:26.0479 0x1e24  MozillaMaintenance - ok
13:17:26.0511 0x1e24  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:17:26.0526 0x1e24  mpio - ok
13:17:26.0542 0x1e24  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:17:26.0589 0x1e24  mpsdrv - ok
13:17:26.0634 0x1e24  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:17:26.0719 0x1e24  MpsSvc - ok
13:17:26.0751 0x1e24  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:17:26.0795 0x1e24  MRxDAV - ok
13:17:26.0823 0x1e24  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:17:26.0864 0x1e24  mrxsmb - ok
13:17:26.0885 0x1e24  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:17:26.0914 0x1e24  mrxsmb10 - ok
13:17:26.0930 0x1e24  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:17:26.0944 0x1e24  mrxsmb20 - ok
13:17:26.0972 0x1e24  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:17:26.0984 0x1e24  msahci - ok
13:17:27.0017 0x1e24  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
13:17:27.0031 0x1e24  MSCamSvc - ok
13:17:27.0050 0x1e24  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:17:27.0065 0x1e24  msdsm - ok
13:17:27.0077 0x1e24  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:17:27.0107 0x1e24  MSDTC - ok
13:17:27.0142 0x1e24  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:17:27.0188 0x1e24  Msfs - ok
13:17:27.0217 0x1e24  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:17:27.0251 0x1e24  mshidkmdf - ok
13:17:27.0282 0x1e24  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:17:27.0294 0x1e24  msisadrv - ok
13:17:27.0321 0x1e24  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:17:27.0373 0x1e24  MSiSCSI - ok
13:17:27.0379 0x1e24  msiserver - ok
13:17:27.0397 0x1e24  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:17:27.0430 0x1e24  MSKSSRV - ok
13:17:27.0438 0x1e24  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:17:27.0484 0x1e24  MSPCLOCK - ok
13:17:27.0504 0x1e24  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:17:27.0536 0x1e24  MSPQM - ok
13:17:27.0580 0x1e24  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:17:27.0609 0x1e24  MsRPC - ok
13:17:27.0624 0x1e24  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:17:27.0636 0x1e24  mssmbios - ok
13:17:27.0649 0x1e24  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:17:27.0684 0x1e24  MSTEE - ok
13:17:27.0698 0x1e24  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:17:27.0724 0x1e24  MTConfig - ok
13:17:27.0745 0x1e24  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:17:27.0758 0x1e24  Mup - ok
13:17:27.0800 0x1e24  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:17:27.0865 0x1e24  napagent - ok
13:17:27.0896 0x1e24  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:17:27.0930 0x1e24  NativeWifiP - ok
13:17:27.0981 0x1e24  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:17:28.0030 0x1e24  NDIS - ok
13:17:28.0046 0x1e24  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:17:28.0081 0x1e24  NdisCap - ok
13:17:28.0096 0x1e24  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:17:28.0144 0x1e24  NdisTapi - ok
13:17:28.0168 0x1e24  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:17:28.0202 0x1e24  Ndisuio - ok
13:17:28.0234 0x1e24  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:17:28.0286 0x1e24  NdisWan - ok
13:17:28.0312 0x1e24  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:17:28.0357 0x1e24  NDProxy - ok
13:17:28.0407 0x1e24  [ D4F51E88C71BF8F06EA1BE320B0BB75B, ABDA528F8159290BFDFBAAFC3BDA4484649FF612FD1D9E74284CA7DBA00A4B0D ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:17:28.0422 0x1e24  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:17:31.0138 0x1e24  Detect skipped due to KSN trusted
13:17:31.0138 0x1e24  Net Driver HPZ12 - ok
13:17:31.0160 0x1e24  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:17:31.0227 0x1e24  NetBIOS - ok
13:17:31.0263 0x1e24  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:17:31.0330 0x1e24  NetBT - ok
13:17:31.0346 0x1e24  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon        C:\Windows\system32\lsass.exe
13:17:31.0359 0x1e24  Netlogon - ok
13:17:31.0394 0x1e24  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:17:31.0458 0x1e24  Netman - ok
13:17:31.0513 0x1e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:31.0530 0x1e24  NetMsmqActivator - ok
13:17:31.0554 0x1e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:31.0571 0x1e24  NetPipeActivator - ok
13:17:31.0596 0x1e24  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:17:31.0647 0x1e24  netprofm - ok
13:17:31.0659 0x1e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:31.0676 0x1e24  NetTcpActivator - ok
13:17:31.0684 0x1e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:31.0701 0x1e24  NetTcpPortSharing - ok
13:17:31.0713 0x1e24  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:17:31.0725 0x1e24  nfrd960 - ok
13:17:31.0769 0x1e24  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:17:31.0838 0x1e24  NlaSvc - ok
13:17:31.0851 0x1e24  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:17:31.0917 0x1e24  Npfs - ok
13:17:31.0938 0x1e24  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:17:31.0983 0x1e24  nsi - ok
13:17:31.0998 0x1e24  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:17:32.0041 0x1e24  nsiproxy - ok
13:17:32.0117 0x1e24  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:17:32.0186 0x1e24  Ntfs - ok
13:17:32.0197 0x1e24  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:17:32.0231 0x1e24  Null - ok
13:17:32.0244 0x1e24  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:17:32.0259 0x1e24  nvraid - ok
13:17:32.0293 0x1e24  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:17:32.0308 0x1e24  nvstor - ok
13:17:32.0329 0x1e24  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:17:32.0343 0x1e24  nv_agp - ok
13:17:32.0419 0x1e24  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:17:32.0447 0x1e24  odserv - ok
13:17:32.0475 0x1e24  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:17:32.0502 0x1e24  ohci1394 - ok
13:17:32.0522 0x1e24  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:17:32.0536 0x1e24  ose - ok
13:17:32.0566 0x1e24  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:17:32.0615 0x1e24  p2pimsvc - ok
13:17:32.0636 0x1e24  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:17:32.0677 0x1e24  p2psvc - ok
13:17:32.0714 0x1e24  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:17:32.0746 0x1e24  Parport - ok
13:17:32.0799 0x1e24  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:17:32.0829 0x1e24  partmgr - ok
13:17:32.0869 0x1e24  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:17:32.0908 0x1e24  PcaSvc - ok
13:17:32.0944 0x1e24  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:17:32.0963 0x1e24  pci - ok
13:17:32.0998 0x1e24  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:17:33.0009 0x1e24  pciide - ok
13:17:33.0032 0x1e24  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:17:33.0060 0x1e24  pcmcia - ok
13:17:33.0069 0x1e24  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:17:33.0082 0x1e24  pcw - ok
13:17:33.0114 0x1e24  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:17:33.0167 0x1e24  PEAUTH - ok
13:17:33.0221 0x1e24  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:17:33.0306 0x1e24  PeerDistSvc - ok
13:17:33.0364 0x1e24  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:17:33.0387 0x1e24  PerfHost - ok
13:17:33.0462 0x1e24  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:17:33.0542 0x1e24  pla - ok
13:17:33.0582 0x1e24  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:17:33.0635 0x1e24  PlugPlay - ok
13:17:33.0663 0x1e24  [ 9A80707D8B6C1806531BFD7399B3CC76, C9996A265B0C461843DECE336314AEDD38D3F0644A8AA4D3F20D3496AD17956B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:17:33.0670 0x1e24  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
13:17:36.0388 0x1e24  Detect skipped due to KSN trusted
13:17:36.0388 0x1e24  Pml Driver HPZ12 - ok
13:17:36.0423 0x1e24  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:17:36.0447 0x1e24  PNRPAutoReg - ok
13:17:36.0475 0x1e24  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:17:36.0494 0x1e24  PNRPsvc - ok
13:17:36.0537 0x1e24  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:17:36.0587 0x1e24  PolicyAgent - ok
13:17:36.0611 0x1e24  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:17:36.0658 0x1e24  Power - ok
13:17:36.0703 0x1e24  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:17:36.0737 0x1e24  PptpMiniport - ok
13:17:36.0748 0x1e24  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:17:36.0778 0x1e24  Processor - ok
13:17:36.0830 0x1e24  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:17:36.0861 0x1e24  ProfSvc - ok
13:17:36.0872 0x1e24  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:17:36.0887 0x1e24  ProtectedStorage - ok
13:17:36.0927 0x1e24  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:17:36.0977 0x1e24  Psched - ok
13:17:37.0042 0x1e24  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:17:37.0111 0x1e24  ql2300 - ok
13:17:37.0127 0x1e24  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:17:37.0141 0x1e24  ql40xx - ok
13:17:37.0166 0x1e24  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:17:37.0207 0x1e24  QWAVE - ok
13:17:37.0225 0x1e24  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:17:37.0256 0x1e24  QWAVEdrv - ok
13:17:37.0271 0x1e24  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:17:37.0315 0x1e24  RasAcd - ok
13:17:37.0346 0x1e24  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:17:37.0382 0x1e24  RasAgileVpn - ok
13:17:37.0389 0x1e24  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:17:37.0435 0x1e24  RasAuto - ok
13:17:37.0466 0x1e24  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:17:37.0501 0x1e24  Rasl2tp - ok
13:17:37.0540 0x1e24  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:17:37.0599 0x1e24  RasMan - ok
13:17:37.0629 0x1e24  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:17:37.0677 0x1e24  RasPppoe - ok
13:17:37.0697 0x1e24  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:17:37.0734 0x1e24  RasSstp - ok
13:17:37.0779 0x1e24  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:17:37.0827 0x1e24  rdbss - ok
13:17:37.0839 0x1e24  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:17:37.0875 0x1e24  rdpbus - ok
13:17:37.0923 0x1e24  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:17:37.0965 0x1e24  RDPCDD - ok
13:17:38.0069 0x1e24  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:17:38.0098 0x1e24  RDPDR - ok
13:17:38.0110 0x1e24  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:17:38.0143 0x1e24  RDPENCDD - ok
13:17:38.0156 0x1e24  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:17:38.0189 0x1e24  RDPREFMP - ok
13:17:38.0248 0x1e24  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:17:38.0286 0x1e24  RdpVideoMiniport - ok
13:17:38.0321 0x1e24  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:17:38.0361 0x1e24  RDPWD - ok
13:17:38.0400 0x1e24  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:17:38.0427 0x1e24  rdyboost - ok
13:17:38.0447 0x1e24  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:17:38.0494 0x1e24  RemoteAccess - ok
13:17:38.0522 0x1e24  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:17:38.0563 0x1e24  RemoteRegistry - ok
13:17:38.0577 0x1e24  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:17:38.0625 0x1e24  RpcEptMapper - ok
13:17:38.0644 0x1e24  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:17:38.0671 0x1e24  RpcLocator - ok
13:17:38.0708 0x1e24  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:17:38.0753 0x1e24  RpcSs - ok
13:17:38.0778 0x1e24  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:17:38.0818 0x1e24  rspndr - ok
13:17:38.0859 0x1e24  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:17:38.0897 0x1e24  RTL8167 - ok
13:17:38.0927 0x1e24  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:17:38.0964 0x1e24  s3cap - ok
13:17:38.0980 0x1e24  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs           C:\Windows\system32\lsass.exe
13:17:38.0992 0x1e24  SamSs - ok
13:17:39.0023 0x1e24  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:17:39.0038 0x1e24  sbp2port - ok
13:17:39.0056 0x1e24  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:17:39.0097 0x1e24  SCardSvr - ok
13:17:39.0125 0x1e24  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:17:39.0171 0x1e24  scfilter - ok
13:17:39.0233 0x1e24  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:17:39.0310 0x1e24  Schedule - ok
13:17:39.0345 0x1e24  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:17:39.0378 0x1e24  SCPolicySvc - ok
13:17:39.0412 0x1e24  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:17:39.0439 0x1e24  SDRSVC - ok
13:17:39.0455 0x1e24  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:17:39.0489 0x1e24  secdrv - ok
13:17:39.0524 0x1e24  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:17:39.0571 0x1e24  seclogon - ok
13:17:39.0589 0x1e24  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
13:17:39.0638 0x1e24  SENS - ok
13:17:39.0654 0x1e24  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:17:39.0697 0x1e24  SensrSvc - ok
13:17:39.0712 0x1e24  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:17:39.0724 0x1e24  Serenum - ok
13:17:39.0736 0x1e24  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:17:39.0750 0x1e24  Serial - ok
13:17:39.0759 0x1e24  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:17:39.0787 0x1e24  sermouse - ok
13:17:39.0820 0x1e24  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:17:39.0870 0x1e24  SessionEnv - ok
13:17:39.0894 0x1e24  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:17:39.0930 0x1e24  sffdisk - ok
13:17:39.0960 0x1e24  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:17:39.0970 0x1e24  sffp_mmc - ok
13:17:39.0981 0x1e24  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:17:39.0996 0x1e24  sffp_sd - ok
13:17:40.0009 0x1e24  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:17:40.0034 0x1e24  sfloppy - ok
13:17:40.0067 0x1e24  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:17:40.0117 0x1e24  SharedAccess - ok
13:17:40.0160 0x1e24  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:17:40.0210 0x1e24  ShellHWDetection - ok
13:17:40.0219 0x1e24  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:17:40.0231 0x1e24  SiSRaid2 - ok
13:17:40.0244 0x1e24  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:17:40.0257 0x1e24  SiSRaid4 - ok
13:17:40.0311 0x1e24  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:17:40.0332 0x1e24  SkypeUpdate - ok
13:17:40.0346 0x1e24  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:17:40.0383 0x1e24  Smb - ok
13:17:40.0418 0x1e24  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:17:40.0445 0x1e24  SNMPTRAP - ok
13:17:40.0466 0x1e24  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:17:40.0478 0x1e24  spldr - ok
13:17:40.0506 0x1e24  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:17:40.0537 0x1e24  Spooler - ok
13:17:40.0709 0x1e24  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:17:40.0838 0x1e24  sppsvc - ok
13:17:40.0866 0x1e24  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:17:40.0902 0x1e24  sppuinotify - ok
13:17:40.0928 0x1e24  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:17:40.0980 0x1e24  srv - ok
13:17:40.0999 0x1e24  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:17:41.0030 0x1e24  srv2 - ok
13:17:41.0053 0x1e24  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:17:41.0069 0x1e24  srvnet - ok
13:17:41.0084 0x1e24  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:17:41.0133 0x1e24  SSDPSRV - ok
13:17:41.0152 0x1e24  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:17:41.0187 0x1e24  SstpSvc - ok
13:17:41.0219 0x1e24  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
13:17:41.0236 0x1e24  ssudmdm - ok
13:17:41.0259 0x1e24  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:17:41.0271 0x1e24  stexstor - ok
13:17:41.0309 0x1e24  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
13:17:41.0332 0x1e24  StillCam - ok
13:17:41.0380 0x1e24  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:17:41.0428 0x1e24  stisvc - ok
13:17:41.0457 0x1e24  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:17:41.0469 0x1e24  storflt - ok
13:17:41.0477 0x1e24  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:17:41.0489 0x1e24  storvsc - ok
13:17:41.0514 0x1e24  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:17:41.0525 0x1e24  swenum - ok
13:17:41.0551 0x1e24  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:17:41.0611 0x1e24  swprv - ok
13:17:41.0617 0x1e24  Synth3dVsc - ok
13:17:41.0691 0x1e24  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:17:41.0773 0x1e24  SysMain - ok
13:17:41.0807 0x1e24  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:17:41.0825 0x1e24  TabletInputService - ok
13:17:41.0862 0x1e24  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:17:41.0915 0x1e24  TapiSrv - ok
13:17:41.0929 0x1e24  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:17:41.0975 0x1e24  TBS - ok
13:17:42.0054 0x1e24  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:17:42.0132 0x1e24  Tcpip - ok
13:17:42.0209 0x1e24  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:17:42.0267 0x1e24  TCPIP6 - ok
13:17:42.0309 0x1e24  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:17:42.0337 0x1e24  tcpipreg - ok
13:17:42.0372 0x1e24  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:17:42.0406 0x1e24  TDPIPE - ok
13:17:42.0451 0x1e24  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:17:42.0471 0x1e24  TDTCP - ok
13:17:42.0507 0x1e24  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:17:42.0549 0x1e24  tdx - ok
13:17:42.0806 0x1e24  [ E99CD4524662A2DA7C73372C626669D8, 694DF29BF6CFF8CA06B8C701BBD148DCF58D6A6ECE3CF6CC900B0D0E5A3DFDF2 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
13:17:42.0946 0x1e24  TeamViewer9 - ok
13:17:42.0988 0x1e24  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:17:43.0000 0x1e24  TermDD - ok
13:17:43.0053 0x1e24  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:17:43.0113 0x1e24  TermService - ok
13:17:43.0135 0x1e24  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:17:43.0152 0x1e24  Themes - ok
13:17:43.0175 0x1e24  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:17:43.0209 0x1e24  THREADORDER - ok
13:17:43.0226 0x1e24  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:17:43.0279 0x1e24  TrkWks - ok
13:17:43.0338 0x1e24  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:17:43.0405 0x1e24  TrustedInstaller - ok
13:17:43.0437 0x1e24  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:17:43.0461 0x1e24  tssecsrv - ok
13:17:43.0475 0x1e24  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:17:43.0509 0x1e24  TsUsbFlt - ok
13:17:43.0514 0x1e24  tsusbhub - ok
13:17:43.0568 0x1e24  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:17:43.0623 0x1e24  tunnel - ok
13:17:43.0641 0x1e24  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:17:43.0654 0x1e24  uagp35 - ok
13:17:43.0688 0x1e24  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:17:43.0750 0x1e24  udfs - ok
13:17:43.0774 0x1e24  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:17:43.0789 0x1e24  UI0Detect - ok
13:17:43.0806 0x1e24  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:17:43.0818 0x1e24  uliagpkx - ok
13:17:43.0848 0x1e24  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:17:43.0861 0x1e24  umbus - ok
13:17:43.0877 0x1e24  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:17:43.0904 0x1e24  UmPass - ok
13:17:43.0939 0x1e24  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:17:43.0975 0x1e24  UmRdpService - ok
13:17:44.0000 0x1e24  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:17:44.0042 0x1e24  upnphost - ok
13:17:44.0071 0x1e24  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:17:44.0106 0x1e24  USBAAPL64 - ok
13:17:44.0131 0x1e24  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:17:44.0150 0x1e24  usbaudio - ok
13:17:44.0172 0x1e24  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:17:44.0193 0x1e24  usbccgp - ok
13:17:44.0221 0x1e24  [ 2163EAEFAF0B3F810B0FB74B6DAD10C9, F2E7FA1B420D9715E11EF24DD41B3F7DECA906A6B22859057168FC92CC330100 ] usbcdc          C:\Windows\system32\DRIVERS\usbcdc.sys
13:17:44.0241 0x1e24  usbcdc - detected UnsignedFile.Multi.Generic ( 1 )
13:17:46.0923 0x1e24  Detect skipped due to KSN trusted
13:17:46.0923 0x1e24  usbcdc - ok
13:17:46.0978 0x1e24  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:17:47.0011 0x1e24  usbcir - ok
13:17:47.0032 0x1e24  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:17:47.0049 0x1e24  usbehci - ok
13:17:47.0079 0x1e24  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:17:47.0125 0x1e24  usbhub - ok
13:17:47.0143 0x1e24  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:17:47.0154 0x1e24  usbohci - ok
13:17:47.0176 0x1e24  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:17:47.0202 0x1e24  usbprint - ok
13:17:47.0221 0x1e24  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:17:47.0260 0x1e24  USBSTOR - ok
13:17:47.0279 0x1e24  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:17:47.0291 0x1e24  usbuhci - ok
13:17:47.0317 0x1e24  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:17:47.0347 0x1e24  usbvideo - ok
13:17:47.0376 0x1e24  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:17:47.0424 0x1e24  UxSms - ok
13:17:47.0438 0x1e24  [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc        C:\Windows\system32\lsass.exe
13:17:47.0450 0x1e24  VaultSvc - ok
13:17:47.0478 0x1e24  [ 9C939649C790D97F1F3552F74D7FC47A, 9CDFFE245F0F8CC7D80EF8AB96C92861384A3798B3E37CAD6D93387D26627C0E ] vcdc            C:\Windows\system32\DRIVERS\vcdc.sys
13:17:47.0516 0x1e24  vcdc - detected UnsignedFile.Multi.Generic ( 1 )
13:17:50.0224 0x1e24  Detect skipped due to KSN trusted
13:17:50.0224 0x1e24  vcdc - ok
13:17:50.0290 0x1e24  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:17:50.0312 0x1e24  vdrvroot - ok
13:17:50.0358 0x1e24  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:17:50.0426 0x1e24  vds - ok
13:17:50.0448 0x1e24  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:17:50.0463 0x1e24  vga - ok
13:17:50.0485 0x1e24  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:17:50.0529 0x1e24  VgaSave - ok
13:17:50.0534 0x1e24  VGPU - ok
13:17:50.0565 0x1e24  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:17:50.0593 0x1e24  vhdmp - ok
13:17:50.0621 0x1e24  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:17:50.0633 0x1e24  viaide - ok
13:17:50.0653 0x1e24  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:17:50.0670 0x1e24  vmbus - ok
13:17:50.0685 0x1e24  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:17:50.0696 0x1e24  VMBusHID - ok
13:17:50.0710 0x1e24  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:17:50.0723 0x1e24  volmgr - ok
13:17:50.0765 0x1e24  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:17:50.0793 0x1e24  volmgrx - ok
13:17:50.0832 0x1e24  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:17:50.0860 0x1e24  volsnap - ok
13:17:50.0879 0x1e24  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:17:50.0894 0x1e24  vsmraid - ok
13:17:50.0990 0x1e24  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:17:51.0082 0x1e24  VSS - ok
13:17:51.0104 0x1e24  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:17:51.0130 0x1e24  vwifibus - ok
13:17:51.0169 0x1e24  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:17:51.0221 0x1e24  W32Time - ok
13:17:51.0235 0x1e24  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:17:51.0255 0x1e24  WacomPen - ok
13:17:51.0298 0x1e24  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:17:51.0346 0x1e24  WANARP - ok
13:17:51.0360 0x1e24  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:17:51.0393 0x1e24  Wanarpv6 - ok
13:17:51.0464 0x1e24  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:17:51.0539 0x1e24  wbengine - ok
13:17:51.0556 0x1e24  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:17:51.0588 0x1e24  WbioSrvc - ok
13:17:51.0642 0x1e24  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:17:51.0710 0x1e24  wcncsvc - ok
13:17:51.0726 0x1e24  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:17:51.0763 0x1e24  WcsPlugInService - ok
13:17:51.0774 0x1e24  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:17:51.0788 0x1e24  Wd - ok
13:17:51.0845 0x1e24  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:17:51.0899 0x1e24  Wdf01000 - ok
13:17:51.0931 0x1e24  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:17:51.0970 0x1e24  WdiServiceHost - ok
13:17:51.0976 0x1e24  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:17:51.0990 0x1e24  WdiSystemHost - ok
13:17:52.0028 0x1e24  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:17:52.0073 0x1e24  WebClient - ok
13:17:52.0096 0x1e24  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:17:52.0160 0x1e24  Wecsvc - ok
13:17:52.0178 0x1e24  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:17:52.0225 0x1e24  wercplsupport - ok
13:17:52.0250 0x1e24  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:17:52.0299 0x1e24  WerSvc - ok
13:17:52.0328 0x1e24  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:17:52.0360 0x1e24  WfpLwf - ok
13:17:52.0377 0x1e24  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:17:52.0389 0x1e24  WIMMount - ok
13:17:52.0412 0x1e24  WinDefend - ok
13:17:52.0424 0x1e24  WinHttpAutoProxySvc - ok
13:17:52.0471 0x1e24  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:17:52.0552 0x1e24  Winmgmt - ok
13:17:52.0643 0x1e24  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
13:17:52.0778 0x1e24  WinRM - ok
13:17:52.0840 0x1e24  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
13:17:52.0855 0x1e24  WinUsb - ok
13:17:52.0898 0x1e24  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:17:52.0950 0x1e24  Wlansvc - ok
13:17:53.0057 0x1e24  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:17:53.0124 0x1e24  wlidsvc - ok
13:17:53.0154 0x1e24  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:17:53.0166 0x1e24  WmiAcpi - ok
13:17:53.0183 0x1e24  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:17:53.0224 0x1e24  wmiApSrv - ok
13:17:53.0286 0x1e24  WMPNetworkSvc - ok
13:17:53.0370 0x1e24  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:17:53.0433 0x1e24  WPCSvc - ok
13:17:53.0468 0x1e24  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:17:53.0506 0x1e24  WPDBusEnum - ok
13:17:53.0522 0x1e24  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:17:53.0579 0x1e24  ws2ifsl - ok
13:17:53.0600 0x1e24  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
13:17:53.0619 0x1e24  wscsvc - ok
13:17:53.0623 0x1e24  WSearch - ok
13:17:53.0798 0x1e24  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:17:53.0910 0x1e24  wuauserv - ok
13:17:53.0944 0x1e24  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:17:53.0962 0x1e24  WudfPf - ok
13:17:53.0984 0x1e24  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
13:17:54.0016 0x1e24  WUDFRd - ok
13:17:54.0047 0x1e24  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:17:54.0069 0x1e24  wudfsvc - ok
13:17:54.0096 0x1e24  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:17:54.0128 0x1e24  WwanSvc - ok
13:17:54.0144 0x1e24  ================ Scan global ===============================
13:17:54.0170 0x1e24  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:17:54.0198 0x1e24  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
13:17:54.0223 0x1e24  [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
13:17:54.0246 0x1e24  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:17:54.0284 0x1e24  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
13:17:54.0301 0x1e24  [ Global ] - ok
13:17:54.0301 0x1e24  ================ Scan MBR ==================================
13:17:54.0309 0x1e24  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:17:54.0538 0x1e24  \Device\Harddisk0\DR0 - ok
13:17:54.0539 0x1e24  ================ Scan VBR ==================================
13:17:54.0543 0x1e24  [ 7AF00957747C7C909DA3AA2891CC2B9A ] \Device\Harddisk0\DR0\Partition1
13:17:54.0545 0x1e24  \Device\Harddisk0\DR0\Partition1 - ok
13:17:54.0550 0x1e24  [ 4F12C962C3ADE5191615374297356787 ] \Device\Harddisk0\DR0\Partition2
13:17:54.0551 0x1e24  \Device\Harddisk0\DR0\Partition2 - ok
13:17:54.0557 0x1e24  [ 11AFAC3418102E7147B0A22D1FB045B9 ] \Device\Harddisk0\DR0\Partition3
13:17:54.0559 0x1e24  \Device\Harddisk0\DR0\Partition3 - ok
13:17:54.0560 0x1e24  ================ Scan generic autorun ======================
13:17:54.0839 0x1e24  [ B7826A4D54C39019D8BC19A484D5D5EC, BCBA7D3CB1BC5BF3F092FD11BD2C1878290EED8A9D8E086F946553B5FAD565C9 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
13:17:55.0028 0x1e24  RTHDVCPL - ok
13:17:55.0080 0x1e24  [ 076B3EE149E01ADBAC2DC529554A3FD9, 4F65D9D2EE44829AA2264210112851E899165C2346489BEBE679C41420CF7D07 ] C:\Program Files\iTunes\iTunesHelper.exe
13:17:55.0092 0x1e24  iTunesHelper - ok
13:17:55.0221 0x1e24  [ F8B096E7EC6BD3807660149EB16A9788, 49FCF83B8923EED64CE270C13491250B5D06193175340C68B82ABA8D8A17FC73 ] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe
13:17:55.0321 0x1e24  HP LaserJet Professional CM1410 Series Fax - ok
13:17:55.0353 0x1e24  Skype - ok
13:17:55.0356 0x1e24  Waiting for KSN requests completion. In queue: 51
13:17:56.0356 0x1e24  Waiting for KSN requests completion. In queue: 51
13:17:57.0356 0x1e24  Waiting for KSN requests completion. In queue: 51
13:17:58.0451 0x1e24  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x40000 ( disabled : updated )
13:17:58.0453 0x1e24  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x40010 ( disabled )
13:17:58.0458 0x1e24  Win FW state via NFP2: enabled
13:18:01.0247 0x1e24  ============================================================
13:18:01.0247 0x1e24  Scan finished
13:18:01.0247 0x1e24  ============================================================
13:18:01.0273 0x1cb0  Detected object count: 0
13:18:01.0273 0x1cb0  Actual detected object count: 0
         

Alt 04.06.2015, 20:51   #9
schrauber
/// the machine
/// TB-Ausbilder
 

unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2015, 22:36   #10
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Code:
ATTFilter
ComboFix 15-05-31.01 - Marc 04.06.2015  22:50:59.2.3 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.5626.3504 [GMT 2:00]
ausgeführt von:: c:\users\Marc\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\erdnt\cache64\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-04 bis 2015-06-04  ))))))))))))))))))))))))))))))
.
.
2015-06-04 20:59 . 2015-06-04 20:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-04 20:59 . 2015-06-04 20:59	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-06-04 20:45 . 2013-05-06 06:13	110176	----a-w-	c:\windows\system32\klfphc.dll
2015-06-04 20:45 . 2015-06-04 20:45	--------	d-----w-	c:\windows\ELAMBKUP
2015-06-04 20:45 . 2015-06-04 21:12	--------	d-----w-	c:\programdata\Kaspersky Lab
2015-06-04 20:45 . 2015-06-04 20:45	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2015-06-04 20:44 . 2015-05-18 20:16	842440	----a-w-	c:\windows\system32\drivers\klif.sys
2015-06-04 20:44 . 2014-11-28 16:19	151240	----a-w-	c:\windows\system32\drivers\klflt.sys
2015-06-04 20:44 . 2014-10-22 19:13	245960	----a-w-	c:\windows\system32\drivers\klhk.sys
2015-06-04 11:11 . 2015-06-04 11:12	--------	d-----w-	c:\users\Marc\AppData\Local\gtk-2.0
2015-06-04 11:11 . 2015-06-04 11:11	--------	d-----w-	c:\users\Marc\.thumbnails
2015-06-04 11:06 . 2015-06-04 11:06	--------	d-----w-	c:\users\Marc\AppData\Local\fontconfig
2015-06-04 11:06 . 2015-06-04 11:12	--------	d-----w-	c:\users\Marc\.gimp-2.8
2015-06-04 11:06 . 2015-06-04 11:06	--------	d-----w-	c:\users\Marc\AppData\Local\gegl-0.2
2015-06-04 10:31 . 2015-06-04 11:14	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-03 19:50 . 2015-06-03 19:51	--------	d-----w-	C:\FRST
2015-06-03 14:26 . 2015-06-03 14:26	--------	d-----w-	c:\program files (x86)\Avira
2015-06-03 14:26 . 2015-06-03 14:26	--------	d-----w-	c:\programdata\Avira
2015-06-03 08:11 . 2015-06-04 20:34	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-03 08:10 . 2015-06-04 10:30	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-03 08:10 . 2015-06-03 08:10	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-06-03 08:10 . 2015-06-03 08:10	--------	d-----w-	c:\programdata\Malwarebytes
2015-06-03 08:10 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-06-03 08:10 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-06-02 07:36 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8414463-0C80-44CE-AA49-536572DF4F4D}\mpengine.dll
2015-06-01 06:49 . 2015-06-01 06:49	--------	d-----w-	c:\users\Marc\AppData\Local\GWX
2015-05-18 20:16 . 2015-05-18 20:16	56008	----a-w-	c:\windows\system32\drivers\kldisk.sys
2015-05-14 18:02 . 2015-05-14 18:02	--------	d-----w-	c:\programdata\ATI
2015-05-14 11:23 . 2015-05-14 11:23	--------	d-----w-	c:\users\Marc\AppData\Roaming\library_dir
2015-05-14 11:22 . 2015-05-14 11:27	--------	d-----w-	c:\program files (x86)\Raptr
2015-05-14 11:22 . 2015-05-14 11:22	--------	d-----w-	c:\program files (x86)\AMD AVT
2015-05-14 11:22 . 2015-05-14 11:22	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2015-05-14 11:18 . 2015-05-14 11:18	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2015-05-14 11:18 . 2015-05-14 11:22	--------	d-----w-	c:\program files (x86)\AMD
2015-05-14 11:17 . 2015-06-03 14:25	--------	d-----w-	c:\programdata\Package Cache
2015-05-14 11:16 . 2015-05-14 11:22	--------	d-----w-	c:\program files\AMD
2015-05-14 11:15 . 2015-05-14 11:15	--------	d-----w-	C:\AMD
2015-05-14 01:02 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:02 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:20 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-13 09:16 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-13 09:16 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-13 09:16 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-13 09:16 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-13 09:16 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-13 09:16 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-13 09:16 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 01:05 . 2013-02-24 22:14	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 09:21	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-15 02:46 . 2013-02-21 17:29	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 02:46 . 2013-02-21 17:29	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 02:46 . 2015-04-15 02:46	18178736	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-03-25 03:24 . 2015-04-15 09:49	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 09:49	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 09:49	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 09:49	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 09:49	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 09:49	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 09:49	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 09:49	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 09:49	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 09:49	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 09:49	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 09:49	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 09:49	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 09:49	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 09:49	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 09:49	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 09:49	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 09:49	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 09:49	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 09:49	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 09:49	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 09:49	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 09:49	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 09:49	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 09:49	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 09:49	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 09:49	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 09:49	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-05-21 130864]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2013-10-31 25214]
t@x aktuell.lnk - c:\program files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe [2014-7-6 589080]
XPhone 2.0.lnk - c:\windows\Installer\{6D36E55D-E2D6-4617-9DE6-AB1A012C8EE2}\XPhone.exe [2013-2-24 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys;c:\windows\SYSNATIVE\drivers\avmport.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 vcdc;vcdc;c:\windows\system32\DRIVERS\vcdc.sys;c:\windows\SYSNATIVE\DRIVERS\vcdc.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys;c:\windows\SYSNATIVE\DRIVERS\AVMCOWAN.sys [x]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys;c:\windows\SYSNATIVE\DRIVERS\fpcibase.sys [x]
S3 isdnusb;ISDN USB Driver;c:\windows\system32\DRIVERS\isdnusb.sys;c:\windows\SYSNATIVE\DRIVERS\isdnusb.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbcdc;Serial USB CDC Driver;c:\windows\system32\DRIVERS\usbcdc.sys;c:\windows\SYSNATIVE\DRIVERS\usbcdc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-21 02:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 3707704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
TCP: Interfaces\{B2B7DE8A-EF73-417D-B0D2-C38ED8F64CAB}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\h1ekxa2x.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\XPhone20\XPhone.exe
c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-04  23:18:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-04 21:18
ComboFix2.txt  2015-06-03 14:02
.
Vor Suchlauf: 13 Verzeichnis(se), 38.525.284.352 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 37.597.941.760 Bytes frei
.
- - End Of File - - 80086E421E1B907F5D6CA67DD6046B67
A36C5E4F47E84449FF07ED3517B43A31
         
Hallo Schrauber,

haben Sie schon eine Vermutung wo das ganze hinläuft oder sind wir noch auf der Suche nach der Nadel im Heuhaufen.

Ich bin totaler Laie auf diesem Gebiet und habe keine Ahnung von dem was wir hier machen. Deswegen die dumme Frage.

Gruß Marc

Alt 05.06.2015, 19:37   #11
schrauber
/// the machine
/// TB-Ausbilder
 

unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Wir sind schon beim Bereinigen


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.06.2015, 21:38   #12
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.06.2015
Suchlauf-Zeit: 21:39:02
Logdatei: Malewarebytes 05.06.2015.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.05.05
Rootkit Datenbank: v2015.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marc

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 442698
Verstrichene Zeit: 24 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 05/06/2015 um 22:11:15
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Marc - MARC-PC
# Gestarted von : C:\Users\Marc\Desktop\Trojaner\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[x] Nicht Gelöscht : C:\Users\Marc\AppData\Local\FileViewPro

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [2212 Bytes] - [05/06/2015 22:10:04]
AdwCleaner[S0].txt - [1976 Bytes] - [05/06/2015 22:11:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2035  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 7 Ultimate x64
Ran by Marc on 05.06.2015 at 22:15:36,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] C:\Users\Marc\appdata\local\fileviewpro



~~~ FireFox

Emptied folder: C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\h1ekxa2x.default\minidumps [46 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2015 at 22:18:31,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Marc (administrator) on MARC-PC on 05-06-2015 22:27:50
Running from C:\Users\Marc\Desktop\Trojaner
Loaded Profiles: Marc (Available Profiles: Marc & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe [3707704 2010-04-09] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk [2015-05-29]
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XPhone 2.0.lnk [2015-05-29]
ShortcutTarget: XPhone 2.0.lnk -> C:\Windows\Installer\{6D36E55D-E2D6-4617-9DE6-AB1A012C8EE2}\XPhone.exe (InstallShield Software Corp.)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: ViewerHelper Class -> {78104A01-8E71-4F30-9A36-3793799615B4} -> C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Filter-x32: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} -  No File
Filter-x32: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\..\Interfaces\{B2B7DE8A-EF73-417D-B0D2-C38ED8F64CAB}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\h1ekxa2x.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
S2 AVMPORT; C:\Windows\SysWOW64\drivers\avmport.sys [66472 2009-10-02] (AVM Berlin)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R3 isdnusb; C:\Windows\System32\DRIVERS\isdnusb.sys [263224 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 usbcdc; C:\Windows\System32\DRIVERS\usbcdc.sys [154680 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R1 vcdc; C:\Windows\System32\DRIVERS\vcdc.sys [153912 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 23:02 - 2015-11-01 23:07 - 196019032 _____ (Buhl Data Service GmbH) C:\Users\Marc\Downloads\WISOFinanz2015 (1).exe
2015-06-05 22:18 - 2015-06-05 22:18 - 00000796 _____ C:\Users\Marc\Desktop\JRT.txt
2015-06-05 22:15 - 2015-06-05 22:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARC-PC-Windows-7-Ultimate-(64-bit).dat
2015-06-05 22:15 - 2015-06-05 22:15 - 00000000 ____D C:\RegBackup
2015-06-05 22:09 - 2015-06-05 22:11 - 00000000 ____D C:\AdwCleaner
2015-06-04 23:59 - 2015-06-04 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2015-06-04 23:59 - 2015-06-04 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2015-06-04 23:57 - 2015-06-04 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2015-06-04 23:57 - 2015-06-04 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2015-06-04 23:56 - 2015-06-04 23:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-04 23:54 - 2015-06-04 23:54 - 00007624 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-06-04 16:09 - 2015-06-04 16:09 - 00000000 ____D C:\Users\Marc\Desktop\Wohnungsübergabe Kadrijaj
2015-06-04 16:09 - 2015-06-04 16:09 - 00000000 ____D C:\Users\Marc\Desktop\Bilder Kalkan
2015-06-04 16:07 - 2015-06-04 16:07 - 01197344 _____ C:\Users\Marc\Downloads\Avira AntiVir Rescue System - CHIP-Installer.exe
2015-06-04 13:12 - 2015-06-04 13:12 - 00001385 _____ C:\Users\Marc\AppData\Local\recently-used.xbel
2015-06-04 13:11 - 2015-06-04 13:12 - 00000000 ____D C:\Users\Marc\AppData\Local\gtk-2.0
2015-06-04 13:11 - 2015-06-04 13:11 - 00000000 ____D C:\Users\Marc\.thumbnails
2015-06-04 13:08 - 2015-06-04 13:08 - 01197344 _____ C:\Users\Marc\Downloads\Snipping Tool Plus - CHIP-Installer.exe
2015-06-04 13:06 - 2015-06-04 13:12 - 00000000 ____D C:\Users\Marc\.gimp-2.8
2015-06-04 13:06 - 2015-06-04 13:06 - 00000000 ____D C:\Users\Marc\AppData\Local\gegl-0.2
2015-06-04 13:03 - 2015-06-04 13:04 - 91931728 _____ (The GIMP Team ) C:\Users\Marc\Downloads\gimp-2.8.14-setup-1.exe
2015-06-04 12:31 - 2015-06-04 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-04 12:30 - 2015-06-04 13:14 - 00000000 ____D C:\Users\Marc\Desktop\mbar
2015-06-04 12:29 - 2015-06-04 12:29 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marc\Downloads\mbar-1.09.1.1004.exe
2015-06-03 21:52 - 2015-06-05 22:26 - 00000000 ____D C:\Users\Marc\Desktop\Trojaner
2015-06-03 21:50 - 2015-06-05 22:27 - 00000000 ____D C:\FRST
2015-06-03 10:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-03 10:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-03 10:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-03 10:20 - 2015-06-04 23:18 - 00000000 ____D C:\Qoobox
2015-06-03 10:20 - 2015-06-04 23:12 - 00000000 ____D C:\Windows\erdnt
2015-06-03 10:19 - 2015-06-03 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 10:16 - 2015-06-03 10:17 - 05628238 ____R (Swearware) C:\Users\Marc\Downloads\ComboFix.exe
2015-06-03 10:11 - 2015-06-05 22:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 10:10 - 2015-06-04 12:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 10:10 - 2015-06-03 10:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marc\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 10:10 - 2015-06-03 10:10 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-03 10:10 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-03 10:10 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-03 09:43 - 2015-06-03 09:43 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Marc\Downloads\avira_de_av_556eb136e785a__ws.exe
2015-06-02 21:19 - 2015-06-03 10:49 - 00012150 _____ C:\Users\Marc\Desktop\Paralelogramm Marc Himmel.xlsx
2015-06-01 13:52 - 2015-06-01 13:57 - 00000000 ____D C:\Users\Marc\Desktop\ReportMaker
2015-06-01 13:52 - 2015-06-01 13:52 - 06360161 _____ C:\Users\Marc\Downloads\ReportMaker.exe
2015-06-01 08:49 - 2015-06-01 08:49 - 00000000 ____D C:\Users\Marc\AppData\Local\GWX
2015-05-28 13:47 - 2015-06-03 15:42 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L}
2015-05-26 15:10 - 2015-05-26 15:10 - 00004096 ____H C:\Users\Marc\AppData\Local\keyfile3.drm
2015-05-19 14:13 - 2015-05-19 14:14 - 20097224 _____ C:\Users\Marc\Downloads\GetSystemInfo6.0.exe
2015-05-14 20:31 - 2015-05-14 20:31 - 00003024 _____ C:\Windows\System32\Tasks\{CB13C861-9AA2-444C-96EA-6F336EA16D4D}
2015-05-14 20:31 - 2015-05-14 20:31 - 00003024 _____ C:\Windows\System32\Tasks\{80C1809E-555E-4215-94B6-043315CBFB9F}
2015-05-14 20:30 - 2015-05-14 20:30 - 00003020 _____ C:\Windows\System32\Tasks\{EA5E40D5-C811-4128-B852-CCBA780F6358}
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\ProgramData\ATI
2015-05-14 19:53 - 2015-05-14 19:54 - 01773376 _____ (Kaspersky Lab) C:\Users\Marc\Downloads\kis15.0.2.361de_7539.exe
2015-05-14 13:23 - 2015-05-14 13:23 - 00000000 ____D C:\Users\Marc\AppData\Roaming\library_dir
2015-05-14 13:22 - 2015-05-14 13:27 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-14 13:22 - 2015-05-14 13:22 - 00058826 _____ C:\Windows\SysWOW64\CCCInstall_201505141322367696.log
2015-05-14 13:22 - 2015-05-14 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-14 13:22 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-05-14 13:18 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AMD
2015-05-14 13:18 - 2015-05-14 13:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-05-14 13:17 - 2015-06-04 23:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-14 13:16 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files\AMD
2015-05-14 13:15 - 2015-05-14 13:15 - 00000000 ____D C:\AMD
2015-05-14 13:09 - 2015-05-14 13:09 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Marc\Downloads\autodetectutility.exe
2015-05-14 10:43 - 2015-05-14 10:45 - 197295744 _____ (Kaspersky Lab) C:\Users\Marc\Downloads\kis15.0.2.361de-de.exe
2015-05-14 09:26 - 2015-05-14 09:28 - 204166464 _____ C:\Users\Marc\Downloads\kis15.0.1.415DE_7068.exe
2015-05-14 03:02 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:02 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:21 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 11:21 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 11:21 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 11:21 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 11:21 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 11:21 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 11:21 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 11:21 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 11:21 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 11:21 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 11:21 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 11:21 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 11:21 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 11:21 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 11:21 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 11:21 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 11:21 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 11:21 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 11:21 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:21 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 11:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 11:21 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 11:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 11:21 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 11:21 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 11:21 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 11:21 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 11:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 11:21 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 11:21 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 11:21 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 11:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 11:21 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 11:21 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 11:21 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 11:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 11:21 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 11:21 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 11:21 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 11:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 11:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 11:21 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 11:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 11:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 11:21 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 11:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 11:21 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 11:21 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 11:21 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 11:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 11:21 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 11:21 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 11:21 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 11:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 11:21 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 11:21 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 11:21 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 11:21 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 11:21 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 11:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 11:21 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 11:21 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 11:21 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 11:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 11:21 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 11:21 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 11:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 11:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 11:21 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 11:21 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 11:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 11:21 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 11:21 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 11:21 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 11:21 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 11:21 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 11:21 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 11:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 11:21 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 11:21 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 11:21 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 11:21 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 11:20 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 11:20 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 11:20 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 11:20 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 11:20 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 11:20 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 11:20 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 11:20 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 11:20 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 11:20 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 11:20 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 11:16 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 11:16 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 11:16 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 11:16 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:31 - 2015-05-13 09:32 - 00000000 ____D C:\Users\Marc\Desktop\Datenrettung
2015-05-11 20:30 - 2015-05-22 09:38 - 00000000 ____D C:\Users\Marc\Desktop\Haus Service MYK
2015-05-10 20:36 - 2015-05-10 20:46 - 00000000 ____D C:\Users\Marc\Desktop\Frau Westerhold

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 22:22 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 22:22 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-05 22:17 - 2014-07-24 19:00 - 00000000 ____D C:\Users\Marc\AppData\Local\FileViewPro
2015-06-05 22:13 - 2014-04-16 16:12 - 00000000 ___RD C:\Users\Marc\Dropbox
2015-06-05 22:13 - 2014-04-16 16:10 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Dropbox
2015-06-05 22:13 - 2013-02-21 22:54 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2015-06-05 22:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 22:12 - 2009-07-14 06:51 - 00045443 _____ C:\Windows\setupact.log
2015-06-05 22:11 - 2013-02-21 18:00 - 01422774 _____ C:\Windows\WindowsUpdate.log
2015-06-05 21:46 - 2013-02-21 19:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 13:13 - 2013-02-21 18:23 - 00109680 _____ C:\Users\Marc\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-04 23:45 - 2009-07-14 06:45 - 00418760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-04 23:44 - 2015-03-26 08:38 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Samsung
2015-06-04 23:44 - 2015-03-26 08:37 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-04 23:43 - 2013-07-02 11:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2015-06-04 23:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-04 23:11 - 2013-02-21 19:17 - 00216802 _____ C:\Windows\PFRO.log
2015-06-04 22:47 - 2015-03-09 09:57 - 00000000 ____D C:\Users\Marc\Desktop\Recovery
2015-06-04 16:30 - 2009-07-14 19:58 - 00702942 _____ C:\Windows\system32\perfh007.dat
2015-06-04 16:30 - 2009-07-14 19:58 - 00150582 _____ C:\Windows\system32\perfc007.dat
2015-06-04 16:30 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 13:12 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-04 13:11 - 2013-02-21 18:01 - 00000000 ____D C:\Users\Marc
2015-06-04 13:08 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Ulead Systems
2015-06-04 13:08 - 2013-02-21 18:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-04 13:02 - 2013-11-14 13:18 - 00000593 _____ C:\Windows\ulead32.ini
2015-06-03 16:02 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-03 15:55 - 2013-02-21 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 15:55 - 2009-07-14 04:34 - 85983232 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 62390272 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\SYSTEM.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-03 15:37 - 2013-02-21 19:05 - 00000000 ____D C:\Windows\PCHEALTH
2015-06-03 10:21 - 2013-02-24 23:35 - 00000000 ____D C:\Users\Marc\AppData\Roaming\XPhone20
2015-06-02 22:09 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-02 22:09 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-02 22:09 - 2014-10-15 18:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-02 22:09 - 2014-01-23 20:55 - 00000000 ____D C:\Users\Administrator
2015-06-02 22:09 - 2013-10-24 19:14 - 00000000 ____D C:\Windows\pss
2015-06-02 22:09 - 2013-02-21 23:27 - 00000000 ____D C:\Users\Marc\AppData\Local\HP
2015-06-02 22:09 - 2013-02-21 22:54 - 00000000 ____D C:\ProgramData\Skype
2015-06-02 22:09 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-02 22:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-01 08:48 - 2013-09-23 11:13 - 00000000 ____D C:\Users\Marc\Documents\WISO Mein Geld
2015-05-22 08:49 - 2015-02-21 13:08 - 00000000 ____D C:\Users\Marc\Documents\Elterngeld
2015-05-14 13:40 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Marc\AppData\Local\Google
2015-05-14 13:27 - 2013-02-21 19:28 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Mozilla
2015-05-14 13:22 - 2013-02-21 18:19 - 00000000 ____D C:\ProgramData\AMD
2015-05-14 13:20 - 2013-02-21 18:13 - 00000000 ____D C:\Program Files\ATI Technologies
2015-05-14 04:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 03:32 - 2013-03-14 04:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:32 - 2013-03-14 04:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:30 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:10 - 2013-07-20 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:10 - 2013-02-21 19:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 03:05 - 2013-02-25 00:14 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:02 - 2013-03-14 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 09:38 - 2014-11-10 16:51 - 00000000 ____D C:\ProgramData\firebird
2015-05-11 20:24 - 2014-04-16 16:12 - 00001013 _____ C:\Users\Marc\Desktop\Dropbox.lnk
2015-05-11 20:24 - 2014-04-16 16:11 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2013-11-20 11:32 - 2013-11-20 11:32 - 0003584 _____ () C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-26 15:10 - 2015-05-26 15:10 - 0004096 ____H () C:\Users\Marc\AppData\Local\keyfile3.drm
2015-06-04 13:12 - 2015-06-04 13:12 - 0001385 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2014-02-24 17:38 - 2014-09-09 21:18 - 0007628 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2013-12-31 22:23 - 2014-01-02 10:56 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-11-10 16:50 - 2014-12-11 18:56 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Marc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8ljdoy.dll
C:\Users\Marc\AppData\Local\Temp\Quarantine.exe
C:\Users\Marc\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 12:32

==================== End of log ============================
         

Alt 06.06.2015, 16:24   #13
schrauber
/// the machine
/// TB-Ausbilder
 

unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.06.2015, 09:13   #14
marc11833
 
unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fa299e0125e27446b992cc8757a0767f
# end=init
# utc_time=2015-06-06 06:32:19
# local_time=2015-06-06 08:32:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24206
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fa299e0125e27446b992cc8757a0767f
# end=updated
# utc_time=2015-06-06 06:35:56
# local_time=2015-06-06 08:35:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fa299e0125e27446b992cc8757a0767f
# engine=24206
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-06 08:03:21
# local_time=2015-06-06 10:03:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 62810 185250851 0 0
# scanned=338251
# found=5
# cleaned=5
# scan_time=5244
sh=9D585FF37925751A37F2E399C7A726FFF4034B10 ft=1 fh=2a7c3cfd755177e3 vn="Variante von Win32/Injector.CCAT Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Marc\AppData\Local\Adobe_User_Feed_Synchronization-{7764EE77-0M61-4F38-V100-96E2C039847L}.exe.vir"
sh=D0108E8B5901C5543EB5239EE67A0A0882111E4C ft=1 fh=7006b0dc360dfb73 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Marc\Downloads\Avira AntiVir Rescue System - CHIP-Installer.exe"
sh=EE072FA3FD3DFFA5C766D8D8F7ADAF25588914AA ft=1 fh=90acba26c47f2848 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Marc\Downloads\computerbild_downloader_fuer_pdfcreator.exe"
sh=02AD90650C1F2310A82C3747A4C2842081F64EDC ft=1 fh=43dc77ae4de067f3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Marc\Downloads\Snipping Tool Plus - CHIP-Installer.exe"
sh=21CE38C75FF6F778C68E2025FB1482299132565D ft=1 fh=1493338f14fee66b vn="Variante von Win32/InstallBrain.BH evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FT3JY44\77ZipSetup[1].exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Marc (administrator) on MARC-PC on 07-06-2015 09:44:02
Running from C:\Users\Marc\Desktop\Trojaner
Loaded Profiles: Marc (Available Profiles: Marc & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe [3707704 2010-04-09] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk [2015-05-29]
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XPhone 2.0.lnk [2015-05-29]
ShortcutTarget: XPhone 2.0.lnk -> C:\Windows\Installer\{6D36E55D-E2D6-4617-9DE6-AB1A012C8EE2}\XPhone.exe (InstallShield Software Corp.)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1819806683-1531827388-2595170997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: ViewerHelper Class -> {78104A01-8E71-4F30-9A36-3793799615B4} -> C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter-x32: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Filter-x32: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} -  No File
Filter-x32: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter-x32: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll [2005-01-27] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\..\Interfaces\{B2B7DE8A-EF73-417D-B0D2-C38ED8F64CAB}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\h1ekxa2x.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
S2 AVMPORT; C:\Windows\SysWOW64\drivers\avmport.sys [66472 2009-10-02] (AVM Berlin)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R3 isdnusb; C:\Windows\System32\DRIVERS\isdnusb.sys [263224 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 usbcdc; C:\Windows\System32\DRIVERS\usbcdc.sys [154680 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
R1 vcdc; C:\Windows\System32\DRIVERS\vcdc.sys [153912 2010-09-22] (Siemens Enterprise Communications GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 23:02 - 2015-11-01 23:07 - 196019032 _____ (Buhl Data Service GmbH) C:\Users\Marc\Downloads\WISOFinanz2015 (1).exe
2015-06-05 22:18 - 2015-06-05 22:18 - 00000796 _____ C:\Users\Marc\Desktop\JRT.txt
2015-06-05 22:15 - 2015-06-05 22:15 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARC-PC-Windows-7-Ultimate-(64-bit).dat
2015-06-05 22:15 - 2015-06-05 22:15 - 00000000 ____D C:\RegBackup
2015-06-05 22:09 - 2015-06-05 22:11 - 00000000 ____D C:\AdwCleaner
2015-06-04 23:59 - 2015-06-04 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2015-06-04 23:59 - 2015-06-04 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2015-06-04 23:57 - 2015-06-04 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2015-06-04 23:57 - 2015-06-04 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2015-06-04 23:56 - 2015-06-04 23:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-04 23:54 - 2015-06-04 23:54 - 00007624 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-06-04 16:09 - 2015-06-04 16:09 - 00000000 ____D C:\Users\Marc\Desktop\Wohnungsübergabe Kadrijaj
2015-06-04 16:09 - 2015-06-04 16:09 - 00000000 ____D C:\Users\Marc\Desktop\Bilder Kalkan
2015-06-04 13:12 - 2015-06-04 13:12 - 00001385 _____ C:\Users\Marc\AppData\Local\recently-used.xbel
2015-06-04 13:11 - 2015-06-04 13:12 - 00000000 ____D C:\Users\Marc\AppData\Local\gtk-2.0
2015-06-04 13:11 - 2015-06-04 13:11 - 00000000 ____D C:\Users\Marc\.thumbnails
2015-06-04 13:06 - 2015-06-04 13:12 - 00000000 ____D C:\Users\Marc\.gimp-2.8
2015-06-04 13:06 - 2015-06-04 13:06 - 00000000 ____D C:\Users\Marc\AppData\Local\gegl-0.2
2015-06-04 13:03 - 2015-06-04 13:04 - 91931728 _____ (The GIMP Team ) C:\Users\Marc\Downloads\gimp-2.8.14-setup-1.exe
2015-06-04 12:31 - 2015-06-04 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-04 12:30 - 2015-06-04 13:14 - 00000000 ____D C:\Users\Marc\Desktop\mbar
2015-06-04 12:29 - 2015-06-04 12:29 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marc\Downloads\mbar-1.09.1.1004.exe
2015-06-03 21:52 - 2015-06-07 09:40 - 00000000 ____D C:\Users\Marc\Desktop\Trojaner
2015-06-03 21:50 - 2015-06-07 09:44 - 00000000 ____D C:\FRST
2015-06-03 10:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-03 10:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-03 10:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-03 10:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-03 10:20 - 2015-06-04 23:18 - 00000000 ____D C:\Qoobox
2015-06-03 10:20 - 2015-06-04 23:12 - 00000000 ____D C:\Windows\erdnt
2015-06-03 10:19 - 2015-06-03 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 10:16 - 2015-06-03 10:17 - 05628238 ____R (Swearware) C:\Users\Marc\Downloads\ComboFix.exe
2015-06-03 10:11 - 2015-06-05 22:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 10:10 - 2015-06-04 12:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 10:10 - 2015-06-03 10:10 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marc\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 10:10 - 2015-06-03 10:10 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-03 10:10 - 2015-06-03 10:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-03 10:10 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-03 10:10 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-03 09:43 - 2015-06-03 09:43 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Marc\Downloads\avira_de_av_556eb136e785a__ws.exe
2015-06-02 21:19 - 2015-06-03 10:49 - 00012150 _____ C:\Users\Marc\Desktop\Paralelogramm Marc Himmel.xlsx
2015-06-01 13:52 - 2015-06-01 13:57 - 00000000 ____D C:\Users\Marc\Desktop\ReportMaker
2015-06-01 13:52 - 2015-06-01 13:52 - 06360161 _____ C:\Users\Marc\Downloads\ReportMaker.exe
2015-06-01 08:49 - 2015-06-01 08:49 - 00000000 ____D C:\Users\Marc\AppData\Local\GWX
2015-05-28 13:47 - 2015-06-03 15:42 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L}
2015-05-26 15:10 - 2015-05-26 15:10 - 00004096 ____H C:\Users\Marc\AppData\Local\keyfile3.drm
2015-05-19 14:13 - 2015-05-19 14:14 - 20097224 _____ C:\Users\Marc\Downloads\GetSystemInfo6.0.exe
2015-05-14 20:31 - 2015-05-14 20:31 - 00003024 _____ C:\Windows\System32\Tasks\{CB13C861-9AA2-444C-96EA-6F336EA16D4D}
2015-05-14 20:31 - 2015-05-14 20:31 - 00003024 _____ C:\Windows\System32\Tasks\{80C1809E-555E-4215-94B6-043315CBFB9F}
2015-05-14 20:30 - 2015-05-14 20:30 - 00003020 _____ C:\Windows\System32\Tasks\{EA5E40D5-C811-4128-B852-CCBA780F6358}
2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D C:\ProgramData\ATI
2015-05-14 19:53 - 2015-05-14 19:54 - 01773376 _____ (Kaspersky Lab) C:\Users\Marc\Downloads\kis15.0.2.361de_7539.exe
2015-05-14 13:23 - 2015-05-14 13:23 - 00000000 ____D C:\Users\Marc\AppData\Roaming\library_dir
2015-05-14 13:22 - 2015-05-14 13:27 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-14 13:22 - 2015-05-14 13:22 - 00058826 _____ C:\Windows\SysWOW64\CCCInstall_201505141322367696.log
2015-05-14 13:22 - 2015-05-14 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-14 13:22 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-05-14 13:18 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files (x86)\AMD
2015-05-14 13:18 - 2015-05-14 13:18 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-05-14 13:17 - 2015-06-04 23:24 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-14 13:16 - 2015-05-14 13:22 - 00000000 ____D C:\Program Files\AMD
2015-05-14 13:15 - 2015-05-14 13:15 - 00000000 ____D C:\AMD
2015-05-14 13:09 - 2015-05-14 13:09 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Marc\Downloads\autodetectutility.exe
2015-05-14 10:43 - 2015-05-14 10:45 - 197295744 _____ (Kaspersky Lab) C:\Users\Marc\Downloads\kis15.0.2.361de-de.exe
2015-05-14 09:26 - 2015-05-14 09:28 - 204166464 _____ C:\Users\Marc\Downloads\kis15.0.1.415DE_7068.exe
2015-05-14 03:02 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:02 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:21 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 11:21 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 11:21 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 11:21 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 11:21 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 11:21 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 11:21 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 11:21 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 11:21 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 11:21 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 11:21 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 11:21 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 11:21 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 11:21 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 11:21 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 11:21 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 11:21 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 11:21 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 11:21 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 11:21 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 11:21 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 11:21 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 11:21 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 11:21 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 11:21 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:21 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:21 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 11:21 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 11:21 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 11:21 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 11:21 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 11:21 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 11:21 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 11:21 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 11:21 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 11:21 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 11:21 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 11:21 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 11:21 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 11:21 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 11:21 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 11:21 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 11:21 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 11:21 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 11:21 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 11:21 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 11:21 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 11:21 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 11:21 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 11:21 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 11:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 11:21 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 11:21 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 11:21 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 11:21 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 11:21 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 11:21 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 11:21 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 11:21 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 11:21 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 11:21 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 11:21 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 11:21 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 11:21 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 11:21 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 11:21 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 11:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 11:21 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 11:21 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 11:21 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 11:21 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 11:21 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 11:21 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 11:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 11:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 11:21 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 11:21 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 11:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 11:21 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 11:21 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 11:21 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 11:21 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 11:21 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 11:21 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 11:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 11:21 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 11:21 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 11:21 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 11:21 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 11:20 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 11:20 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 11:20 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 11:20 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 11:20 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 11:20 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 11:20 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 11:20 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 11:20 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 11:20 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 11:20 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 11:16 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 11:16 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 11:16 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 11:16 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 11:16 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:31 - 2015-05-13 09:32 - 00000000 ____D C:\Users\Marc\Desktop\Datenrettung
2015-05-11 20:30 - 2015-05-22 09:38 - 00000000 ____D C:\Users\Marc\Desktop\Haus Service MYK
2015-05-10 20:36 - 2015-05-10 20:46 - 00000000 ____D C:\Users\Marc\Desktop\Frau Westerhold

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 09:05 - 2013-02-21 18:00 - 01568042 _____ C:\Windows\WindowsUpdate.log
2015-06-07 09:02 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 09:02 - 2009-07-14 06:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 08:46 - 2013-02-21 19:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 20:33 - 2013-02-21 22:54 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2015-06-05 22:17 - 2014-07-24 19:00 - 00000000 ____D C:\Users\Marc\AppData\Local\FileViewPro
2015-06-05 22:13 - 2014-04-16 16:12 - 00000000 ___RD C:\Users\Marc\Dropbox
2015-06-05 22:13 - 2014-04-16 16:10 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Dropbox
2015-06-05 22:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-05 22:12 - 2009-07-14 06:51 - 00045443 _____ C:\Windows\setupact.log
2015-06-05 13:13 - 2013-02-21 18:23 - 00109680 _____ C:\Users\Marc\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-04 23:45 - 2009-07-14 06:45 - 00418760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-04 23:44 - 2015-03-26 08:38 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Samsung
2015-06-04 23:44 - 2015-03-26 08:37 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-04 23:43 - 2013-07-02 11:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2015-06-04 23:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-04 23:11 - 2013-02-21 19:17 - 00216802 _____ C:\Windows\PFRO.log
2015-06-04 22:47 - 2015-03-09 09:57 - 00000000 ____D C:\Users\Marc\Desktop\Recovery
2015-06-04 16:30 - 2009-07-14 19:58 - 00702942 _____ C:\Windows\system32\perfh007.dat
2015-06-04 16:30 - 2009-07-14 19:58 - 00150582 _____ C:\Windows\system32\perfc007.dat
2015-06-04 16:30 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 13:12 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-04 13:11 - 2013-02-21 18:01 - 00000000 ____D C:\Users\Marc
2015-06-04 13:08 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Ulead Systems
2015-06-04 13:08 - 2013-02-21 18:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-04 13:02 - 2013-11-14 13:18 - 00000593 _____ C:\Windows\ulead32.ini
2015-06-03 16:02 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-03 15:55 - 2013-02-21 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 15:55 - 2009-07-14 04:34 - 85983232 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 62390272 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\SYSTEM.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-03 15:55 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-03 15:37 - 2013-02-21 19:05 - 00000000 ____D C:\Windows\PCHEALTH
2015-06-03 10:21 - 2013-02-24 23:35 - 00000000 ____D C:\Users\Marc\AppData\Roaming\XPhone20
2015-06-02 22:09 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-02 22:09 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-02 22:09 - 2014-10-15 18:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-02 22:09 - 2014-01-23 20:55 - 00000000 ____D C:\Users\Administrator
2015-06-02 22:09 - 2013-10-24 19:14 - 00000000 ____D C:\Windows\pss
2015-06-02 22:09 - 2013-02-21 23:27 - 00000000 ____D C:\Users\Marc\AppData\Local\HP
2015-06-02 22:09 - 2013-02-21 22:54 - 00000000 ____D C:\ProgramData\Skype
2015-06-02 22:09 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-02 22:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-01 08:48 - 2013-09-23 11:13 - 00000000 ____D C:\Users\Marc\Documents\WISO Mein Geld
2015-05-22 08:49 - 2015-02-21 13:08 - 00000000 ____D C:\Users\Marc\Documents\Elterngeld
2015-05-14 13:40 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Marc\AppData\Local\Google
2015-05-14 13:27 - 2013-02-21 19:28 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Mozilla
2015-05-14 13:22 - 2013-02-21 18:19 - 00000000 ____D C:\ProgramData\AMD
2015-05-14 13:20 - 2013-02-21 18:13 - 00000000 ____D C:\Program Files\ATI Technologies
2015-05-14 04:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 03:32 - 2013-03-14 04:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:32 - 2013-03-14 04:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:30 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:10 - 2013-07-20 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:10 - 2013-02-21 19:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 03:05 - 2013-02-25 00:14 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:02 - 2013-03-14 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 09:38 - 2014-11-10 16:51 - 00000000 ____D C:\ProgramData\firebird
2015-05-11 20:24 - 2014-04-16 16:12 - 00001013 _____ C:\Users\Marc\Desktop\Dropbox.lnk
2015-05-11 20:24 - 2014-04-16 16:11 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2013-11-20 11:32 - 2013-11-20 11:32 - 0003584 _____ () C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-26 15:10 - 2015-05-26 15:10 - 0004096 ____H () C:\Users\Marc\AppData\Local\keyfile3.drm
2015-06-04 13:12 - 2015-06-04 13:12 - 0001385 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2014-02-24 17:38 - 2014-09-09 21:18 - 0007628 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2013-12-31 22:23 - 2014-01-02 10:56 - 0000285 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-11-10 16:50 - 2014-12-11 18:56 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Marc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8ljdoy.dll
C:\Users\Marc\AppData\Local\Temp\Quarantine.exe
C:\Users\Marc\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 12:32

==================== End of log ============================
         
Maßnamen nach nach FRST> Neustart> Avira Antivirus als admin installiert> Neustart> Avira startet nicht

Windows auf zweiter Partition gestartet Avira Installiert (öffnen eines browser Fensters mit fortschritt Anzeige der Installation usw. dies fehlte auf der kranken Partition)

Alt 08.06.2015, 04:56   #15
schrauber
/// the machine
/// TB-Ausbilder
 

unmöglich ein Virenprogramm zu installieren - Standard

unmöglich ein Virenprogramm zu installieren



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Marc\Downloads\Avira AntiVir Rescue System - CHIP-Installer.exe

C:\Users\Marc\Downloads\computerbild_downloader_fuer_pdfcreator.exe

C:\Users\Marc\Downloads\Snipping Tool Plus - CHIP-Installer.exe

E:\Users\Privat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FT3JY44\77ZipSetup[1].exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen



Windows Repair Tool laufen lassen:
Windows reparieren - so geht's - Anleitungen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu unmöglich ein Virenprogramm zu installieren
anti, arten, ausgeführt, benötige, brauche, combofix, datei, datein, dringend, gefangen, installiere, installieren, installiert, neu, programm, programme, schei, starte, starten, troja, trojaner, unmöglich, versucht, virenprogramm, virenprogramme



Ähnliche Themen: unmöglich ein Virenprogramm zu installieren


  1. l+f: Laien installieren Antiviren-Software, Experten installieren Updates
    Nachrichten - 24.07.2015 (0)
  2. Booten Unmöglich win7
    Alles rund um Windows - 14.02.2014 (8)
  3. Schreiben im Internet unmöglich
    Log-Analyse und Auswertung - 31.01.2014 (24)
  4. Virenprogramm lahmgelegt
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (28)
  5. Gutes Virenprogramm
    Antiviren-, Firewall- und andere Schutzprogramme - 16.05.2012 (19)
  6. Virenprogramm, neu installieren
    Alles rund um Windows - 04.12.2011 (1)
  7. Welches Virenprogramm?
    Antiviren-, Firewall- und andere Schutzprogramme - 02.08.2011 (2)
  8. Lahmgelegtes Virenprogramm
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (10)
  9. Viren Befall / Installieren unmöglich
    Plagegeister aller Art und deren Bekämpfung - 26.10.2008 (3)
  10. Unmöglich, Serial einzugeben
    Alles rund um Windows - 08.10.2008 (4)
  11. Virenprogramm weg und läßt sich nicht mehr installieren
    Antiviren-, Firewall- und andere Schutzprogramme - 18.09.2007 (3)
  12. Suche Virenprogramm
    Antiviren-, Firewall- und andere Schutzprogramme - 21.04.2007 (3)
  13. Aufstarten unmöglich
    Alles rund um Windows - 15.05.2006 (9)
  14. Deaktivieren der Systemwiederherstellung unmöglich
    Mülltonne - 23.08.2005 (3)
  15. Windowsupdate unmöglich
    Alles rund um Windows - 29.05.2005 (5)
  16. Nutzerdatenspeicherung bei ISP praktisch unmöglich
    Überwachung, Datenschutz und Spam - 04.12.2003 (0)

Zum Thema unmöglich ein Virenprogramm zu installieren - Hallo ich bin neu hier und brauche dringend Hilfe. Ich habe mir anscheinend einen Trojaner gefangen mit einer gefakten Post E-Mail. Ich habe versucht zwei Anti Virenprogramme zu installieren starten - unmöglich ein Virenprogramm zu installieren...
Archiv
Du betrachtest: unmöglich ein Virenprogramm zu installieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.