Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: DHL Virus / Malware eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.06.2015, 15:32   #1
k1m
 
DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



Hallo,

ich habe mir offensichtlich den DHL Virus eingefangen.

Im Eifer des Gefechts habe ich schon verschieden Virenscanner, Malwarescanner und Rootkit Scanner durchlaufen lassen. Darunter AVG, Kaspersky, Avira, Malwarebytes. Diese haben aber mE den DHL Virus nicht gefunden, sondern nur Werbeseuche, wie SweetIM usw.

Ich bin mir nicht sicher, ob der DHL Virus jetzt noch auf meinem System ist oder nicht. Hier die aktuellen Logfiles von FRST:

FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ADMIN (administrator) on SERVER on 08-06-2015 21:57:01
Running from C:\Users\ADMIN\Desktop
Loaded Profiles: ADMIN &  (Available Profiles: ADMIN & MICHA & EVIN & WARKO & SKIRDA & TANJA & OLGA & ANDREA & STEFFI & Herner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
( ) C:\Windows\System32\dldncoms.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Thinstuff s.r.o.) C:\Program Files\Thinstuff\XPVS Server\thinrdpsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Thinstuff) C:\Program Files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Quester) C:\Program Files (x86)\Quester\OLfolders\OLWServer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe
(Thinstuff s.r.o.) C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe [81496 2014-11-07] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\MountPoints2: {273da8fb-7a70-11e1-821d-002522189594} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\MountPoints2: {87b6b645-90c6-11e0-9194-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\MountPoints2: {b6b9b1d1-90ca-11e0-afb9-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {273da8fb-7a70-11e1-821d-002522189594} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {87b6b645-90c6-11e0-9194-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b6b9b1d1-90ca-11e0-afb9-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {273da8fb-7a70-11e1-821d-002522189594} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {87b6b645-90c6-11e0-9194-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b6b9b1d1-90ca-11e0-afb9-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {273da8fb-7a70-11e1-821d-002522189594} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {87b6b645-90c6-11e0-9194-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b6b9b1d1-90ca-11e0-afb9-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {273da8fb-7a70-11e1-821d-002522189594} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {87b6b645-90c6-11e0-9194-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b6b9b1d1-90ca-11e0-afb9-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {273da8fb-7a70-11e1-821d-002522189594} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {87b6b645-90c6-11e0-9194-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b6b9b1d1-90ca-11e0-afb9-002522189594} - G:\AutoRun.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1011-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1011-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1012-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-1412812446-529952867-3691015432-1012-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1013-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {c0cb2327-ff42-11de-affd-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-1412812446-529952867-3691015432-1014-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OLfolders Server.lnk [2010-09-11]
ShortcutTarget: OLfolders Server.lnk -> C:\Program Files (x86)\Quester\OLfolders\OLWServer.exe (Quester)
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thinstuff XPVS Server Administrator.lnk [2010-01-06]
ShortcutTarget: Thinstuff XPVS Server Administrator.lnk -> C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe (Thinstuff s.r.o.)
Startup: C:\Users\WARKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2011-08-02]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://brandstores.de/
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1412812446-529952867-3691015432-1012-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
URLSearchHook: HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File
URLSearchHook: HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={B4CC912F-BC06-4DD8-8940-51C8625A2777}&mid=32714c512f2bdec5c7a602962493263b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:16:33&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Tcpip\..\Interfaces\{CB6B4AC9-D2A3-430F-8D09-4D058E97D9CB}: [NameServer] 192.168.0.5

FireFox:
========
FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default
FF NewTab: https://safesearch.avira.com/#?source=newtab
FF Homepage: https://ebanking.bkb.ch/baslerkbClientCustomer/$xp2/UgBaKUl6AfJIiYZhpbJJF7J4lgC!_9oiEddCtzjb1ZccqrdJPRn7Evo5mQxZ_ewSN7hP8K3JGAwxPfcYzFeYAX!SqvNWr_SnAa5GCpQWx7T6kT9f1Cir4m177Efdwz2XV7PbGbr_UL7RZstvfVro3dSF7S4=$/p/p/p/p/p/p|https://www.commerzbanking.de/P-Portal9/XML/ifilportal/pgf.html?Tab=811|hxxp://www.brandstores-gloster.de|https://www.google.com/analytics/web/#home/a39991606w69044338p71106497/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-1412812446-529952867-3691015432-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\ADMIN\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF user.js: detected! => C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\user.js [2013-06-26]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-06-11] (Apple Inc.)
FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\searchplugins\avira-safesearch.xml [2015-06-07]
FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\searchplugins\BrowserDefender.xml [2013-06-26]
FF Extension: Avira Browser Safety - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\Extensions\abs@avira.com [2015-06-07]
FF Extension: Avira SafeSearch Plus - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\Extensions\safesearchplus@avira.com [2015-06-07]
FF Extension: Adblock Plus - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-08]
FF HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\WARKO\AppData\Roaming\Mozilla\Firefox\Profiles\1a3dr9nm.default\extensions\cliqz@cliqz.com
FF HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1412812446-529952867-3691015432-1011-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-1412812446-529952867-3691015432-1013-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-01-06] (DATA BECKER GmbH & Co KG) [File not signed]
R2 dldn_device; C:\Windows\system32\dldncoms.exe [1044648 2009-07-10] ( )
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2013-04-25] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 ThinRDPHlp; C:\Program Files\Thinstuff\XPVS Server\thinrdphlp.exe [65536 2014-11-12] (Thinstuff s.r.o.) [File not signed]
R2 ThinRDPSrv; C:\Program Files\Thinstuff\XPVS Server\thinrdpsrv.exe [975512 2014-11-12] (Thinstuff s.r.o.)
R3 TSXUsbSrv; C:\Program Files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe [587264 2010-04-06] (Thinstuff) [File not signed]
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-12-02] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-06-07] (Emsisoft GmbH)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-08] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 THINRDP; C:\Windows\System32\Drivers\ThinRDP.sys [26776 2014-11-12] (Thinstuff s.r.o.)
R2 tsxpnptls; C:\Windows\System32\drivers\tsxpnptls.sys [49560 2014-11-12] (Thinstuff)
S3 tsxusbd; C:\Windows\System32\drivers\tsxusbd.sys [27672 2014-11-12] (Thinstuff)
R3 tsxusbdbus; C:\Windows\System32\DRIVERS\tsxusbdbus.sys [58008 2014-11-12] (Thinstuff)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2010-03-27] (Microsoft Corporation)
S3 cpuz132; \??\C:\Users\ADMIN\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 21:53 - 2015-06-08 21:56 - 00000000 __SDC C:\ComboFix
2015-06-08 21:53 - 2015-06-08 21:53 - 00000000 ___DC C:\Qoobox
2015-06-08 21:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 21:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 21:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 21:52 - 2015-06-08 21:52 - 00000000 ____D C:\Windows\erdnt
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ___DC C:\Users\ADMIN\Desktop\mbar
2015-06-08 21:34 - 2015-06-08 21:34 - 16502728 ____C (Malwarebytes Corp.) C:\Users\ADMIN\Desktop\mbar-1.09.1.1004.exe
2015-06-08 21:25 - 2015-06-08 21:57 - 00037393 ____C C:\Users\ADMIN\Desktop\FRST.txt
2015-06-08 21:25 - 2015-06-08 21:26 - 00070024 ____C C:\Users\ADMIN\Desktop\Addition.txt
2015-06-08 21:24 - 2015-06-08 21:57 - 00000000 ___DC C:\FRST
2015-06-08 21:24 - 2015-06-08 21:24 - 02108928 ____C (Farbar) C:\Users\ADMIN\Desktop\FRST64.exe
2015-06-08 21:17 - 2015-06-08 21:18 - 05628238 ___RC (Swearware) C:\Users\ADMIN\Desktop\ComboFix.exe
2015-06-08 20:34 - 2015-06-08 21:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-08 20:34 - 2015-06-08 20:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 20:34 - 2015-06-08 20:34 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 20:34 - 2015-06-08 20:34 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-06-08 20:34 - 2015-06-08 20:34 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-08 20:34 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 20:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 18:39 - 2015-06-08 18:39 - 00002031 ____C C:\Users\ADMIN\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-06-08 18:39 - 2015-06-08 18:39 - 00001975 ____C C:\Users\ADMIN\Desktop\Avira EU-Cleaner.lnk
2015-06-08 18:38 - 2015-06-08 18:38 - 02209056 ____C C:\Program Files\avira-eu-cleaner_de.exe
2015-06-08 14:08 - 2015-06-08 14:08 - 00001135 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-08 14:07 - 2015-06-08 14:07 - 00003320 _____ C:\Windows\System32\Tasks\AviraSpeedup
2015-06-08 14:05 - 2015-06-08 21:43 - 00000112 _____ C:\Windows\setupact.log
2015-06-08 14:05 - 2015-06-08 14:05 - 00000000 _____ C:\Windows\setuperr.log
2015-06-08 14:04 - 2015-06-08 21:42 - 00078738 _____ C:\Windows\PFRO.log
2015-06-08 13:43 - 2015-06-08 13:43 - 04683232 ____C (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_issu_3007592595_kp9g9gv8vh7da77kof1i_wd.exe
2015-06-08 08:43 - 2015-06-08 08:43 - 00000000 ____D C:\Users\MICHA\AppData\Roaming\Avira
2015-06-08 08:38 - 2015-06-08 08:38 - 00000000 ___DC C:\Users\MICHA\AppData\Local\AviraSpeedup
2015-06-08 08:24 - 2015-06-08 08:24 - 00000000 ____D C:\Users\TANJA\AppData\Roaming\Avira
2015-06-08 08:19 - 2015-06-08 08:19 - 00000000 ____D C:\Users\TANJA\AppData\Local\AviraSpeedup
2015-06-08 08:03 - 2015-06-08 08:03 - 00000000 ___DC C:\Users\ANDREA\AppData\Roaming\Avira
2015-06-08 07:58 - 2015-06-08 07:58 - 00000000 ___DC C:\Users\ANDREA\AppData\Local\AviraSpeedup
2015-06-07 19:02 - 2015-06-07 19:02 - 00000749 ____C C:\Users\ADMIN\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-07 19:01 - 2015-06-07 19:59 - 00000000 ___DC C:\EEK
2015-06-07 18:58 - 2015-06-07 19:00 - 157093432 ____C C:\Program Files (x86)\EmsisoftEmergencyKit.exe
2015-06-07 18:55 - 2015-06-07 19:58 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\AviraSpeedup
2015-06-07 15:58 - 2015-06-08 14:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-06-07 15:58 - 2015-06-08 08:38 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-07 15:57 - 2015-06-07 15:57 - 00000000 ___DC C:\Users\ADMIN\AppData\Roaming\Avira
2015-06-07 15:55 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-07 15:55 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-07 15:55 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-06-07 15:55 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-07 15:51 - 2015-06-08 13:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-07 15:51 - 2015-06-07 15:58 - 00000000 ___DC C:\Program Files (x86)\Avira
2015-06-07 15:51 - 2015-06-07 15:55 - 00000000 ___DC C:\ProgramData\Avira
2015-06-07 15:51 - 2015-06-07 15:51 - 00001198 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-07 15:50 - 2015-06-07 15:50 - 04683232 ____C (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\avira_de_av_55744c03921e7__ws.exe
2015-06-07 15:50 - 2015-06-07 15:50 - 00000000 ___DC C:\ProgramData\Package Cache
2015-06-05 16:47 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 16:47 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 16:47 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 10:18 - 2015-06-05 11:17 - 00003546 _____ C:\Windows\System32\Tasks\Adobe Flash Player {5064EE77-0M61-4F38-V100-96E2C039847L}
2015-06-05 07:58 - 2015-06-05 07:58 - 00000000 ____D C:\Users\TANJA\AppData\Local\GWX
2015-06-04 08:01 - 2015-06-04 08:01 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\GWX
2015-06-04 06:50 - 2015-06-04 07:47 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-06-03 15:48 - 2015-06-03 16:47 - 00003542 _____ C:\Windows\System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L}
2015-06-03 07:49 - 2015-06-03 07:49 - 00000000 ___DC C:\Users\MICHA\AppData\Local\GWX
2015-06-03 07:20 - 2015-06-03 07:20 - 00010938 _____ C:\Users\ADMIN\Desktop\Rüdiger Mayer.xlsx
2015-06-02 09:51 - 2015-06-02 09:51 - 00000000 ___DC C:\Users\EVIN\AppData\Local\GWX
2015-06-02 08:05 - 2015-06-02 08:05 - 00000000 ___DC C:\Users\OLGA\AppData\Local\GWX
2015-06-02 07:51 - 2015-06-02 07:51 - 00000000 ____D C:\Users\WARKO\AppData\Local\GWX
2015-06-02 07:46 - 2015-06-02 07:46 - 00000000 ___DC C:\Users\ANDREA\AppData\Local\GWX
2015-05-14 03:02 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:02 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:14 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:14 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:14 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 06:14 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 06:14 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 06:14 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 06:14 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 06:14 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 06:14 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 06:14 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 06:14 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 06:14 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 06:14 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 06:14 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 06:14 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 06:14 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 06:14 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 06:14 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 06:14 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 06:14 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 06:14 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 06:14 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 06:14 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 06:14 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 06:14 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 06:14 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 06:14 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 06:14 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 06:14 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 06:14 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 06:14 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 06:14 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 06:14 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 06:14 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 06:14 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 06:14 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 06:14 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 06:14 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 06:14 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 06:14 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 06:14 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 06:14 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 06:14 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 06:14 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 06:14 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 06:14 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 06:14 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 06:14 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 06:14 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 06:14 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 06:14 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 06:14 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 06:14 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 06:14 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 06:14 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 06:14 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 06:14 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 06:14 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 06:14 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 06:14 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 06:14 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 06:14 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:14 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:14 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:14 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:13 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:13 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:13 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:13 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:13 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:13 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:13 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:13 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:13 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:13 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:13 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:13 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:13 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:13 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:13 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:13 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:13 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:13 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:13 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:13 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:13 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:13 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:13 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:13 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:13 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:13 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:13 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:13 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:13 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:13 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:13 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:13 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:13 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:13 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:13 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:13 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:13 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:13 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:13 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 06:12 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:12 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:12 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:12 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 06:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:12 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 10:34 - 2015-05-12 10:36 - 00000000 ___DC C:\projekte
2015-05-11 12:59 - 2015-05-11 12:59 - 00000000 ____D C:\Users\MICHA\AppData\Roaming\TeamViewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 21:57 - 2012-08-31 05:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 21:52 - 2009-07-14 06:45 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:52 - 2009-07-14 06:45 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:51 - 2012-08-31 13:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 21:50 - 2010-12-19 17:55 - 01055645 _____ C:\Windows\WindowsUpdate.log
2015-06-08 21:50 - 2009-07-14 19:58 - 00704634 _____ C:\Windows\system32\perfh007.dat
2015-06-08 21:50 - 2009-07-14 19:58 - 00151332 _____ C:\Windows\system32\perfc007.dat
2015-06-08 21:50 - 2009-07-14 07:13 - 01629346 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 21:46 - 2010-11-12 08:58 - 00000000 ___DC C:\ProgramData\MFAData
2015-06-08 21:43 - 2012-08-31 13:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 21:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 21:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-08 20:48 - 2015-01-22 08:42 - 04197016 ____C (Kaspersky Lab ZAO) C:\Users\ADMIN\Desktop\TDSSKiller.exe
2015-06-08 20:02 - 2012-01-13 16:33 - 00000000 ___DC C:\ProgramData\SFirm
2015-06-08 18:33 - 2012-01-13 16:33 - 00000000 ___DC C:\Program Files (x86)\SFirm
2015-06-08 16:55 - 2013-03-25 09:34 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{761DD680-4A8C-4B5B-88B2-62301D74769F}
2015-06-08 12:47 - 2010-12-06 00:57 - 00001456 ____C C:\Users\MICHA\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-08 08:56 - 2010-01-05 18:50 - 00000000 ___DC C:\ProgramData\Lexware
2015-06-08 08:38 - 2010-01-06 12:18 - 00129312 ____C C:\Users\MICHA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 08:19 - 2011-08-27 12:16 - 00129312 _____ C:\Users\TANJA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 08:19 - 2011-08-27 12:16 - 00000000 ____D C:\Users\TANJA\AppData\Local\Adobe
2015-06-08 07:58 - 2014-09-20 15:28 - 00000000 ___DC C:\Users\ANDREA\AppData\Local\Adobe
2015-06-08 02:00 - 2010-01-05 18:48 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\Adobe
2015-06-07 19:42 - 2012-03-27 06:54 - 00000000 ___DC C:\Users\ADMIN\AppData\Roaming\TeamViewer
2015-06-07 19:42 - 2010-02-27 13:46 - 00000000 ___DC C:\Users\ADMIN\AppData\Roaming\skypePM
2015-06-07 18:56 - 2014-09-20 16:07 - 00129312 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-06-07 18:56 - 2014-09-20 13:59 - 00129312 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-06-07 18:55 - 2010-01-05 18:06 - 00008224 ____C C:\Users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-07 16:01 - 2009-07-14 06:45 - 05174184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-07 15:25 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-07 15:25 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 13:28 - 2010-08-20 12:52 - 00000000 ____D C:\Users\MICHA\AppData\Roaming\SuperMailer
2015-06-05 11:24 - 2014-10-09 11:07 - 00001456 ____C C:\Users\OLGA\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-05 08:19 - 2015-01-21 09:36 - 00001456 ____C C:\Users\ANDREA\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-05 08:00 - 2014-09-20 13:59 - 00000000 ___DC C:\Users\OLGA\AppData\Local\Adobe
2015-06-04 08:00 - 2012-04-26 18:23 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 14:22 - 2015-03-09 09:55 - 00000000 ___DC C:\Users\MICHA\AppData\Local\Avg2013
2015-06-03 07:37 - 2010-08-27 08:53 - 00000000 ____D C:\Users\WARKO\AppData\Local\Adobe
2015-06-02 12:05 - 2011-02-25 09:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68BDC679-60F8-46A8-925A-9D79283136F2}
2015-06-02 02:00 - 2010-01-27 09:22 - 00000000 ___DC C:\Users\MICHA\AppData\Local\Adobe
2015-05-29 08:15 - 2010-08-20 07:28 - 00000000 ___DC C:\Program Files (x86)\SuperMailer
2015-05-27 08:01 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-22 07:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-20 07:43 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 07:43 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-16 09:46 - 2012-08-31 13:19 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 09:46 - 2012-08-31 13:19 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 04:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 03:36 - 2013-03-14 04:01 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-05-14 03:36 - 2013-03-14 04:01 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:32 - 2009-07-14 20:18 - 00000000 ___DC C:\Program Files\Windows Journal
2015-05-14 03:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:14 - 2011-06-07 11:08 - 00001912 _____ C:\Windows\epplauncher.mif
2015-05-14 03:14 - 2011-06-07 11:07 - 00002123 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 03:13 - 2011-06-07 11:07 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2015-05-14 03:13 - 2011-06-07 11:06 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2015-05-14 03:12 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:06 - 2010-01-05 18:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:05 - 2010-01-12 14:01 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-05-14 03:02 - 2013-03-14 04:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 12:41 - 2014-03-19 11:19 - 00000000 ____D C:\Users\MICHA\AppData\Roaming\FileZilla

==================== Files in the root of some directories =======

2015-06-08 18:38 - 2015-06-08 18:38 - 2209056 ____C () C:\Program Files\avira-eu-cleaner_de.exe
2015-06-08 13:43 - 2015-06-08 13:43 - 4683232 ____C (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_issu_3007592595_kp9g9gv8vh7da77kof1i_wd.exe
2015-06-07 15:50 - 2015-06-07 15:50 - 4683232 ____C (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\avira_de_av_55744c03921e7__ws.exe
2010-02-12 12:59 - 2011-02-07 17:52 - 0105182 _RSHC () C:\Program Files (x86)\DLS8Uninstall.log
2015-06-07 18:58 - 2015-06-07 19:00 - 157093432 ____C () C:\Program Files (x86)\EmsisoftEmergencyKit.exe
2011-11-24 16:16 - 2011-07-14 11:31 - 1456640 ____C () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
2010-12-09 14:38 - 2011-11-03 11:33 - 0000132 ____C () C:\Users\ADMIN\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-12-16 16:13 - 2013-04-30 08:19 - 0000132 ____C () C:\Users\ADMIN\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-02-08 12:55 - 2015-03-12 09:30 - 0000132 ____C () C:\Users\ADMIN\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-02-04 14:23 - 2015-04-04 23:22 - 0001456 ____C () C:\Users\ADMIN\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2010-01-05 20:34 - 2011-01-09 16:57 - 0007599 ____C () C:\Users\ADMIN\AppData\Local\Resmon.ResmonCfg
2011-06-06 20:50 - 2011-06-06 20:51 - 0000222 ____C () C:\ProgramData\dldn.log
2010-10-12 12:28 - 2010-10-12 12:28 - 0000229 ____C () C:\ProgramData\dldnDiagnostics.log
2011-03-25 13:02 - 2011-03-25 13:02 - 0734360 ____C () C:\ProgramData\SPL699C.tmp
2010-10-12 12:27 - 2010-10-12 12:27 - 0000000 ____C () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\ADMIN\AppData\Local\Temp\avgnt.exe
C:\Users\ANDREA\AppData\Local\Temp\avgnt.exe
C:\Users\MICHA\AppData\Local\Temp\avgnt.exe
C:\Users\TANJA\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:16

==================== End of log ============================
         

Ich werde daraus nicht schlau. Wie gehe ich weiter vor?

Vielen Danke schonmal - ein Klasse Forum.

Alt 09.06.2015, 15:38   #2
k1m
 
DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



Addition.txt
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ADMIN at 2015-06-08 21:25:47
Running from C:\Users\ADMIN\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-1412812446-529952867-3691015432-1000 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-1412812446-529952867-3691015432-500 - Administrator - Disabled)
ANDREA (S-1-5-21-1412812446-529952867-3691015432-1012 - Administrator - Enabled) => C:\Users\ANDREA
EVIN (S-1-5-21-1412812446-529952867-3691015432-1006 - Limited - Enabled) => C:\Users\EVIN
Gast (S-1-5-21-1412812446-529952867-3691015432-501 - Limited - Disabled)
Herner (S-1-5-21-1412812446-529952867-3691015432-1014 - Administrator - Enabled) => C:\Users\Herner
MICHA (S-1-5-21-1412812446-529952867-3691015432-1003 - Administrator - Enabled) => C:\Users\MICHA
OLGA (S-1-5-21-1412812446-529952867-3691015432-1011 - Administrator - Enabled) => C:\Users\OLGA
SKIRDA (S-1-5-21-1412812446-529952867-3691015432-1009 - Administrator - Enabled) => C:\Users\SKIRDA
STEFFI (S-1-5-21-1412812446-529952867-3691015432-1013 - Administrator - Enabled) => C:\Users\STEFFI
TANJA (S-1-5-21-1412812446-529952867-3691015432-1010 - Administrator - Enabled) => C:\Users\TANJA
VPN-ADMIN (S-1-5-21-1412812446-529952867-3691015432-1005 - Limited - Enabled)
WARKO (S-1-5-21-1412812446-529952867-3691015432-1008 - Administrator - Enabled) => C:\Users\WARKO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
ActiveMap35Redist (x32 Version: 3.5.0.26 - LUTUM+TAPPERT DV-Beratung GmbH) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AllDup 3.1.0 (HKLM-x32\...\AllDup_is1) (Version: 3.1.0 - Michael Thummerer Software Design)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{C4EFBB40-F101-F220-3A00-73FDF75C3519}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
AVG (HKLM\...\AVG) (Version: 3491 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4311 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.7.1146 - Avira Operations GmbH & Co. KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
Brother BRAdmin Light 1.26.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.26.0001 - Brother)
ccc-core-static (x32 Version: 2011.0104.2155.39304 - Ihr Firmenname) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.9.13 - REINER SCT)
DATA BECKER affiliate to date Starter Pack (HKLM-x32\...\affiliate to date Starter Pack_is1) (Version: 1.0.0.0 - DATA BECKER GmbH & Co. KG)
DATA BECKER Plugin Floating Button (HKLM-x32\...\Plugin Floating Button_is1) (Version:  - )
DATA BECKER Plugin Textomat für web & shop to date (HKLM-x32\...\Plugin Textomat für web & shop to date_is1) (Version: 8.10.0.0 - DATA BECKER GmbH & Co. KG)
DATA BECKER shop to date 8s pro MultiUser (HKLM-x32\...\shop to date 8s pro MultiUser_is1) (Version: 8.0.0.2534 - DATA BECKER GmbH & Co. KG)
Defraggler (HKLM\...\Defraggler) (Version: 1.21 - Piriform)
DesignationCardManager (HKLM-x32\...\InstallShield_{63EA6F89-4198-4CE8-8866-06EB5FA181E4}) (Version: 6.0 - Ericsson)
DesignationCardManager (x32 Version: 6.0 - Ericsson) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1412812446-529952867-3691015432-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
Explorer Lx Vollversion (HKLM-x32\...\{DD831C73-8874-417F-BB37-08FA4906D51C}) (Version: 3.1.8 - ibeq)
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1006\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1008\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1009\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.3.5.1 (HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.3.5.1 - )
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iPrix (HKLM-x32\...\iPrix) (Version:  - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lexware Elster (HKLM-x32\...\{9758F2B1-F918-4FC6-97F8-640C10B65E8F}) (Version: 13.10.00.0021 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office pro 2010 (Client) (x32 Version: 10.00.00.0090 - Lexware) Hidden
Lexware financial office pro 2013 (HKLM-x32\...\{AC02D346-23C7-4238-8A22-9959D44A477E}) (Version: 13.57.00.0363 - Haufe-Lexware GmbH Co.KG)
Lexware financial office pro 2013 (x32 Version: 13.50.00.0293 - ) Hidden
Lexware financial office pro Aktualisierung Februar 2010, Version 10.20 (x32 Version: 10.20.00.0024 - Lexware) Hidden
Lexware financial office pro Aktualisierung Januar 2010, Version 10.10 (x32 Version: 10.10.00.0038 - Lexware) Hidden
Lexware financial office pro Aktualisierung März 2010, Version 10.30 (x32 Version: 10.30.00.0054 - Lexware) Hidden
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{EC5E4E97-4DC8-4B8E-9C5F-3A123822A65A}) (Version: 2.50.00.0045 - Haufe-Lexware GmbH Co.KG)
Lexware online banking (HKLM-x32\...\{607D1882-6E4E-4861-BAA3-16B12FA21C73}) (Version: 20.00.00.0059 - Haufe-Lexware GmbH Co.KG)
Lexware professional Datenbank 2013 (HKLM-x32\...\{61BB2E82-9107-4DE4-84F5-A9CBDDCA6474}) (Version: 13.75.00.0090 - Haufe-Lexware GmbH Co.KG)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MFP and Storage Server (HKLM-x32\...\InstallShield_{2A8480D6-5D3E-4B22-A405-B3D8896D2C57}) (Version:  - )
MFP and Storage Server (HKLM-x32\...\InstallShield_{5B13ECF5-5B59-45B7-83A4-BC27F33F39BA}) (Version: 0.09.1006.0040 - Ihr Firmenname)
MFP and Storage Server (HKLM-x32\...\InstallShield_{E3E66012-7002-41E8-9DE5-972B0F5DF252}) (Version:  - )
MFP and Storage Server (Version: 0.09.1006.0040 - Ihr Firmenname) Hidden
MFP and Storage Server (Version: 09.1006.3018 - Ihr Firmenname) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 SP1 (HKLM\...\{AD483998-2E9A-4405-83FF-6E503AF49CBB}) (Version: 6.0.192.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR ProSafe Firewall Router (HKLM-x32\...\NETGEAR ProSafe Firewall Router) (Version:  - )
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
OLFax 1.7.1 (HKLM-x32\...\OLFax_is1) (Version:  - Quester)
OLfolders Pro 3.2.0 (HKLM-x32\...\OLfoldersPro_is1) (Version:  - Quester)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1006\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1008\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1009\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RENESIS® Player Browser Plugins (HKLM-x32\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Servicepack Datumsaktualisierung (HKLM-x32\...\{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}) (Version: 1.00.00.0005 - Haufe-Lexware)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SFirm (HKLM-x32\...\{0A792FE7-9E46-4474-9978-6C0A912FAFBF}) (Version: 3.42.11.300.0 - Star Finanz GmbH)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.12.250.1 - Star Finanz GmbH)
Shop to Date Umrechner 6 (HKLM-x32\...\{7046F5CF-477B-438A-9399-01A23B89CDAC}) (Version: 6.0.0 - Jürgen Siegmann)
SIQUANDO Shop (HKLM-x32\...\{42E662EA-1A85-4969-A131-849F05095F16}_is1) (Version: 8.0.0.2699 - SIQUANDO GmbH & Co. KG)
SpeedCommander 13 (HKLM-x32\...\SpeedCommander 13) (Version: 13.40.6300 - SWE Sven Ritter)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
SuperMailer 4.90 (HKLM-x32\...\SuperMailer) (Version:  - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Thinstuff XP/VS Terminal Server 1.0.720 (HKLM\...\{78755DDE-6C75-484A-85CD-271BF5A32D80}) (Version: 1.0.720 - Thinstuff s.r.o)
TreeSize Free V2.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.4 - JAM Software)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1006\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1008\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1009\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
UPS Thermal Printer Plugin - Version 8.10 (HKLM-x32\...\{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zip Opener Packages 43 (HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\Zip Opener Packages 43) (Version:  - ) <==== ATTENTION
Zip Opener Packages 43 (HKU\S-1-5-21-1412812446-529952867-3691015432-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Zip Opener Packages 43) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1412812446-529952867-3691015432-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-06-2015 22:13:14 Geplanter Prüfpunkt
08-06-2015 14:07:48 Avira System Speedup 1.6.7

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2011-03-08 11:11 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08342729-4409-4203-AA2D-1E03EA0A143C} - System32\Tasks\{D52DC1C3-2A87-4D43-AF1C-8D74FD6374D6} => E:\99-PC-TREIBER\FWG114P Print Server Driver\Setup.exe [2010-01-08] (InstallShield Software Corporation)
Task: {117A529D-A32E-4243-974F-4D72B72C3C02} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {187DA223-3D7C-4FBD-8C13-8569C31082E8} - System32\Tasks\{57BC154F-4484-4499-8EC1-89AB03925765} => pcalua.exe -a C:\Users\ADMIN\Desktop\DLS8Setup.8.3.0.1242.exe -d C:\Users\ADMIN\Desktop
Task: {1BBED273-879C-43B7-AF46-8802D0DCAE15} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-OLGA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {1C35C81A-F9C5-44FC-AF21-BBF13FC213D3} - System32\Tasks\{462490C9-BAF9-4EB9-97FE-AECEE6B0CA88} => E:\99-PC-TREIBER\FWG114P Print Server Driver\Setup.exe [2010-01-08] (InstallShield Software Corporation)
Task: {20F06356-DCC0-48CE-B93C-07AAC466CFC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {327D481E-B372-4AE5-AD5B-1CE961F44A13} - System32\Tasks\Java => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {32805A84-5422-4F6D-8FD7-56129FFDB0E1} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-TANJA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {3669906B-F7DC-49CC-818D-15A8034EA58A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {38677F7B-5395-4C0B-AF61-84D4F07AF5E0} - System32\Tasks\{7B823130-544B-45F8-9FEE-F6B857AAF917} => E:\99-PC-TREIBER\FWG114P Print Server Driver\Setup.exe [2010-01-08] (InstallShield Software Corporation)
Task: {4154FB95-A91C-4933-9962-4D69F38D263A} - System32\Tasks\{13CD189C-6477-45C6-B672-DF44BC85E40B} => pcalua.exe -a C:\Users\ADMIN\AppData\Local\Temp\Temp1_S2DUmrechner.zip\S2DUmrechner\setup.exe
Task: {41625B6B-9422-4423-808C-0CF887407DA1} - System32\Tasks\Adobe Flash Player {5064EE77-0M61-4F38-V100-96E2C039847L} => C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe_User_Feed_Synchronization-{5064EE77-0M61-4F38-V100-96E2C039847L}.exe
Task: {46ED37A1-D6DB-4A9B-AE2F-9A8F24285EB5} - System32\Tasks\{3A1C58E1-150C-4C79-BE5F-F737BD0790FF} => pcalua.exe -a F:\.\windows\setup.exe -d F:\ -c .\windows
Task: {49AFE552-416F-4709-B938-5B03D4BD2937} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {4CF1D875-644B-438D-B0E5-C94234C734E9} - System32\Tasks\{AC77CE25-DB32-4ED3-A263-C121CBAD6704} => pcalua.exe -a "C:\Program Files (x86)\DYMO\DYMO Label Software\Uninstall DYMO Label.exe"
Task: {51D57FBA-57F9-43FC-8E03-B9A60DB56A39} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-WARKO => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {593F15E2-7897-486E-AB45-D16026053803} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {5F94810A-56FA-4F94-B8FF-B889BFEB9AFC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {5F9893C8-0361-421E-8B8C-09179E926768} - System32\Tasks\{96859108-C409-43BF-A458-CACA45D3B685} => C:\UPS DRIVERS\Setup.exe
Task: {605828E4-13B1-41E3-9DB0-06064ABAE8B1} - System32\Tasks\{95AF7C53-6B8E-4969-92C7-3BA65BB1E37C} => C:\UPS DRIVERS\Setup.exe
Task: {61F623E8-38AE-49FC-A5E9-9620998FCE10} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software)
Task: {64F7897A-5CFE-4E67-A306-1959BAEFB238} - System32\Tasks\{3D0ABFBA-B693-405D-8ED9-EE0F0088BA22} => pcalua.exe -a "E:\98-DIV INSTALL\FRITZ\FRITZ!_UP_030704.exe" -d "E:\98-DIV INSTALL\FRITZ"
Task: {777F33C8-CA61-403F-A7E9-1DC22894C03B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {77AF4C9D-951A-4E94-97B3-1B721D53FCF0} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-ANDREA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {7C74344F-EC49-46C5-9355-2F352153B83D} - System32\Tasks\{07837032-7EEE-490A-9D47-85750EECB43A} => C:\Users\ADMIN\Desktop\DLS8Setup.8.3.0.1242(2).exe
Task: {823D64FB-3353-4AFC-8081-B7C18089194A} - System32\Tasks\{A8546269-6C0B-4C0E-94BD-3C8C89487FB5} => pcalua.exe -a C:\Users\ADMIN\Downloads\lj631ge.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {824D3721-24FD-4ACB-8754-F922FC3DB046} - System32\Tasks\QtraxPlayer => 1525410339.portal.qtrax.com
Task: {83D1B206-3A53-4233-B246-F401758460FA} - System32\Tasks\{E4DAEE46-0766-418F-A21C-5BB8683C2EC7} => pcalua.exe -a F:\Windows\Setup.exe -d F:\ -c .\windows
Task: {8E0594FB-C011-47C9-81CF-11EA62E2942C} - System32\Tasks\{6C13898C-7859-4F92-83F1-A739BBB08FDE} => pcalua.exe -a C:\Users\WARKO\Downloads\Silverlight5_Tools.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {8E0CDEF3-5E5D-41AD-B1E6-2C19F7FF37C1} - System32\Tasks\{351DD2F7-FEDC-4D37-9FA6-D7E0A21954B9} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {8EB739C7-0926-4B7D-A13E-D760CEE16C53} - System32\Tasks\{DC9DC1FE-E49C-4B00-8795-998339D6A935} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {9529C6A2-D597-4155-B903-0A885E8C1A60} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {98DAD234-1F65-4643-8EBA-114B40CF337E} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-Herner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {AD77233A-57B1-48DD-9878-3149D62C9364} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {B22E9C1D-5D28-4A94-AA1E-53D1B03E9241} - System32\Tasks\{8EE60BEA-B0C0-4D2F-AF8B-C1ED94FE2B08} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{2A8480D6-5D3E-4B22-A405-B3D8896D2C57}\setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {BFEE0EAA-ECB1-424C-AF81-B43FB3303BB4} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-ADMIN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C13648F2-60A2-4C54-8E0B-71D0FBBF5BA7} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-06-02] (Avira Operations GmbH & Co. KG)
Task: {C15996B8-8C2A-4C4B-A6CA-2E0BEE9F650C} - System32\Tasks\{AD9781A5-B164-4334-92DE-51C1AE018F25} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {C4D4488E-EC80-448B-B7A3-8AF6DBE8EB3D} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-DIDI => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {D045BE8F-CD4E-43CB-B939-A3FD43C7BC93} - System32\Tasks\{F3618286-3889-476D-BD7C-3FAEDE561C9C} => pcalua.exe -a C:\Users\SKIRDA\Downloads\jxpiinstall(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {D45CBBBA-5194-45F2-A43E-01C07A6EDB8F} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-MICHA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {D4B973AB-0005-42E6-93DC-8D3D6AF979F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {DBDD39AB-81DA-4F35-95D8-247F7D0B220B} - System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L} => C:\Windows\system32\config\systemprofile\AppData\Local\Adobe_User_Feed_Synchronization-{7764EE77-0M61-4F38-V100-96E2C039847L}.exe
Task: {E8880ECF-5C48-4F37-9C9D-23DF53EDC2C5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F35237EB-BCBE-4E9A-98B1-71D205E32EC0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {F49295C1-4A9E-460F-8AFB-CADF21D99407} - System32\Tasks\Update Manager => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: {FC81E18E-60CE-400A-AB92-754E08FC1E99} - System32\Tasks\AdobeAAMUpdater-1.0-SERVER-SKIRDA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {FEB32F95-D5CD-4161-8497-E9636C4A0D8F} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FF22B818-3927-4E9E-A6DC-A412234A4FF3} - System32\Tasks\{A9E0AD14-5199-404F-BA71-433F357510D5} => C:\UPS DRIVERS\Setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-10-07 15:10 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2010-10-07 15:10 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2011-10-22 12:41 - 2009-07-02 12:43 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldndrpp.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 ____C () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-13 16:59 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1412812446-529952867-3691015432-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1412812446-529952867-3691015432-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\MICHA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\MICHA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\EVIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\EVIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\WARKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\WARKO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\SKIRDA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\SKIRDA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\TANJA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\TANJA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1011-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\OLGA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\OLGA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1012-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ANDREA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ANDREA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1013-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\STEFFI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1013-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\STEFFI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1014-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Herner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1412812446-529952867-3691015432-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Herner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.5

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^Users^ADMIN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Social Marketing Booster => "C:\Program Files (x86)\DATA BECKER\Social Marketing Booster\SocialMarketingBooster.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0348196E-B759-4B6B-8093-F7CB05E395BF}] => (Allow) C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe
FirewallRules: [{76F54C4B-02D6-4838-9D26-AB789700FEDE}] => (Allow) C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe
FirewallRules: [{61FC6A4F-F718-4A19-9CF1-0D6081AEFD7F}] => (Allow) C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe
FirewallRules: [{6E999867-DCCC-40E5-97CC-9908A120771A}] => (Allow) C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe
FirewallRules: [{4BAADA27-3484-48C4-AED1-F7DD045A158F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2BFE3EF-939B-4504-A812-7A2717C26295}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5171DBB8-5AE8-4011-B5A9-222319866CB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AA7E00E-6607-422E-B235-9E2169576957}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F9EE12DA-9A0D-444E-BD01-64B46031577E}C:\program files (x86)\quester\olfolders\olwserver.exe] => (Allow) C:\program files (x86)\quester\olfolders\olwserver.exe
FirewallRules: [UDP Query User{892EAA00-ABF7-46E3-A7F5-4BC0EE142B6D}C:\program files (x86)\quester\olfolders\olwserver.exe] => (Allow) C:\program files (x86)\quester\olfolders\olwserver.exe
FirewallRules: [TCP Query User{D6904D6C-ED34-40C4-B82E-A899437A3335}C:\program files (x86)\quester\olfax\mailtofax.exe] => (Allow) C:\program files (x86)\quester\olfax\mailtofax.exe
FirewallRules: [UDP Query User{D4F64B4D-5A23-4E49-934F-70662514D651}C:\program files (x86)\quester\olfax\mailtofax.exe] => (Allow) C:\program files (x86)\quester\olfax\mailtofax.exe
FirewallRules: [TCP Query User{515792D9-7DCD-4650-971C-7AE9AC5202B2}C:\program files (x86)\quester\olfolders\olwserver.exe] => (Allow) C:\program files (x86)\quester\olfolders\olwserver.exe
FirewallRules: [UDP Query User{24CB0323-A26C-4795-ABC7-82AAF7009718}C:\program files (x86)\quester\olfolders\olwserver.exe] => (Allow) C:\program files (x86)\quester\olfolders\olwserver.exe
FirewallRules: [TCP Query User{B6F01468-880D-48EA-8C76-AB1176D6677B}C:\program files (x86)\quester\olfax\mailtofax.exe] => (Allow) C:\program files (x86)\quester\olfax\mailtofax.exe
FirewallRules: [UDP Query User{D3082781-1B92-45AF-A6EE-6D385272073E}C:\program files (x86)\quester\olfax\mailtofax.exe] => (Allow) C:\program files (x86)\quester\olfax\mailtofax.exe
FirewallRules: [TCP Query User{C49C2965-DE2D-45A4-87F9-DE0637BC58A1}C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Allow) C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [UDP Query User{DF7166AF-8CAF-4DFC-B93B-F1169883CA0A}C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Allow) C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [TCP Query User{92F5C401-6765-4587-9C74-7CE4F4F3072D}C:\users\skirda\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Block) C:\users\skirda\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [UDP Query User{9FBCE5B0-AFE9-4F62-A0BC-EAA3CE94C596}C:\users\skirda\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Block) C:\users\skirda\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [TCP Query User{F01A7B92-4321-44C8-87CD-DE5FEACB022F}C:\users\warko\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Block) C:\users\warko\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [UDP Query User{7B2E739D-00C3-4D97-A8DC-8D2DDF657C77}C:\users\warko\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Block) C:\users\warko\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [TCP Query User{753DA451-3D28-49EB-B100-0634D7695FE1}C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Block) C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [UDP Query User{5A6DF2F8-1419-444F-9626-5E2C379FB3AD}C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe] => (Block) C:\users\micha\appdata\local\data becker\web to date 7.0\apache\apache.exe
FirewallRules: [TCP Query User{1C542F2D-4612-4624-985F-C5684CDECB7E}C:\program files (x86)\tp-link\mfp and storage server\mfp and storage server.exe] => (Allow) C:\program files (x86)\tp-link\mfp and storage server\mfp and storage server.exe
FirewallRules: [UDP Query User{5FB39255-0FD6-4A22-B9D6-2C798D512266}C:\program files (x86)\tp-link\mfp and storage server\mfp and storage server.exe] => (Allow) C:\program files (x86)\tp-link\mfp and storage server\mfp and storage server.exe
FirewallRules: [{C6578A7C-6375-4D80-B54E-011B7FC11A01}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldnpswx.exe
FirewallRules: [{1CFCBBEA-006D-40B1-9F0B-64142109CDB9}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldnpswx.exe
FirewallRules: [{3F6635D3-338B-40AE-8C37-E2BFC36ABD7E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldntime.exe
FirewallRules: [{D73B77EA-0AF8-43AC-80EC-2A8A548C7D86}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dldntime.exe
FirewallRules: [{01643206-1837-425A-AC10-F0BB5192B5D5}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{BA8F3D5E-7C7F-4070-97D1-AA0D788F8A8D}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8E7BC76D-13AA-4C54-948A-F63FAA3AF8C6}] => (Allow) C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5BD7B9E3-2F0B-4259-8605-01249A260111}] => (Allow) C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{B89C300B-4C4B-4DCF-B905-85B097DC0C47}C:\users\admin\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\admin\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{FBC9D360-52D7-412A-9746-E5CC736945F4}C:\users\admin\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\admin\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{EF97CF96-F5FF-4B73-9795-33A9632D71E5}C:\users\skirda\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\skirda\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{F5BA3B69-3148-450D-BC59-1CC8C02657CC}C:\users\skirda\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\skirda\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{0F6FA4E7-3212-4A45-AE2C-97884D101817}C:\users\micha\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\micha\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{1B9F1DAF-3838-4695-8C26-AA9F708FE99F}C:\users\micha\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\micha\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [{99E36A78-EED1-4C7D-891A-1B06A1849998}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
FirewallRules: [{F53BBE99-32E5-4EC2-81D9-29ECDFE7E92E}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
FirewallRules: [{186A027F-51F8-4505-8DF8-B8741B90E38A}] => (Allow) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
FirewallRules: [{E3876307-89B1-4B5A-B03C-3CD4A6C9A722}] => (Allow) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
FirewallRules: [{38E46E57-7C06-4C2B-8FFF-7FBA04D3F78B}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbeng9.exe
FirewallRules: [{435F4646-075E-49DB-BBCA-C5AD8A1A7EF0}] => (Allow) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbeng9.exe
FirewallRules: [TCP Query User{4F3D6E38-0725-4CEF-96DC-6435D815EF15}C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{D5338816-0EAE-4107-82A2-913BA2BE4EF1}C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Allow) C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{32B8CADD-4E77-4151-8B9F-8C9FAD11EB92}C:\program files (x86)\sql anywhere 12\bin32\dbsrv12.exe] => (Allow) C:\program files (x86)\sql anywhere 12\bin32\dbsrv12.exe
FirewallRules: [UDP Query User{BED5CB1E-C17F-49C7-AC48-50293ED2D4E5}C:\program files (x86)\sql anywhere 12\bin32\dbsrv12.exe] => (Allow) C:\program files (x86)\sql anywhere 12\bin32\dbsrv12.exe
FirewallRules: [TCP Query User{858BFA61-5562-4224-ABC7-E64CD6F3C198}C:\users\tanja\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Block) C:\users\tanja\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{82390B9D-7F6F-4BFC-8B3F-AFF2B9092681}C:\users\tanja\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Block) C:\users\tanja\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{2CB37D2E-A4C1-478D-A306-C3E5D55D2220}C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Block) C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [UDP Query User{F4743948-3672-4D6C-9754-519591ED5FC6}C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe] => (Block) C:\users\warko\appdata\local\data becker\web to date 8.0\apache\apache.exe
FirewallRules: [TCP Query User{533BD3D2-9F6C-44A1-A51F-A3AB067DFE6C}C:\users\admin\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\admin\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{BC82B64F-D0EE-46AB-9E6A-5182B5D12168}C:\users\admin\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\admin\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [TCP Query User{4F65D7A6-B1E5-416D-879C-2B18A75BAF8C}C:\users\micha\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\micha\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{9A42F998-6F53-45A2-9274-1E5A2BF92774}C:\users\micha\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\micha\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [TCP Query User{CC5768EE-269B-4611-AFAD-DCE5F6746302}C:\users\warko\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\warko\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{EE4E8668-2C7A-44AD-9F35-351EEC08A9C3}C:\users\warko\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\warko\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [TCP Query User{8B18682D-03A3-474C-B271-7273CEC85D4B}C:\users\skirda\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\skirda\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{79141942-1018-42E0-89BE-C479AFF23451}C:\users\skirda\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\skirda\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [{C41CB3C1-976C-4E90-A48D-94F2B6AA344D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{A9CA89AC-4E06-43F8-ABF0-1A9E0A1CF262}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BF1AD5AE-6666-4095-8C97-39FB3A51BD18}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3137D007-EBC6-4780-AB88-E2F033AEBF9A}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{8C107ED5-157E-45FE-85D9-72FDE48E9763}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F0991420-E60B-413B-8D84-01855B3D7535}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{8CE52825-EFD4-42BB-889F-A840235B5FE6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
FirewallRules: [{B87C99AC-71B3-4C7A-918A-765303E03C59}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
FirewallRules: [{73622963-F438-45EA-901D-18690A501849}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{C9CD473A-AF4A-42BF-9207-C19A1BECA396}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [TCP Query User{D433CE4C-3F35-4281-98D6-706E21207252}C:\users\steffi\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\steffi\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{C312F532-7EE2-4008-B3CC-43D39731833F}C:\users\steffi\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\steffi\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [TCP Query User{342E48FA-0CAC-4B08-9851-1C1D7B108087}C:\users\andrea\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\andrea\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{3E100526-B98F-48D7-AD03-013015FAEA25}C:\users\andrea\appdata\local\siquando\web 8\apache\apache.exe] => (Allow) C:\users\andrea\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [TCP Query User{CDE41BD2-29D7-49D2-BC85-C99F354645E2}F:\setup.exe] => (Allow) F:\setup.exe
FirewallRules: [UDP Query User{B163EE06-30FD-45ED-B585-87AB5E0A9F22}F:\setup.exe] => (Allow) F:\setup.exe
FirewallRules: [{0AFC622F-8537-42E3-9502-CBB7BB6B5231}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9D05ECF0-9D17-439F-A16A-C8E9DC02AEDE}C:\users\olga\appdata\local\siquando\web 8\apache\apache.exe] => (Block) C:\users\olga\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [UDP Query User{5014E07C-E106-4618-BB09-A6FF4650AAEC}C:\users\olga\appdata\local\siquando\web 8\apache\apache.exe] => (Block) C:\users\olga\appdata\local\siquando\web 8\apache\apache.exe
FirewallRules: [{E55ECA90-3811-4EBB-B89F-6229552B0477}] => (Allow) LPort=3389

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 02:20:10 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (06/08/2015 02:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8808
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea5f
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3

Error: (06/08/2015 01:15:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Framework.exe, Version 13.51.0.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 34d4

Startzeit: 01d0a1cad4a79f73

Endzeit: 9

Anwendungspfad: C:\Program Files (x86)\Lexware\professional\2013\Framework.exe

Berichts-ID:

Error: (06/08/2015 10:49:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 13.51.0.181, Zeitstempel: 0x51c2b76a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8808
Ausnahmecode: 0xc0150014
Fehleroffset: 0x00084a27
ID des fehlerhaften Prozesses: 0x1604
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (06/08/2015 10:49:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 13.51.0.181, Zeitstempel: 0x51c2b76a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8808
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008483f
ID des fehlerhaften Prozesses: 0x1604
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (06/08/2015 10:49:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 77B6483F
Stapel:

Error: (06/05/2015 02:05:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 13.51.0.181, Zeitstempel: 0x51c2b76a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8808
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008483f
ID des fehlerhaften Prozesses: 0x427c
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (06/05/2015 02:05:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 7796483F
Stapel:

Error: (06/05/2015 00:16:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Framework.exe, Version: 13.51.0.181, Zeitstempel: 0x51c2b76a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8808
Ausnahmecode: 0xc0150010
Fehleroffset: 0x000847e0
ID des fehlerhaften Prozesses: 0x3790
Startzeit der fehlerhaften Anwendung: 0xFramework.exe0
Pfad der fehlerhaften Anwendung: Framework.exe1
Pfad des fehlerhaften Moduls: Framework.exe2
Berichtskennung: Framework.exe3

Error: (06/05/2015 00:16:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0150010, Ausnahmeadresse 779647E0
Stapel:


System errors:
=============
Error: (06/08/2015 07:58:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:58:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:58:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:55:47 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:55:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:55:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:55:45 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:55:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:55:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/08/2015 07:54:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office:
=========================
Error: (06/08/2015 02:20:10 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 

Error: (06/08/2015 02:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DATA BECKER Update Service.exe0.0.4.14d89246bntdll.dll6.1.7601.18839553e8808c0000374000cea5f8a001d0a1e4201577d9C:\Program Files (x86)\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\Windows\SysWOW64\ntdll.dll60861e1d-0dd7-11e5-911c-002522189594

Error: (06/08/2015 01:15:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Framework.exe13.51.0.18134d401d0a1cad4a79f739C:\Program Files (x86)\Lexware\professional\2013\Framework.exe

Error: (06/08/2015 10:49:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe13.51.0.18151c2b76antdll.dll6.1.7601.18839553e8808c015001400084a27160401d0a19c45c62ea5C:\Program Files (x86)\Lexware\professional\2013\Framework.exeC:\Windows\SysWOW64\ntdll.dll46201c07-0dbb-11e5-a961-002522189594

Error: (06/08/2015 10:49:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe13.51.0.18151c2b76antdll.dll6.1.7601.18839553e8808c00000050008483f160401d0a19c45c62ea5C:\Program Files (x86)\Lexware\professional\2013\Framework.exeC:\Windows\SysWOW64\ntdll.dll4500f6d0-0dbb-11e5-a961-002522189594

Error: (06/08/2015 10:49:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 77B6483F
Stapel:

Error: (06/05/2015 02:05:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe13.51.0.18151c2b76antdll.dll6.1.7601.18839553e8808c00000050008483f427c01d09f73753c69efC:\Program Files (x86)\Lexware\professional\2013\Framework.exeC:\Windows\SysWOW64\ntdll.dll2ec1b5de-0b7b-11e5-95b8-002522189594

Error: (06/05/2015 02:05:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 7796483F
Stapel:

Error: (06/05/2015 00:16:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Framework.exe13.51.0.18151c2b76antdll.dll6.1.7601.18839553e8808c0150010000847e0379001d09f68427542d1C:\Program Files (x86)\Lexware\professional\2013\Framework.exeC:\Windows\SysWOW64\ntdll.dllec6b44ef-0b6b-11e5-95b8-002522189594

Error: (06/05/2015 00:16:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Framework.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0150010, Ausnahmeadresse 779647E0
Stapel:


CodeIntegrity Errors:
===================================
  Date: 2015-06-08 17:18:48.534
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 15:46:44.438
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 15:39:06.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 14:23:26.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 13:33:12.633
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 08:16:24.921
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 07:58:34.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-05 16:46:10.252
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-05 16:28:17.492
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-05 13:09:31.966
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 12286.12 MB
Available physical RAM: 6734.53 MB
Total Pagefile: 30713.32 MB
Available Pagefile: 25097.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:97.66 GB) (Free:19.82 GB) NTFS
Drive d: (ADATA UFD) (Removable) (Total:3.71 GB) (Free:1.98 GB) FAT32
Drive e: (DATEN ZENTRAL) (Fixed) (Total:368.01 GB) (Free:179.79 GB) NTFS
Drive f: (OKI) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B8AFEE4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================
         
--- --- ---
__________________


Alt 10.06.2015, 05:33   #3
schrauber
/// the machine
/// TB-Ausbilder
 

DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Zip Opener Packages 43

    Zip Opener Packages 43



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
__________________

Alt 13.06.2015, 19:24   #4
k1m
 
DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



Vielen Dank für die Hilfe! Hier die Logs:

MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.12.03
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
ADMIN :: SERVER [administrator]

12.06.2015 15:41:57
mbar-log-2015-06-12 (15-41-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 858050
Time elapsed: 42 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSSKiller
Code:
ATTFilter
20:18:05.0332 0x14f0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:18:08.0936 0x14f0  ============================================================
20:18:08.0936 0x14f0  Current date / time: 2015/06/13 20:18:08.0936
20:18:08.0936 0x14f0  SystemInfo:
20:18:08.0936 0x14f0  
20:18:08.0936 0x14f0  OS Version: 6.1.7601 ServicePack: 1.0
20:18:08.0936 0x14f0  Product type: Workstation
20:18:08.0936 0x14f0  ComputerName: SERVER
20:18:08.0936 0x14f0  UserName: ADMIN
20:18:08.0936 0x14f0  Windows directory: C:\Windows
20:18:08.0936 0x14f0  System windows directory: C:\Windows
20:18:08.0936 0x14f0  Running under WOW64
20:18:08.0936 0x14f0  Processor architecture: Intel x64
20:18:08.0937 0x14f0  Number of processors: 8
20:18:08.0937 0x14f0  Page size: 0x1000
20:18:08.0937 0x14f0  Boot type: Normal boot
20:18:08.0937 0x14f0  ============================================================
20:18:10.0915 0x14f0  KLMD registered as C:\Windows\system32\drivers\29278014.sys
20:18:11.0707 0x14f0  System UUID: {77A4DE47-3FB4-9150-5BAE-7BD8754B670C}
20:18:12.0389 0x14f0  Drive \Device\Harddisk0\DR0 - Size: 0x7471100000 ( 465.77 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:18:12.0394 0x14f0  Drive \Device\Harddisk1\DR1 - Size: 0xEE377E00 ( 3.72 Gb ), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:18:12.0396 0x14f0  ============================================================
20:18:12.0396 0x14f0  \Device\Harddisk0\DR0:
20:18:12.0396 0x14f0  MBR partitions:
20:18:12.0396 0x14f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:18:12.0396 0x14f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC34F800
20:18:12.0396 0x14f0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC382800, BlocksNum 0x2E005000
20:18:12.0396 0x14f0  \Device\Harddisk1\DR1:
20:18:12.0397 0x14f0  MBR partitions:
20:18:12.0397 0x14f0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x76E366
20:18:12.0397 0x14f0  ============================================================
20:18:12.0435 0x14f0  C: <-> \Device\Harddisk0\DR0\Partition2
20:18:12.0474 0x14f0  E: <-> \Device\Harddisk0\DR0\Partition3
20:18:12.0475 0x14f0  ============================================================
20:18:12.0475 0x14f0  Initialize success
20:18:12.0475 0x14f0  ============================================================
20:18:43.0759 0x0a68  ============================================================
20:18:43.0759 0x0a68  Scan started
20:18:43.0759 0x0a68  Mode: Manual; SigCheck; TDLFS; 
20:18:43.0759 0x0a68  ============================================================
20:18:43.0760 0x0a68  KSN ping started
20:18:46.0406 0x0a68  KSN ping finished: true
20:18:47.0771 0x0a68  ================ Scan system memory ========================
20:18:47.0771 0x0a68  System memory - ok
20:18:47.0771 0x0a68  ================ Scan services =============================
20:18:47.0915 0x0a68  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:18:47.0997 0x0a68  1394ohci - ok
20:18:48.0041 0x0a68  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:18:48.0058 0x0a68  ACPI - ok
20:18:48.0077 0x0a68  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:18:48.0109 0x0a68  AcpiPmi - ok
20:18:48.0212 0x0a68  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:18:48.0230 0x0a68  AdobeARMservice - ok
20:18:48.0323 0x0a68  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:18:48.0344 0x0a68  AdobeFlashPlayerUpdateSvc - ok
20:18:48.0399 0x0a68  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:18:48.0421 0x0a68  adp94xx - ok
20:18:48.0459 0x0a68  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:18:48.0474 0x0a68  adpahci - ok
20:18:48.0492 0x0a68  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:18:48.0503 0x0a68  adpu320 - ok
20:18:48.0526 0x0a68  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:18:48.0537 0x0a68  AeLookupSvc - ok
20:18:48.0599 0x0a68  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:18:48.0649 0x0a68  AFD - ok
20:18:48.0676 0x0a68  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:18:48.0685 0x0a68  agp440 - ok
20:18:48.0713 0x0a68  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:18:48.0753 0x0a68  ALG - ok
20:18:48.0778 0x0a68  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:18:48.0788 0x0a68  aliide - ok
20:18:48.0826 0x0a68  [ 11276158EEEEADF3EB154061BFC80A19, E7CC9415F081B875486B3C277C8E7BEBBB7281D7891E244A38AA946858DAB047 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:18:48.0857 0x0a68  AMD External Events Utility - ok
20:18:48.0882 0x0a68  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:18:48.0892 0x0a68  amdide - ok
20:18:48.0926 0x0a68  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:18:48.0948 0x0a68  AmdK8 - ok
20:18:49.0247 0x0a68  [ DF943A113060D3ABFDA4730AE4163D6F, 152052F268EDC531163BD580C1BFFD4F94883A3E661783A36D2C527894C16749 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:18:49.0420 0x0a68  amdkmdag - ok
20:18:49.0458 0x0a68  [ 4003B34B4A83DE29CD1C88EB6C869E58, E970B829838EDCDBE589E1F4C641CC637C31EDF9F949B2159A48361B3DC38ABA ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:18:49.0494 0x0a68  amdkmdap - ok
20:18:49.0505 0x0a68  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:18:49.0515 0x0a68  AmdPPM - ok
20:18:49.0559 0x0a68  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:18:49.0579 0x0a68  amdsata - ok
20:18:49.0609 0x0a68  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:18:49.0622 0x0a68  amdsbs - ok
20:18:49.0628 0x0a68  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:18:49.0637 0x0a68  amdxata - ok
20:18:49.0689 0x0a68  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
20:18:49.0714 0x0a68  AppID - ok
20:18:49.0744 0x0a68  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:18:49.0774 0x0a68  AppIDSvc - ok
20:18:49.0816 0x0a68  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:18:49.0848 0x0a68  Appinfo - ok
20:18:49.0888 0x0a68  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:18:49.0911 0x0a68  AppMgmt - ok
20:18:49.0934 0x0a68  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:18:49.0952 0x0a68  arc - ok
20:18:49.0970 0x0a68  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:18:49.0987 0x0a68  arcsas - ok
20:18:50.0089 0x0a68  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:18:50.0110 0x0a68  aspnet_state - ok
20:18:50.0142 0x0a68  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:18:50.0198 0x0a68  AsyncMac - ok
20:18:50.0229 0x0a68  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:18:50.0241 0x0a68  atapi - ok
20:18:50.0505 0x0a68  [ DF943A113060D3ABFDA4730AE4163D6F, 152052F268EDC531163BD580C1BFFD4F94883A3E661783A36D2C527894C16749 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:18:50.0652 0x0a68  atikmdag - ok
20:18:50.0721 0x0a68  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:18:50.0771 0x0a68  AudioEndpointBuilder - ok
20:18:50.0791 0x0a68  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:18:50.0818 0x0a68  AudioSrv - ok
20:18:51.0088 0x0a68  [ B575DC72C76D25AA5C82FF3006F39B18, 3530B847E3A3AA9AD571BEE88FCB191BB862B23C8AB23EFF4CEDBCA502E15BAD ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
20:18:51.0211 0x0a68  AVGIDSAgent - ok
20:18:51.0270 0x0a68  [ 92B7689FBC131E143421A19C18320E34, D3A323015790355070A380731CA56547F518F8AF800BC71670481A646C8FEEB3 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:18:51.0298 0x0a68  AVGIDSDriver - ok
20:18:51.0320 0x0a68  [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:18:51.0329 0x0a68  AVGIDSHA - ok
20:18:51.0364 0x0a68  [ 7A01A673385EC817567E43F55E05BC5F, 00A3795818E451D665AB15C176DC06E7C678125C071572AEBA7BA4748CC1A69E ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
20:18:51.0374 0x0a68  Avgldx64 - ok
20:18:51.0459 0x0a68  [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
20:18:51.0478 0x0a68  Avgloga - ok
20:18:51.0504 0x0a68  [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
20:18:51.0514 0x0a68  Avgmfx64 - ok
20:18:51.0544 0x0a68  [ E191E443B0F7B05E784279A1C29B9D2A, 24B2B048C2CE5520A6B0E6702F55B5B65411E3E3D0857301E430EF2F9D7ECAFE ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
20:18:51.0552 0x0a68  Avgrkx64 - ok
20:18:51.0579 0x0a68  [ 4880321531F8A6EFC7CA67BC4D0E4E1B, DD053D504360BF5E6F4072070ABD543E06442C90BAD5B7FFA70385E132F17EBF ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:18:51.0590 0x0a68  Avgtdia - ok
20:18:51.0634 0x0a68  [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
20:18:51.0656 0x0a68  avgwd - ok
20:18:51.0692 0x0a68  [ 43744F1D3CDE20F3925F10927C9036C2, 47374A71D1A38572B8C247E924C0F3F063A6281743C9B7D818D63CA576B5D289 ] AVMCOWAN        C:\Windows\system32\DRIVERS\AVMCOWAN.sys
20:18:51.0727 0x0a68  AVMCOWAN - ok
20:18:51.0775 0x0a68  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:18:51.0811 0x0a68  AxInstSV - ok
20:18:51.0870 0x0a68  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:18:51.0895 0x0a68  b06bdrv - ok
20:18:51.0916 0x0a68  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:18:51.0954 0x0a68  b57nd60a - ok
20:18:51.0987 0x0a68  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:18:52.0000 0x0a68  BDESVC - ok
20:18:52.0017 0x0a68  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:18:52.0055 0x0a68  Beep - ok
20:18:52.0122 0x0a68  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:18:52.0163 0x0a68  BFE - ok
20:18:52.0213 0x0a68  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
20:18:52.0267 0x0a68  BITS - ok
20:18:52.0294 0x0a68  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:18:52.0321 0x0a68  blbdrive - ok
20:18:52.0351 0x0a68  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:18:52.0382 0x0a68  bowser - ok
20:18:52.0397 0x0a68  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:18:52.0415 0x0a68  BrFiltLo - ok
20:18:52.0428 0x0a68  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:18:52.0447 0x0a68  BrFiltUp - ok
20:18:52.0495 0x0a68  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:18:52.0552 0x0a68  BridgeMP - ok
20:18:52.0577 0x0a68  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:18:52.0605 0x0a68  Browser - ok
20:18:52.0650 0x0a68  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:18:52.0681 0x0a68  Brserid - ok
20:18:52.0689 0x0a68  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:18:52.0717 0x0a68  BrSerWdm - ok
20:18:52.0735 0x0a68  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:18:52.0747 0x0a68  BrUsbMdm - ok
20:18:52.0750 0x0a68  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:18:52.0766 0x0a68  BrUsbSer - ok
20:18:52.0788 0x0a68  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:18:52.0801 0x0a68  BTHMODEM - ok
20:18:52.0830 0x0a68  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:18:52.0857 0x0a68  bthserv - ok
20:18:52.0877 0x0a68  catchme - ok
20:18:52.0894 0x0a68  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:18:52.0918 0x0a68  cdfs - ok
20:18:52.0947 0x0a68  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:18:52.0958 0x0a68  cdrom - ok
20:18:52.0982 0x0a68  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:18:53.0018 0x0a68  CertPropSvc - ok
20:18:53.0030 0x0a68  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:18:53.0041 0x0a68  circlass - ok
20:18:53.0110 0x0a68  [ 8FEE4423D682394EB436C975D0A3A994, E43EE914EBB4982E850B7E823C81BB4D11D486D9A27227FD9E0B8D60AAADE5B6 ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
20:18:53.0133 0x0a68  cjpcsc - ok
20:18:53.0157 0x0a68  [ 06E1F5228399FC49A8D026DA38DB6784, 5554071E5C55FC7EF3C7C95F0BC565509C3F0C03E0814C98376932A9D1C32AA6 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
20:18:53.0164 0x0a68  cjusb - ok
20:18:53.0238 0x0a68  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys
20:18:53.0255 0x0a68  cleanhlp - ok
20:18:53.0315 0x0a68  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
20:18:53.0336 0x0a68  CLFS - ok
20:18:53.0386 0x0a68  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:53.0401 0x0a68  clr_optimization_v2.0.50727_32 - ok
20:18:53.0441 0x0a68  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:18:53.0458 0x0a68  clr_optimization_v2.0.50727_64 - ok
20:18:53.0542 0x0a68  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:18:53.0565 0x0a68  clr_optimization_v4.0.30319_32 - ok
20:18:53.0602 0x0a68  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:18:53.0624 0x0a68  clr_optimization_v4.0.30319_64 - ok
20:18:53.0651 0x0a68  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:18:53.0681 0x0a68  CmBatt - ok
20:18:53.0704 0x0a68  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:18:53.0717 0x0a68  cmdide - ok
20:18:53.0778 0x0a68  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:18:53.0813 0x0a68  CNG - ok
20:18:53.0829 0x0a68  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:18:53.0836 0x0a68  Compbatt - ok
20:18:53.0860 0x0a68  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:18:53.0871 0x0a68  CompositeBus - ok
20:18:53.0877 0x0a68  COMSysApp - ok
20:18:53.0958 0x0a68  cpuz132 - ok
20:18:53.0975 0x0a68  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:18:53.0991 0x0a68  crcdisk - ok
20:18:54.0030 0x0a68  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:18:54.0063 0x0a68  CryptSvc - ok
20:18:54.0109 0x0a68  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
20:18:54.0153 0x0a68  CSC - ok
20:18:54.0203 0x0a68  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
20:18:54.0245 0x0a68  CscService - ok
20:18:54.0335 0x0a68  [ 48297BF3339BC56DD7D7524D7A1740AA, A0D750FE7745C7D2A53CB61A6FF33B867675053B56F8DB1F52B01A74FB755190 ] DBService       C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
20:18:54.0363 0x0a68  DBService - detected UnsignedFile.Multi.Generic ( 1 )
20:18:57.0037 0x0a68  Detect skipped due to KSN trusted
20:18:57.0037 0x0a68  DBService - ok
20:18:57.0096 0x0a68  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:18:57.0151 0x0a68  DcomLaunch - ok
20:18:57.0180 0x0a68  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:18:57.0210 0x0a68  defragsvc - ok
20:18:57.0241 0x0a68  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:18:57.0281 0x0a68  DfsC - ok
20:18:57.0333 0x0a68  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:18:57.0431 0x0a68  Dhcp - ok
20:18:57.0548 0x0a68  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:18:57.0602 0x0a68  DiagTrack - ok
20:18:57.0615 0x0a68  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:18:57.0647 0x0a68  discache - ok
20:18:57.0674 0x0a68  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:18:57.0683 0x0a68  Disk - ok
20:18:57.0686 0x0a68  dldn_device - ok
20:18:57.0723 0x0a68  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:18:57.0745 0x0a68  Dnscache - ok
20:18:57.0798 0x0a68  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:18:57.0842 0x0a68  dot3svc - ok
20:18:57.0863 0x0a68  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:18:57.0892 0x0a68  DPS - ok
20:18:57.0929 0x0a68  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:18:57.0957 0x0a68  drmkaud - ok
20:18:58.0039 0x0a68  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:18:58.0078 0x0a68  DXGKrnl - ok
20:18:58.0147 0x0a68  [ 4E6C490CBD91CDF4D42EDC973D6D1835, 4E5CFF4B28D396A413CB7F486EDE40451F289DDF47C60657E7A4B10C0B536739 ] DymoPnpService  C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
20:18:58.0158 0x0a68  DymoPnpService - ok
20:18:58.0190 0x0a68  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:18:58.0235 0x0a68  EapHost - ok
20:18:58.0360 0x0a68  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:18:58.0442 0x0a68  ebdrv - ok
20:18:58.0468 0x0a68  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\Windows\System32\lsass.exe
20:18:58.0477 0x0a68  EFS - ok
20:18:58.0550 0x0a68  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:18:58.0585 0x0a68  ehRecvr - ok
20:18:58.0616 0x0a68  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:18:58.0628 0x0a68  ehSched - ok
20:18:58.0664 0x0a68  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:18:58.0685 0x0a68  elxstor - ok
20:18:58.0708 0x0a68  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:18:58.0718 0x0a68  ErrDev - ok
20:18:58.0750 0x0a68  [ 917DFF97525B7D70C46D4DEDA240089F, D8239EBB5D40AA6BA42BFA542A5001206610498886369D5B31ED7A9ACC17B6B4 ] EST_BusEnum     C:\Windows\system32\DRIVERS\GenBus.sys
20:18:58.0771 0x0a68  EST_BusEnum - ok
20:18:58.0806 0x0a68  [ B63CB796F3FC7DF6DB5C0DD7E4A6F16D, 1B4B9A1EB6FEB983D2E28B1DF60FC0F603BA2A81CC9F978DAEBD1F79C0A35B7D ] EST_Server      C:\Windows\system32\DRIVERS\GenHC.sys
20:18:58.0818 0x0a68  EST_Server - ok
20:18:58.0868 0x0a68  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:18:58.0913 0x0a68  EventSystem - ok
20:18:58.0934 0x0a68  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:18:58.0967 0x0a68  exfat - ok
20:18:59.0002 0x0a68  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:18:59.0041 0x0a68  fastfat - ok
20:18:59.0111 0x0a68  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:18:59.0135 0x0a68  Fax - ok
20:18:59.0164 0x0a68  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:18:59.0184 0x0a68  fdc - ok
20:18:59.0199 0x0a68  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:18:59.0234 0x0a68  fdPHost - ok
20:18:59.0253 0x0a68  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:18:59.0283 0x0a68  FDResPub - ok
20:18:59.0303 0x0a68  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:18:59.0312 0x0a68  FileInfo - ok
20:18:59.0320 0x0a68  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:18:59.0343 0x0a68  Filetrace - ok
20:18:59.0351 0x0a68  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:18:59.0360 0x0a68  flpydisk - ok
20:18:59.0392 0x0a68  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:18:59.0416 0x0a68  FltMgr - ok
20:18:59.0493 0x0a68  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
20:18:59.0549 0x0a68  FontCache - ok
20:18:59.0590 0x0a68  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:18:59.0597 0x0a68  FontCache3.0.0.0 - ok
20:18:59.0679 0x0a68  [ CE7593C10A04D08F9B043890216F5728, 21E4AD5643BCDCB811E49C74F682672032A603078EDD80DE6E37249C9A005407 ] FPCIBASE        C:\Windows\system32\DRIVERS\fpcibase.sys
20:18:59.0713 0x0a68  FPCIBASE - ok
20:18:59.0740 0x0a68  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:18:59.0749 0x0a68  FsDepends - ok
20:18:59.0768 0x0a68  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:18:59.0776 0x0a68  Fs_Rec - ok
20:18:59.0815 0x0a68  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:18:59.0842 0x0a68  fvevol - ok
20:18:59.0861 0x0a68  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:18:59.0876 0x0a68  gagp30kx - ok
20:18:59.0938 0x0a68  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:18:59.0984 0x0a68  gpsvc - ok
20:19:00.0065 0x0a68  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:19:00.0081 0x0a68  gupdate - ok
20:19:00.0090 0x0a68  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:19:00.0098 0x0a68  gupdatem - ok
20:19:00.0118 0x0a68  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:19:00.0140 0x0a68  hcw85cir - ok
20:19:00.0201 0x0a68  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:19:00.0239 0x0a68  HdAudAddService - ok
20:19:00.0273 0x0a68  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:19:00.0306 0x0a68  HDAudBus - ok
20:19:00.0335 0x0a68  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:19:00.0363 0x0a68  HidBatt - ok
20:19:00.0381 0x0a68  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:19:00.0413 0x0a68  HidBth - ok
20:19:00.0429 0x0a68  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:19:00.0458 0x0a68  HidIr - ok
20:19:00.0478 0x0a68  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
20:19:00.0508 0x0a68  hidserv - ok
20:19:00.0552 0x0a68  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:19:00.0560 0x0a68  HidUsb - ok
20:19:00.0583 0x0a68  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:19:00.0607 0x0a68  hkmsvc - ok
20:19:00.0645 0x0a68  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:19:00.0658 0x0a68  HomeGroupListener - ok
20:19:00.0679 0x0a68  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:19:00.0693 0x0a68  HomeGroupProvider - ok
20:19:00.0706 0x0a68  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:19:00.0715 0x0a68  HpSAMD - ok
20:19:00.0788 0x0a68  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:19:00.0815 0x0a68  HTTP - ok
20:19:00.0833 0x0a68  hwdatacard - ok
20:19:00.0857 0x0a68  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:19:00.0871 0x0a68  hwpolicy - ok
20:19:00.0921 0x0a68  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:19:00.0951 0x0a68  i8042prt - ok
20:19:01.0003 0x0a68  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:19:01.0029 0x0a68  iaStorV - ok
20:19:01.0093 0x0a68  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:19:01.0125 0x0a68  idsvc - ok
20:19:01.0135 0x0a68  IEEtwCollectorService - ok
20:19:01.0157 0x0a68  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:19:01.0172 0x0a68  iirsp - ok
20:19:01.0237 0x0a68  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:19:01.0276 0x0a68  IKEEXT - ok
20:19:01.0301 0x0a68  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:19:01.0309 0x0a68  intelide - ok
20:19:01.0332 0x0a68  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:19:01.0350 0x0a68  intelppm - ok
20:19:01.0372 0x0a68  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:19:01.0408 0x0a68  IPBusEnum - ok
20:19:01.0431 0x0a68  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:19:01.0456 0x0a68  IpFilterDriver - ok
20:19:01.0513 0x0a68  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:19:01.0546 0x0a68  iphlpsvc - ok
20:19:01.0573 0x0a68  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:19:01.0589 0x0a68  IPMIDRV - ok
20:19:01.0607 0x0a68  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:19:01.0647 0x0a68  IPNAT - ok
20:19:01.0675 0x0a68  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:19:01.0686 0x0a68  IRENUM - ok
20:19:01.0699 0x0a68  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:19:01.0707 0x0a68  isapnp - ok
20:19:01.0747 0x0a68  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:19:01.0759 0x0a68  iScsiPrt - ok
20:19:01.0784 0x0a68  [ 75DDB94A2A24F9F7037D10A2DDA06D36, 8CA8AD4258045AA742DD97E977C8B03FE0689006B3EBF83689CD2CFDE746EF28 ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
20:19:01.0791 0x0a68  JRAID - ok
20:19:01.0808 0x0a68  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:19:01.0816 0x0a68  kbdclass - ok
20:19:01.0835 0x0a68  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:19:01.0844 0x0a68  kbdhid - ok
20:19:01.0851 0x0a68  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\Windows\system32\lsass.exe
20:19:01.0859 0x0a68  KeyIso - ok
20:19:01.0881 0x0a68  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:19:01.0891 0x0a68  KSecDD - ok
20:19:01.0912 0x0a68  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:19:01.0922 0x0a68  KSecPkg - ok
20:19:01.0928 0x0a68  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:19:01.0952 0x0a68  ksthunk - ok
20:19:01.0993 0x0a68  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:19:02.0059 0x0a68  KtmRm - ok
20:19:02.0108 0x0a68  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:19:02.0158 0x0a68  LanmanServer - ok
20:19:02.0189 0x0a68  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:19:02.0234 0x0a68  LanmanWorkstation - ok
20:19:02.0305 0x0a68  [ 65B76008166AD512AF1B65771DF8EC19, 8B1927AD2E5F6F4EDE3EEABBE26826B351ED466B293DD320E670F65FEB452B61 ] Lexware Installations Dienst C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe
20:19:02.0324 0x0a68  Lexware Installations Dienst - detected UnsignedFile.Multi.Generic ( 1 )
20:19:05.0065 0x0a68  Lexware Installations Dienst ( UnsignedFile.Multi.Generic ) - warning
20:19:05.0065 0x0a68  Force sending object to P2P due to detect: Lexware Installations Dienst
20:19:07.0791 0x0a68  Object send P2P result: true
20:19:10.0506 0x0a68  Lexware_Professional_Datenbank - ok
20:19:10.0578 0x0a68  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:19:10.0644 0x0a68  lltdio - ok
20:19:10.0675 0x0a68  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:19:10.0707 0x0a68  lltdsvc - ok
20:19:10.0714 0x0a68  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:19:10.0750 0x0a68  lmhosts - ok
20:19:10.0783 0x0a68  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:19:10.0792 0x0a68  LSI_FC - ok
20:19:10.0806 0x0a68  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:19:10.0816 0x0a68  LSI_SAS - ok
20:19:10.0822 0x0a68  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:19:10.0831 0x0a68  LSI_SAS2 - ok
20:19:10.0853 0x0a68  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:19:10.0863 0x0a68  LSI_SCSI - ok
20:19:10.0886 0x0a68  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:19:10.0924 0x0a68  luafv - ok
20:19:10.0967 0x0a68  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
20:19:10.0983 0x0a68  mbamchameleon - ok
20:19:11.0022 0x0a68  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:19:11.0034 0x0a68  MBAMProtector - ok
20:19:11.0130 0x0a68  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:19:11.0165 0x0a68  MBAMService - ok
20:19:11.0175 0x0a68  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:19:11.0183 0x0a68  MBAMWebAccessControl - ok
20:19:11.0202 0x0a68  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:19:11.0212 0x0a68  Mcx2Svc - ok
20:19:11.0291 0x0a68  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:19:11.0309 0x0a68  MDM - ok
20:19:11.0316 0x0a68  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:19:11.0327 0x0a68  megasas - ok
20:19:11.0359 0x0a68  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:19:11.0384 0x0a68  MegaSR - ok
20:19:11.0410 0x0a68  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:19:11.0457 0x0a68  MMCSS - ok
20:19:11.0471 0x0a68  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:19:11.0505 0x0a68  Modem - ok
20:19:11.0527 0x0a68  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:19:11.0537 0x0a68  monitor - ok
20:19:11.0546 0x0a68  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:19:11.0554 0x0a68  mouclass - ok
20:19:11.0563 0x0a68  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:19:11.0572 0x0a68  mouhid - ok
20:19:11.0604 0x0a68  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:19:11.0622 0x0a68  mountmgr - ok
20:19:11.0704 0x0a68  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:19:11.0724 0x0a68  MozillaMaintenance - ok
20:19:11.0781 0x0a68  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:19:11.0810 0x0a68  MpFilter - ok
20:19:11.0834 0x0a68  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:19:11.0845 0x0a68  mpio - ok
20:19:11.0883 0x0a68  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:19:11.0907 0x0a68  mpsdrv - ok
20:19:11.0950 0x0a68  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:19:11.0988 0x0a68  MpsSvc - ok
20:19:12.0016 0x0a68  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:19:12.0040 0x0a68  MRxDAV - ok
20:19:12.0067 0x0a68  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:19:12.0078 0x0a68  mrxsmb - ok
20:19:12.0119 0x0a68  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:19:12.0153 0x0a68  mrxsmb10 - ok
20:19:12.0166 0x0a68  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:19:12.0197 0x0a68  mrxsmb20 - ok
20:19:12.0211 0x0a68  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:19:12.0224 0x0a68  msahci - ok
20:19:12.0244 0x0a68  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:19:12.0259 0x0a68  msdsm - ok
20:19:12.0279 0x0a68  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:19:12.0296 0x0a68  MSDTC - ok
20:19:12.0323 0x0a68  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:19:12.0354 0x0a68  Msfs - ok
20:19:12.0364 0x0a68  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:19:12.0395 0x0a68  mshidkmdf - ok
20:19:12.0414 0x0a68  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:19:12.0420 0x0a68  msisadrv - ok
20:19:12.0453 0x0a68  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:19:12.0478 0x0a68  MSiSCSI - ok
20:19:12.0481 0x0a68  msiserver - ok
20:19:12.0507 0x0a68  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:19:12.0530 0x0a68  MSKSSRV - ok
20:19:12.0614 0x0a68  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:19:12.0628 0x0a68  MsMpSvc - ok
20:19:12.0670 0x0a68  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:19:12.0706 0x0a68  MSPCLOCK - ok
20:19:12.0713 0x0a68  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:19:12.0735 0x0a68  MSPQM - ok
20:19:12.0771 0x0a68  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:19:12.0798 0x0a68  MsRPC - ok
20:19:12.0812 0x0a68  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:19:12.0820 0x0a68  mssmbios - ok
20:19:12.0834 0x0a68  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:19:12.0856 0x0a68  MSTEE - ok
20:19:12.0867 0x0a68  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:19:12.0875 0x0a68  MTConfig - ok
20:19:12.0896 0x0a68  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:19:12.0904 0x0a68  Mup - ok
20:19:12.0935 0x0a68  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:19:12.0977 0x0a68  napagent - ok
20:19:13.0015 0x0a68  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:19:13.0047 0x0a68  NativeWifiP - ok
20:19:13.0121 0x0a68  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:19:13.0166 0x0a68  NDIS - ok
20:19:13.0192 0x0a68  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:19:13.0245 0x0a68  NdisCap - ok
20:19:13.0263 0x0a68  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:19:13.0287 0x0a68  NdisTapi - ok
20:19:13.0307 0x0a68  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:19:13.0332 0x0a68  Ndisuio - ok
20:19:13.0360 0x0a68  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:19:13.0396 0x0a68  NdisWan - ok
20:19:13.0420 0x0a68  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:19:13.0445 0x0a68  NDProxy - ok
20:19:13.0455 0x0a68  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:19:13.0495 0x0a68  NetBIOS - ok
20:19:13.0532 0x0a68  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:19:13.0574 0x0a68  NetBT - ok
20:19:13.0593 0x0a68  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\Windows\system32\lsass.exe
20:19:13.0602 0x0a68  Netlogon - ok
20:19:13.0640 0x0a68  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:19:13.0696 0x0a68  Netman - ok
20:19:14.0597 0x0a68  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:14.0621 0x0a68  NetMsmqActivator - ok
20:19:14.0642 0x0a68  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:14.0653 0x0a68  NetPipeActivator - ok
20:19:14.0708 0x0a68  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:19:14.0758 0x0a68  netprofm - ok
20:19:14.0763 0x0a68  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:14.0775 0x0a68  NetTcpActivator - ok
20:19:14.0779 0x0a68  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:19:14.0790 0x0a68  NetTcpPortSharing - ok
20:19:14.0823 0x0a68  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:19:14.0832 0x0a68  nfrd960 - ok
20:19:14.0876 0x0a68  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:19:14.0900 0x0a68  NisDrv - ok
20:19:14.0966 0x0a68  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
20:19:14.0995 0x0a68  NisSrv - ok
20:19:15.0037 0x0a68  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:19:15.0050 0x0a68  NlaSvc - ok
20:19:15.0063 0x0a68  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:19:15.0085 0x0a68  Npfs - ok
20:19:15.0109 0x0a68  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:19:15.0131 0x0a68  nsi - ok
20:19:15.0144 0x0a68  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:19:15.0180 0x0a68  nsiproxy - ok
20:19:15.0288 0x0a68  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:19:15.0327 0x0a68  Ntfs - ok
20:19:15.0337 0x0a68  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:19:15.0377 0x0a68  Null - ok
20:19:15.0414 0x0a68  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:19:15.0434 0x0a68  nvraid - ok
20:19:15.0451 0x0a68  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:19:15.0462 0x0a68  nvstor - ok
20:19:15.0497 0x0a68  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:19:15.0514 0x0a68  nv_agp - ok
20:19:15.0529 0x0a68  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:19:15.0548 0x0a68  ohci1394 - ok
20:19:15.0627 0x0a68  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:19:15.0645 0x0a68  ose - ok
20:19:15.0843 0x0a68  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:19:15.0943 0x0a68  osppsvc - ok
20:19:15.0975 0x0a68  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:19:15.0989 0x0a68  p2pimsvc - ok
20:19:16.0029 0x0a68  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:19:16.0046 0x0a68  p2psvc - ok
20:19:16.0078 0x0a68  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:19:16.0099 0x0a68  Parport - ok
20:19:16.0122 0x0a68  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:19:16.0130 0x0a68  partmgr - ok
20:19:16.0166 0x0a68  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:19:16.0198 0x0a68  PcaSvc - ok
20:19:16.0222 0x0a68  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:19:16.0238 0x0a68  pci - ok
20:19:16.0260 0x0a68  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:19:16.0267 0x0a68  pciide - ok
20:19:16.0285 0x0a68  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:19:16.0296 0x0a68  pcmcia - ok
20:19:16.0300 0x0a68  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:19:16.0308 0x0a68  pcw - ok
20:19:16.0365 0x0a68  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:19:16.0405 0x0a68  PEAUTH - ok
20:19:16.0470 0x0a68  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:19:16.0516 0x0a68  PeerDistSvc - ok
20:19:16.0598 0x0a68  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:19:16.0626 0x0a68  PerfHost - ok
20:19:16.0708 0x0a68  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:19:16.0756 0x0a68  pla - ok
20:19:16.0802 0x0a68  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:19:16.0827 0x0a68  PlugPlay - ok
20:19:16.0833 0x0a68  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:19:16.0856 0x0a68  PNRPAutoReg - ok
20:19:16.0891 0x0a68  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:19:16.0905 0x0a68  PNRPsvc - ok
20:19:16.0957 0x0a68  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:19:16.0996 0x0a68  PolicyAgent - ok
20:19:17.0030 0x0a68  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:19:17.0073 0x0a68  Power - ok
20:19:17.0099 0x0a68  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:19:17.0123 0x0a68  PptpMiniport - ok
20:19:17.0141 0x0a68  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:19:17.0160 0x0a68  Processor - ok
20:19:17.0192 0x0a68  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:19:17.0225 0x0a68  ProfSvc - ok
20:19:17.0244 0x0a68  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
20:19:17.0257 0x0a68  ProtectedStorage - ok
20:19:17.0282 0x0a68  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:19:17.0325 0x0a68  Psched - ok
20:19:17.0405 0x0a68  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:19:17.0446 0x0a68  ql2300 - ok
20:19:17.0459 0x0a68  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:19:17.0469 0x0a68  ql40xx - ok
20:19:17.0505 0x0a68  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:19:17.0536 0x0a68  QWAVE - ok
20:19:17.0548 0x0a68  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:19:17.0560 0x0a68  QWAVEdrv - ok
20:19:17.0621 0x0a68  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
20:19:17.0641 0x0a68  RapiMgr - ok
20:19:17.0654 0x0a68  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:19:17.0693 0x0a68  RasAcd - ok
20:19:17.0717 0x0a68  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:19:17.0743 0x0a68  RasAgileVpn - ok
20:19:17.0765 0x0a68  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:19:17.0791 0x0a68  RasAuto - ok
20:19:17.0815 0x0a68  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:19:17.0854 0x0a68  Rasl2tp - ok
20:19:17.0886 0x0a68  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:19:17.0916 0x0a68  RasMan - ok
20:19:17.0952 0x0a68  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:19:17.0975 0x0a68  RasPppoe - ok
20:19:17.0980 0x0a68  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:19:18.0003 0x0a68  RasSstp - ok
20:19:18.0107 0x0a68  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:19:18.0149 0x0a68  rdbss - ok
20:19:18.0162 0x0a68  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:19:18.0171 0x0a68  rdpbus - ok
20:19:18.0177 0x0a68  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:19:18.0199 0x0a68  RDPCDD - ok
20:19:18.0231 0x0a68  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:19:18.0241 0x0a68  RDPDR - ok
20:19:18.0273 0x0a68  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:19:18.0294 0x0a68  RDPENCDD - ok
20:19:18.0298 0x0a68  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:19:18.0337 0x0a68  RDPREFMP - ok
20:19:18.0394 0x0a68  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:19:18.0417 0x0a68  RdpVideoMiniport - ok
20:19:18.0451 0x0a68  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:19:18.0477 0x0a68  RDPWD - ok
20:19:18.0512 0x0a68  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:19:18.0524 0x0a68  rdyboost - ok
20:19:18.0547 0x0a68  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:19:18.0572 0x0a68  RemoteAccess - ok
20:19:18.0595 0x0a68  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:19:18.0633 0x0a68  RemoteRegistry - ok
20:19:18.0647 0x0a68  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:19:18.0675 0x0a68  RpcEptMapper - ok
20:19:18.0695 0x0a68  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:19:18.0704 0x0a68  RpcLocator - ok
20:19:18.0755 0x0a68  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:19:18.0793 0x0a68  RpcSs - ok
20:19:18.0824 0x0a68  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:19:18.0858 0x0a68  rspndr - ok
20:19:18.0882 0x0a68  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:19:18.0900 0x0a68  RTL8167 - ok
20:19:18.0921 0x0a68  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:19:18.0944 0x0a68  s3cap - ok
20:19:18.0959 0x0a68  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\Windows\system32\lsass.exe
20:19:18.0967 0x0a68  SamSs - ok
20:19:18.0984 0x0a68  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:19:18.0993 0x0a68  sbp2port - ok
20:19:19.0008 0x0a68  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:19:19.0036 0x0a68  SCardSvr - ok
20:19:19.0051 0x0a68  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:19:19.0083 0x0a68  scfilter - ok
20:19:19.0132 0x0a68  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:19:19.0175 0x0a68  Schedule - ok
20:19:19.0199 0x0a68  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:19:19.0221 0x0a68  SCPolicySvc - ok
20:19:19.0232 0x0a68  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:19:19.0244 0x0a68  SDRSVC - ok
20:19:19.0271 0x0a68  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:19:19.0293 0x0a68  secdrv - ok
20:19:19.0300 0x0a68  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:19:19.0323 0x0a68  seclogon - ok
20:19:19.0336 0x0a68  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
20:19:19.0361 0x0a68  SENS - ok
20:19:19.0374 0x0a68  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:19:19.0382 0x0a68  SensrSvc - ok
20:19:19.0404 0x0a68  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:19:19.0413 0x0a68  Serenum - ok
20:19:19.0433 0x0a68  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:19:19.0444 0x0a68  Serial - ok
20:19:19.0452 0x0a68  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:19:19.0460 0x0a68  sermouse - ok
20:19:19.0485 0x0a68  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:19:19.0523 0x0a68  SessionEnv - ok
20:19:19.0546 0x0a68  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:19:19.0574 0x0a68  sffdisk - ok
20:19:19.0586 0x0a68  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:19:19.0596 0x0a68  sffp_mmc - ok
20:19:19.0613 0x0a68  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:19:19.0622 0x0a68  sffp_sd - ok
20:19:19.0630 0x0a68  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:19:19.0639 0x0a68  sfloppy - ok
20:19:19.0718 0x0a68  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:19:19.0772 0x0a68  SharedAccess - ok
20:19:19.0812 0x0a68  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:19:19.0859 0x0a68  ShellHWDetection - ok
20:19:19.0885 0x0a68  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:19:19.0896 0x0a68  SiSRaid2 - ok
20:19:19.0910 0x0a68  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:19:19.0921 0x0a68  SiSRaid4 - ok
20:19:19.0934 0x0a68  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:19:19.0981 0x0a68  Smb - ok
20:19:20.0003 0x0a68  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:19:20.0014 0x0a68  SNMPTRAP - ok
20:19:20.0033 0x0a68  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:19:20.0041 0x0a68  spldr - ok
20:19:20.0081 0x0a68  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:19:20.0121 0x0a68  Spooler - ok
20:19:20.0243 0x0a68  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:19:20.0410 0x0a68  sppsvc - ok
20:19:20.0422 0x0a68  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:19:20.0446 0x0a68  sppuinotify - ok
20:19:20.0473 0x0a68  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:19:20.0490 0x0a68  srv - ok
20:19:20.0511 0x0a68  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:19:20.0535 0x0a68  srv2 - ok
20:19:20.0541 0x0a68  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:19:20.0560 0x0a68  srvnet - ok
20:19:20.0611 0x0a68  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:19:20.0650 0x0a68  SSDPSRV - ok
20:19:20.0662 0x0a68  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:19:20.0685 0x0a68  SstpSvc - ok
20:19:20.0705 0x0a68  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:19:20.0712 0x0a68  stexstor - ok
20:19:20.0771 0x0a68  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:19:20.0798 0x0a68  stisvc - ok
20:19:20.0811 0x0a68  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:19:20.0819 0x0a68  storflt - ok
20:19:20.0839 0x0a68  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:19:20.0847 0x0a68  storvsc - ok
20:19:20.0855 0x0a68  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:19:20.0862 0x0a68  swenum - ok
20:19:20.0929 0x0a68  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:19:20.0947 0x0a68  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:19:23.0622 0x0a68  Detect skipped due to KSN trusted
20:19:23.0622 0x0a68  SwitchBoard - ok
20:19:23.0684 0x0a68  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:19:23.0734 0x0a68  swprv - ok
20:19:24.0153 0x0a68  Synth3dVsc - ok
20:19:24.0240 0x0a68  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:19:24.0295 0x0a68  SysMain - ok
20:19:24.0327 0x0a68  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:19:24.0340 0x0a68  TabletInputService - ok
20:19:24.0388 0x0a68  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:19:24.0438 0x0a68  TapiSrv - ok
20:19:24.0458 0x0a68  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:19:24.0495 0x0a68  TBS - ok
20:19:24.0592 0x0a68  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:19:24.0634 0x0a68  Tcpip - ok
20:19:24.0677 0x0a68  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:19:24.0715 0x0a68  TCPIP6 - ok
20:19:24.0740 0x0a68  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:19:24.0749 0x0a68  tcpipreg - ok
20:19:24.0774 0x0a68  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:19:24.0795 0x0a68  TDPIPE - ok
20:19:24.0816 0x0a68  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:19:24.0824 0x0a68  TDTCP - ok
20:19:24.0854 0x0a68  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:19:24.0864 0x0a68  tdx - ok
20:19:25.0721 0x0a68  [ 758B320E709CBF1D0C34A18390EEE6E8, E90EEC1C65958873FA7327307184D5155C94D50C59D9869A9EA5834E8CADE4CD ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
20:19:25.0818 0x0a68  TeamViewer - ok
20:19:25.0843 0x0a68  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:19:25.0852 0x0a68  TermDD - ok
20:19:25.0919 0x0a68  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:19:25.0958 0x0a68  TermService - ok
20:19:25.0978 0x0a68  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:19:25.0992 0x0a68  Themes - ok
20:19:26.0160 0x0a68  [ BAC3ACF804F09B729D9C78BF77A92E9E, 365889A3F6964FB6FA98ECC3659C342BCEA50CD74D46E8ABE889A42F3EA3123B ] THINRDP         C:\Windows\system32\Drivers\ThinRDP.sys
20:19:26.0173 0x0a68  THINRDP - ok
20:19:26.0264 0x0a68  [ C321F9186BEB9634E487C01E542044F6, 230409390F7A005C72FB639C57CBA41B7AFBA7CB7CE77C7E3330AE375674DFB2 ] ThinRDPHlp      C:\Program Files\Thinstuff\XPVS Server\thinrdphlp.exe
20:19:26.0283 0x0a68  ThinRDPHlp - detected UnsignedFile.Multi.Generic ( 1 )
20:19:28.0958 0x0a68  Detect skipped due to KSN trusted
20:19:28.0958 0x0a68  ThinRDPHlp - ok
20:19:29.0083 0x0a68  [ F66651BB543562CFDEDE084F277427AB, BBDC865B70CCCBE79F2F84D0D54632A5713ACAE66F8B45300EC088857C1EF637 ] ThinRDPSrv      C:\Program Files\Thinstuff\XPVS Server\thinrdpsrv.exe
20:19:29.0115 0x0a68  ThinRDPSrv - ok
20:19:29.0134 0x0a68  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:19:29.0158 0x0a68  THREADORDER - ok
20:19:29.0172 0x0a68  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:19:29.0207 0x0a68  TrkWks - ok
20:19:29.0254 0x0a68  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:19:29.0300 0x0a68  TrustedInstaller - ok
20:19:29.0329 0x0a68  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:19:29.0342 0x0a68  tssecsrv - ok
20:19:29.0382 0x0a68  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:19:29.0392 0x0a68  TsUsbFlt - ok
20:19:29.0395 0x0a68  tsusbhub - ok
20:19:29.0419 0x0a68  [ 56C38F835A4BDB22CDF810FE89622CFA, 3CF6F51209CDC7550AE8C0F27F01B8D55CBB9E2BD26E321A9083ED4D9FA83505 ] tsxpnptls       C:\Windows\system32\drivers\tsxpnptls.sys
20:19:29.0428 0x0a68  tsxpnptls - ok
20:19:29.0442 0x0a68  [ F81276D078CDC24430D604AF79CA8C95, EAAA5F1033C9AAB49CD2BD3D46542894DB6714E50C81FB22DD0D2ADEBF85832A ] tsxusbd         C:\Windows\system32\drivers\tsxusbd.sys
20:19:29.0451 0x0a68  tsxusbd - ok
20:19:29.0493 0x0a68  [ FB92435936131BA851B56E1C34D3AD7A, C1FD1618F6C4EDA314466AFC046D603821A4850EF9633155D2691E0BDEA64177 ] tsxusbdbus      C:\Windows\system32\DRIVERS\tsxusbdbus.sys
20:19:29.0501 0x0a68  tsxusbdbus - ok
20:19:29.0582 0x0a68  [ 4F5FA2DA869345B8D9164A1E610331E2, 6F8F4F6F88B465226DD4BD1632F998ECB9E2DEABC96E968C2C22B78ED3F3E0D2 ] TSXUsbSrv       C:\Program Files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe
20:19:29.0602 0x0a68  TSXUsbSrv - detected UnsignedFile.Multi.Generic ( 1 )
20:19:32.0294 0x0a68  Detect skipped due to KSN trusted
20:19:32.0294 0x0a68  TSXUsbSrv - ok
20:19:32.0428 0x0a68  [ 41A3F69FBB7CA37A3FC5CD8EF424F199, E83A0E3AF39377C770DE2F2364E45C3F4B52AA2A6A14CC2C37DF7826227611E2 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
20:19:32.0465 0x0a68  TuneUp.Defrag - ok
20:19:32.0548 0x0a68  [ EBA3ABFFDADA40A2B590ADEF1A24CA24, 4EB33A975C557DCC9AA818243F332E02A08350C8930D9B1B75B952DEE143D5B0 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
20:19:32.0584 0x0a68  TuneUp.UtilitiesSvc - ok
20:19:32.0609 0x0a68  [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
20:19:32.0615 0x0a68  TuneUpUtilitiesDrv - ok
20:19:32.0659 0x0a68  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:19:32.0698 0x0a68  tunnel - ok
20:19:32.0712 0x0a68  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:19:32.0721 0x0a68  uagp35 - ok
20:19:32.0768 0x0a68  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:19:32.0815 0x0a68  udfs - ok
20:19:32.0841 0x0a68  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:19:32.0852 0x0a68  UI0Detect - ok
20:19:32.0880 0x0a68  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:19:32.0890 0x0a68  uliagpkx - ok
20:19:32.0912 0x0a68  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:19:32.0942 0x0a68  umbus - ok
20:19:32.0955 0x0a68  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:19:32.0982 0x0a68  UmPass - ok
20:19:33.0018 0x0a68  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:19:33.0077 0x0a68  UmRdpService - ok
20:19:33.0128 0x0a68  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:19:33.0178 0x0a68  upnphost - ok
20:19:33.0199 0x0a68  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:19:33.0224 0x0a68  usbccgp - ok
20:19:33.0269 0x0a68  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:19:33.0302 0x0a68  usbcir - ok
20:19:33.0325 0x0a68  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:19:33.0334 0x0a68  usbehci - ok
20:19:33.0392 0x0a68  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:19:33.0415 0x0a68  usbhub - ok
20:19:33.0432 0x0a68  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:19:33.0440 0x0a68  usbohci - ok
20:19:33.0467 0x0a68  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:19:33.0484 0x0a68  usbprint - ok
20:19:33.0500 0x0a68  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
20:19:33.0527 0x0a68  usbscan - ok
20:19:33.0553 0x0a68  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:19:33.0583 0x0a68  USBSTOR - ok
20:19:33.0604 0x0a68  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:19:33.0626 0x0a68  usbuhci - ok
20:19:33.0638 0x0a68  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:19:33.0667 0x0a68  UxSms - ok
20:19:33.0733 0x0a68  [ 9AC0C072FD7EDE138842BEF7DA73B0E6, AD4E053B47111FFDF9CEE8AD183A8833E04879DB78592E59F2AF74545BD59EB7 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
20:19:33.0746 0x0a68  UxTuneUp - ok
20:19:33.0751 0x0a68  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\Windows\system32\lsass.exe
20:19:33.0766 0x0a68  VaultSvc - ok
20:19:33.0790 0x0a68  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:19:33.0805 0x0a68  vdrvroot - ok
20:19:33.0847 0x0a68  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:19:33.0903 0x0a68  vds - ok
20:19:33.0920 0x0a68  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:19:33.0931 0x0a68  vga - ok
20:19:33.0944 0x0a68  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:19:33.0969 0x0a68  VgaSave - ok
20:19:33.0972 0x0a68  VGPU - ok
20:19:34.0014 0x0a68  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:19:34.0026 0x0a68  vhdmp - ok
20:19:34.0038 0x0a68  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:19:34.0045 0x0a68  viaide - ok
20:19:34.0059 0x0a68  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:19:34.0071 0x0a68  vmbus - ok
20:19:34.0083 0x0a68  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:19:34.0090 0x0a68  VMBusHID - ok
20:19:34.0150 0x0a68  [ B2E25DB5A6A178C056342ABD747B7326, 3B4487B5F400D8B427F052CEBC5135B91282BEA533FAD28B0AA5CCF29E82AE80 ] vmm             C:\Windows\system32\Treiber\vmm.sys
20:19:34.0167 0x0a68  vmm - ok
20:19:34.0172 0x0a68  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:19:34.0183 0x0a68  volmgr - ok
20:19:34.0198 0x0a68  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:19:34.0212 0x0a68  volmgrx - ok
20:19:34.0220 0x0a68  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:19:34.0233 0x0a68  volsnap - ok
20:19:34.0259 0x0a68  [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB, 1E7EB923B199ED9ADE6F1DDFC5C1CABE39366D066FC968BBEC518C9146F124CE ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
20:19:34.0267 0x0a68  VPCNetS2 - ok
20:19:34.0295 0x0a68  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:19:34.0306 0x0a68  vsmraid - ok
20:19:34.0378 0x0a68  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:19:34.0440 0x0a68  VSS - ok
20:19:34.0452 0x0a68  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:19:34.0461 0x0a68  vwifibus - ok
20:19:34.0501 0x0a68  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:19:34.0541 0x0a68  W32Time - ok
20:19:34.0555 0x0a68  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:19:34.0574 0x0a68  WacomPen - ok
20:19:34.0596 0x0a68  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:19:34.0620 0x0a68  WANARP - ok
20:19:34.0624 0x0a68  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:19:34.0646 0x0a68  Wanarpv6 - ok
20:19:34.0705 0x0a68  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:19:34.0753 0x0a68  wbengine - ok
20:19:34.0777 0x0a68  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:19:34.0792 0x0a68  WbioSrvc - ok
20:19:34.0829 0x0a68  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
20:19:34.0843 0x0a68  WcesComm - ok
20:19:34.0873 0x0a68  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:19:34.0905 0x0a68  wcncsvc - ok
20:19:34.0916 0x0a68  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:19:34.0927 0x0a68  WcsPlugInService - ok
20:19:34.0937 0x0a68  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:19:34.0945 0x0a68  Wd - ok
20:19:34.0987 0x0a68  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:19:35.0010 0x0a68  Wdf01000 - ok
20:19:35.0030 0x0a68  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:19:35.0040 0x0a68  WdiServiceHost - ok
20:19:35.0043 0x0a68  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:19:35.0053 0x0a68  WdiSystemHost - ok
20:19:35.0086 0x0a68  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:19:35.0100 0x0a68  WebClient - ok
20:19:35.0131 0x0a68  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:19:35.0174 0x0a68  Wecsvc - ok
20:19:35.0188 0x0a68  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:19:35.0224 0x0a68  wercplsupport - ok
20:19:35.0253 0x0a68  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:19:35.0278 0x0a68  WerSvc - ok
20:19:35.0314 0x0a68  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:19:35.0335 0x0a68  WfpLwf - ok
20:19:35.0347 0x0a68  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:19:35.0355 0x0a68  WIMMount - ok
20:19:35.0370 0x0a68  WinDefend - ok
20:19:35.0380 0x0a68  WinHttpAutoProxySvc - ok
20:19:35.0432 0x0a68  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:19:35.0482 0x0a68  Winmgmt - ok
20:19:35.0580 0x0a68  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:19:35.0639 0x0a68  WinRM - ok
20:19:35.0663 0x0a68  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WINUSB          C:\Windows\system32\drivers\WinUsb.sys
20:19:35.0672 0x0a68  WINUSB - ok
20:19:35.0726 0x0a68  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:19:35.0771 0x0a68  Wlansvc - ok
20:19:35.0797 0x0a68  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:19:35.0822 0x0a68  WmiAcpi - ok
20:19:35.0860 0x0a68  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:19:35.0881 0x0a68  wmiApSrv - ok
20:19:35.0887 0x0a68  WMPNetworkSvc - ok
20:19:35.0903 0x0a68  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:19:35.0918 0x0a68  WPCSvc - ok
20:19:35.0942 0x0a68  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:19:35.0961 0x0a68  WPDBusEnum - ok
20:19:35.0970 0x0a68  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:19:36.0007 0x0a68  ws2ifsl - ok
20:19:36.0054 0x0a68  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
20:19:36.0078 0x0a68  wscsvc - ok
20:19:36.0129 0x0a68  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:19:36.0140 0x0a68  WSDPrintDevice - ok
20:19:36.0143 0x0a68  WSearch - ok
20:19:36.0251 0x0a68  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:19:36.0316 0x0a68  wuauserv - ok
20:19:36.0341 0x0a68  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:19:36.0350 0x0a68  WudfPf - ok
20:19:36.0398 0x0a68  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
20:19:36.0419 0x0a68  WUDFRd - ok
20:19:36.0443 0x0a68  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:19:36.0473 0x0a68  wudfsvc - ok
20:19:36.0507 0x0a68  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:19:36.0530 0x0a68  WwanSvc - ok
20:19:36.0537 0x0a68  ================ Scan global ===============================
20:19:36.0561 0x0a68  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:19:36.0599 0x0a68  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
20:19:36.0617 0x0a68  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
20:19:36.0635 0x0a68  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:19:36.0678 0x0a68  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:19:36.0685 0x0a68  [ Global ] - ok
20:19:36.0686 0x0a68  ================ Scan MBR ==================================
20:19:36.0699 0x0a68  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:19:36.0980 0x0a68  \Device\Harddisk0\DR0 - ok
20:19:36.0987 0x0a68  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
20:19:38.0147 0x0a68  \Device\Harddisk1\DR1 - ok
20:19:38.0147 0x0a68  ================ Scan VBR ==================================
20:19:38.0150 0x0a68  [ 4F8840C893320D82BA36B8DAC22B09B3 ] \Device\Harddisk0\DR0\Partition1
20:19:38.0152 0x0a68  \Device\Harddisk0\DR0\Partition1 - ok
20:19:38.0156 0x0a68  [ C245C13628EB5D8F73E866EF5C7C8ED8 ] \Device\Harddisk0\DR0\Partition2
20:19:38.0158 0x0a68  \Device\Harddisk0\DR0\Partition2 - ok
20:19:38.0161 0x0a68  [ FD13D4370A6EA0F2B1DFB5F027A2CF6A ] \Device\Harddisk0\DR0\Partition3
20:19:38.0163 0x0a68  \Device\Harddisk0\DR0\Partition3 - ok
20:19:38.0167 0x0a68  [ B9379458C9BA89918305F5B2EC3B5BE8 ] \Device\Harddisk1\DR1\Partition1
20:19:38.0168 0x0a68  \Device\Harddisk1\DR1\Partition1 - ok
20:19:38.0169 0x0a68  ================ Scan generic autorun ======================
20:19:38.0248 0x0a68  [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:19:38.0274 0x0a68  AdobeAAMUpdater-1.0 - ok
20:19:38.0350 0x0a68  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
20:19:38.0393 0x0a68  MSC - ok
20:19:38.0432 0x0a68  [ 4AE953A639812A7163913D3BA5B975FB, 951FCBFDD7B2AFEB45300777BDC5CB15F8BA757E0A937C318C006BAF9E03660B ] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
20:19:38.0438 0x0a68  DLSService - detected UnsignedFile.Multi.Generic ( 1 )
20:19:41.0117 0x0a68  Detect skipped due to KSN trusted
20:19:41.0117 0x0a68  DLSService - ok
20:19:41.0188 0x0a68  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:19:41.0213 0x0a68  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:19:41.0213 0x0a68  Detect skipped due to KSN trusted
20:19:41.0213 0x0a68  SwitchBoard - ok
20:19:41.0257 0x0a68  [ 27CFFB1E41A2BE2A25957A679BD84E10, 521DC8F3439EAA780AE0DA68B0FC6E671963AF76E165590EA83D2F6896B1C941 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
20:19:41.0275 0x0a68  AdobeCS5ServiceManager - detected UnsignedFile.Multi.Generic ( 1 )
20:19:43.0946 0x0a68  Detect skipped due to KSN trusted
20:19:43.0946 0x0a68  AdobeCS5ServiceManager - ok
20:19:44.0017 0x0a68  [ C440F1BF19DB5A1F73A958B029599F76, 770EDEFD99FEEB3409137E2907562892BFB25D2B5FF6B2774ED003A93D00D7FB ] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe
20:19:44.0049 0x0a68  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:19:46.0719 0x0a68  Detect skipped due to KSN trusted
20:19:46.0719 0x0a68  StartCCC - ok
20:19:47.0612 0x0a68  [ 27300DBCD3E83C6DDCF40B73900C2E9A, A5F5D45DE2F492FF84256E0AFC787832F2B8A2E0521E9BBB003494AE9B7604BF ] C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe
20:19:47.0625 0x0a68  SfWinStartInfo - ok
20:19:47.0845 0x0a68  [ 24A3FDF5F2ED5AD16BDD35150F00EFDA, EC52FBD9F15D082633D3104CE1213693A41363F44653F238D0D33F4F8F96EA44 ] C:\Program Files (x86)\AVG\AVG2013\avgui.exe
20:19:47.0955 0x0a68  AVG_UI - ok
20:19:48.0050 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:48.0095 0x0a68  DymoQuickPrint - ok
20:19:48.0184 0x0a68  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:19:48.0235 0x0a68  Sidebar - ok
20:19:48.0271 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:48.0305 0x0a68  DymoQuickPrint - ok
20:19:48.0375 0x0a68  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
20:19:48.0386 0x0a68  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
20:19:51.0060 0x0a68  Detect skipped due to KSN trusted
20:19:51.0060 0x0a68  QuickTime Task - ok
20:19:51.0142 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:51.0176 0x0a68  DymoQuickPrint - ok
20:19:51.0212 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:51.0247 0x0a68  DymoQuickPrint - ok
20:19:51.0381 0x0a68  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
20:19:51.0428 0x0a68  Sidebar - ok
20:19:51.0482 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:51.0516 0x0a68  DymoQuickPrint - ok
20:19:51.0553 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:51.0587 0x0a68  DymoQuickPrint - ok
20:19:51.0624 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:51.0659 0x0a68  DymoQuickPrint - ok
20:19:51.0694 0x0a68  [ A811A79788DA6AAA19C377770235274A, 56115B45B0898BC6BB2AA5079EA2FEF026CB2917F3DA76E2F679CEC677199FEB ] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
20:19:51.0728 0x0a68  DymoQuickPrint - ok
20:19:51.0730 0x0a68  Waiting for KSN requests completion. In queue: 12
20:19:52.0730 0x0a68  Waiting for KSN requests completion. In queue: 12
20:19:53.0730 0x0a68  Waiting for KSN requests completion. In queue: 1
20:19:54.0743 0x0a68  AV detected via SS2: AVG AntiVirus Business Edition, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x40000 ( disabled : updated )
20:19:54.0744 0x0a68  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x60000 ( disabled : updated )
20:19:54.0748 0x0a68  Win FW state via NFP2: enabled
20:19:57.0427 0x0a68  ============================================================
20:19:57.0427 0x0a68  Scan finished
20:19:57.0427 0x0a68  ============================================================
20:19:57.0437 0x0ddc  Detected object count: 1
20:19:57.0437 0x0ddc  Actual detected object count: 1
20:21:30.0650 0x0ddc  Lexware Installations Dienst ( UnsignedFile.Multi.Generic ) - skipped by user
20:21:30.0650 0x0ddc  Lexware Installations Dienst ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:22:58.0099 0x1004  Deinitialize success
         

Alt 14.06.2015, 15:40   #5
schrauber
/// the machine
/// TB-Ausbilder
 

DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.06.2015, 11:02   #6
k1m
 
DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



Combofix Logfile:
Code:
ATTFilter
ComboFix 15-06-09.01 - ADMIN 16.06.2015  18:50:49.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.12286.8719 [GMT 2:00]
ausgeführt von:: c:\users\ADMIN\Desktop\ComboFix.exe
AV: AVG AntiVirus Business Edition *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: AVG AntiVirus Business Edition *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-16 bis 2015-06-16  ))))))))))))))))))))))))))))))
.
.
2015-06-16 16:57 . 2015-06-16 16:57	--------	dc----w-	c:\users\Default\AppData\Local\temp
2015-06-16 16:57 . 2015-06-16 16:57	--------	d-----w-	c:\users\SKIRDA\AppData\Local\temp
2015-06-16 16:57 . 2015-06-16 16:57	--------	dc----w-	c:\users\MICHA\AppData\Local\temp
2015-06-16 16:57 . 2015-06-16 16:57	--------	dc----w-	c:\users\Herner\AppData\Local\temp
2015-06-16 16:57 . 2015-06-16 16:57	--------	dc----w-	c:\users\EVIN\AppData\Local\temp
2015-06-16 16:57 . 2015-06-16 16:57	--------	dc----w-	c:\users\STEFFI\AppData\Local\temp
2015-06-16 16:57 . 2015-06-16 16:57	--------	d-----w-	c:\users\WARKO\AppData\Local\temp
2015-06-16 04:11 . 2015-06-16 04:11	75888	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{043F322B-A06C-4976-9E62-2280B9FF44FB}\offreg.976.dll
2015-06-15 08:11 . 2015-06-15 08:11	--------	d-----w-	c:\users\WARKO\AppData\Local\AviraSpeedup
2015-06-14 05:34 . 2015-03-23 09:40	1187344	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73FA64F4-10D6-4F87-8C97-781C2B15CBE9}\gapaengine.dll
2015-06-14 05:33 . 2015-05-02 18:16	12214312	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{043F322B-A06C-4976-9E62-2280B9FF44FB}\mpengine.dll
2015-06-14 05:28 . 2015-05-02 18:16	12214312	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-12 13:41 . 2015-06-12 16:51	--------	dc----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-12 13:31 . 2015-06-12 13:31	--------	dc----w-	c:\program files (x86)\VS Revo Group
2015-06-10 06:25 . 2015-05-25 17:08	3206144	----a-w-	c:\windows\system32\win32k.sys
2015-06-10 06:17 . 2015-04-24 18:17	633856	----a-w-	c:\windows\system32\comctl32.dll
2015-06-10 06:17 . 2015-04-24 17:56	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2015-06-10 06:17 . 2015-04-11 03:19	69888	----a-w-	c:\windows\system32\drivers\stream.sys
2015-06-10 06:14 . 2015-06-10 14:00	--------	dc----w-	c:\users\OLGA\AppData\Local\AviraSpeedup
2015-06-10 05:29 . 2015-06-16 16:57	--------	d-----w-	c:\users\TANJA\AppData\Local\temp
2015-06-10 05:29 . 2015-06-16 16:57	--------	dc----w-	c:\users\OLGA\AppData\Local\temp
2015-06-10 05:29 . 2015-06-16 16:57	--------	dc----w-	c:\users\ANDREA\AppData\Local\temp
2015-06-09 05:54 . 2015-06-09 05:57	--------	dc----w-	C:\Lexware
2015-06-08 20:13 . 2015-06-08 20:13	--------	dc----w-	C:\KVRT_Data
2015-06-08 19:24 . 2015-06-08 19:57	--------	dc----w-	C:\FRST
2015-06-08 18:34 . 2015-06-12 13:41	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-08 18:34 . 2015-06-08 19:35	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-08 18:34 . 2015-06-08 18:34	--------	dc----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-06-08 18:34 . 2015-06-08 18:34	--------	dc----w-	c:\programdata\Malwarebytes
2015-06-08 18:34 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-06-08 18:34 . 2015-04-14 07:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-06-08 16:38 . 2015-06-08 16:38	2209056	-c--a-w-	c:\program files\avira-eu-cleaner_de.exe
2015-06-08 11:43 . 2015-06-08 11:43	4683232	-c--a-w-	c:\program files\avira_de_issu_3007592595_kp9g9gv8vh7da77kof1i_wd.exe
2015-06-08 06:38 . 2015-06-10 22:00	--------	dc----w-	c:\users\MICHA\AppData\Local\AviraSpeedup
2015-06-08 06:19 . 2015-06-12 13:17	--------	d-----w-	c:\users\TANJA\AppData\Local\AviraSpeedup
2015-06-08 05:58 . 2015-06-11 22:00	--------	dc----w-	c:\users\ANDREA\AppData\Local\AviraSpeedup
2015-06-07 17:01 . 2015-06-14 05:47	--------	dc----w-	C:\EEK
2015-06-07 16:58 . 2015-06-07 17:00	157093432	-c--a-w-	c:\program files (x86)\EmsisoftEmergencyKit.exe
2015-06-07 16:55 . 2015-06-09 07:00	--------	dc----w-	c:\users\ADMIN\AppData\Local\AviraSpeedup
2015-06-07 13:58 . 2015-06-09 07:00	--------	d-----w-	c:\users\Public\Speedup Sessions
2015-06-07 13:51 . 2015-06-09 07:00	--------	dc----w-	c:\program files (x86)\Avira
2015-06-07 13:51 . 2015-06-08 20:08	--------	dc----w-	c:\programdata\Avira
2015-06-05 14:47 . 2015-05-22 18:18	700416	----a-w-	c:\windows\system32\generaltel.dll
2015-06-05 14:47 . 2015-05-22 18:18	757248	----a-w-	c:\windows\system32\invagent.dll
2015-06-05 14:47 . 2015-05-22 18:18	1021440	----a-w-	c:\windows\system32\appraiser.dll
2015-06-05 14:47 . 2015-05-22 18:13	1119232	----a-w-	c:\windows\system32\aeinv.dll
2015-06-05 14:47 . 2015-05-22 18:18	423424	----a-w-	c:\windows\system32\devinv.dll
2015-06-05 14:47 . 2015-05-22 18:18	45568	----a-w-	c:\windows\system32\acmigration.dll
2015-06-05 14:47 . 2015-05-22 18:18	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-06-05 14:47 . 2015-05-21 13:19	193536	----a-w-	c:\windows\system32\aepic.dll
2015-06-05 05:58 . 2015-06-05 05:58	--------	d-----w-	c:\users\TANJA\AppData\Local\GWX
2015-06-04 06:01 . 2015-06-04 06:01	--------	dc----w-	c:\users\ADMIN\AppData\Local\GWX
2015-06-03 05:49 . 2015-06-03 05:49	--------	dc----w-	c:\users\MICHA\AppData\Local\GWX
2015-06-02 07:51 . 2015-06-02 07:51	--------	dc----w-	c:\users\EVIN\AppData\Local\GWX
2015-06-02 06:05 . 2015-06-02 06:05	--------	dc----w-	c:\users\OLGA\AppData\Local\GWX
2015-06-02 05:51 . 2015-06-02 05:51	--------	d-----w-	c:\users\WARKO\AppData\Local\GWX
2015-06-02 05:46 . 2015-06-02 05:46	--------	dc----w-	c:\users\ANDREA\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 01:01 . 2010-01-05 16:11	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-06-10 17:58 . 2012-08-31 03:56	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 17:58 . 2011-06-11 06:50	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-09 07:13 . 2011-08-12 01:41	1187344	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-05-25 18:01 . 2015-06-10 06:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-14 01:02	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 01:02	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 04:13	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 04:13	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 04:13	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 04:14	460800	----a-w-	c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 04:14	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 04:14	328704	----a-w-	c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 04:13	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 04:13	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 04:13	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2015-03-25 03:24 . 2015-04-14 19:58	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 19:58	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 19:58	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 19:58	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 19:58	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 19:58	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 19:58	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 19:58	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 19:58	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 19:58	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 19:58	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 19:58	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 19:58	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 19:58	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 19:58	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 19:58	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2011-07-14 09:31 . 2011-11-24 14:16	1456640	-c--a-w-	c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2009-09-29 55808]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"SfWinStartInfo"="c:\program files (x86)\SFirm\sfWinStartupInfo.exe" [2014-11-07 81496]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-11-03 4411952]
.
c:\users\WARKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OLfolders Server.lnk - c:\program files (x86)\Quester\OLfolders\OLWServer.exe [2010-9-14 3686400]
Thinstuff XPVS Server Administrator.lnk - c:\program files\Thinstuff\XPVS Server\ThinRDPAdmin.exe [2014-11-12 1418392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SfWinStartInfoV3"="c:\program files (x86)\SFirmV3\Programm\sfWinStartupInfo.exe"
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys;c:\windows\SYSNATIVE\DRIVERS\GenHC.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 ThinRDPHlp;Thinstuff XP/VS Helper Service;c:\program files\Thinstuff\XPVS Server\thinrdphlp.exe;c:\program files\Thinstuff\XPVS Server\thinrdphlp.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 tsxusbd;tsxusbd;c:\windows\system32\drivers\tsxusbd.sys;c:\windows\SYSNATIVE\drivers\tsxusbd.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 THINRDP;THINRDP;c:\windows\system32\Drivers\ThinRDP.sys;c:\windows\SYSNATIVE\Drivers\ThinRDP.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe;c:\windows\SYSNATIVE\dldncoms.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 Lexware Installations Dienst;Lexware Installations Dienst;c:\program files (x86)\lexware\installer service\LxInstallerService.exe;c:\program files (x86)\lexware\installer service\LxInstallerService.exe [x]
S2 Lexware_Professional_Datenbank;Lexware Professional Datenbank;c:\program files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe;c:\program files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [x]
S2 ThinRDPSrv;Thinstuff XP/VS Server for Windows;c:\program files\Thinstuff\XPVS Server\thinrdpsrv.exe;c:\program files\Thinstuff\XPVS Server\thinrdpsrv.exe [x]
S2 tsxpnptls;tsxpnptls;c:\windows\system32\drivers\tsxpnptls.sys;c:\windows\SYSNATIVE\drivers\tsxpnptls.sys [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys;c:\windows\SYSNATIVE\DRIVERS\AVMCOWAN.sys [x]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys;c:\windows\SYSNATIVE\DRIVERS\GenBus.sys [x]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys;c:\windows\SYSNATIVE\DRIVERS\fpcibase.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tsxusbdbus;Thinstuff TSX-USB Virtual Host Controller;c:\windows\system32\DRIVERS\tsxusbdbus.sys;c:\windows\SYSNATIVE\DRIVERS\tsxusbdbus.sys [x]
S3 TSXUsbSrv;Thinstuff TSX-USB Redirector Service;c:\program files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe;c:\program files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 05:51	986440	-c--a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 17:58]
.
2015-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 11:19]
.
2015-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 11:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	-c--a-w-	c:\users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: Interfaces\{CB6B4AC9-D2A3-430F-8D09-4D058E97D9CB}: NameServer = 192.168.0.5
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\
FF - prefs.js: browser.startup.homepage - hxxps://ebanking.bkb.ch/baslerkbClientCustomer/$xp2/UgBaKUl6AfJIiYZhpbJJF7J4lgC!_9oiEddCtzjb1ZccqrdJPRn7Evo5mQxZ_ewSN7hP8K3JGAwxPfcYzFeYAX!SqvNWr_SnAa5GCpQWx7T6kT9f1Cir4m177Efdwz2XV7PbGbr_UL7RZstvfVro3dSF7S4=$/p/p/p/p/p/p|https://www.commerzbanking.de/P-Portal9/XML/ifilportal/pgf.html?Tab=811|hxxp://www.brandstores-gloster.de|https://www.google.com/analytics/web/#home/a39991606w69044338p71106497/
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\µ6*]
"7040211900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-16  19:01:24
ComboFix-quarantined-files.txt  2015-06-16 17:01
ComboFix2.txt  2015-06-10 05:29
.
Vor Suchlauf: 15 Verzeichnis(se), 22.038.306.816 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.382.396.928 Bytes frei
.
- - End Of File - - 034C4C78494ADC199A926215C77838AD
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

[/CODE]

Alt 18.06.2015, 18:37   #7
schrauber
/// the machine
/// TB-Ausbilder
 

DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2015, 13:00   #8
k1m
 
DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen



Hi schrauber,

MBAM Log:
Zitat:
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 18.06.2015
Suchlauf-Zeit: 21:28:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.18.a05
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ADMIN

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 853001
Verstrichene Zeit: 41 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.CrossRider.A, C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "13f80cf194b7f07122648ce7ad5a18ea"), Ersetzt,[54d915a75f2b290de3ddb0d7798d39c7]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
AdwCleaner Log:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 18/06/2015 um 22:16:33
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : ADMIN - SERVER
# Gestarted von : C:\Users\ADMIN\Desktop\AdwCleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\searchplugins\BrowserDefender.xml
Datei Gefunden : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\user.js
Datei Gefunden : C:\Users\WARKO\AppData\Roaming\Adobe AIFF Format CS5 Prefs
Ordner Gefunden : C:\Users\ADMIN\AppData\Local\DriverTuner
Ordner Gefunden : C:\Users\MICHA\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\WARKO\AppData\LocalLow\AVG Secure Search

***** [ Geplante Tasks ] *****

Task Gefunden : DealPlyUpdate
Task Gefunden : QtraxPlayer

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Schlüssel Gefunden : HKCU\Software\DriverTuner
Schlüssel Gefunden : HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : [x64] HKCU\Software\IGearSettings
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C17A0751-580B-466B-8271-5C73EFDC1295}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKU\.DEFAULT\Software\AVG Secure Search

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)

[i37pensk.default] - Zeile Gefunden : user_pref("avira.safe_search.installed", "[\"safesearchplus\"]");
[i37pensk.default] - Zeile Gefunden : user_pref("browser.newtab.url", "hxxps://safesearch.avira.com/#?source=newtab");
[i37pensk.default] - Zeile Gefunden : user_pref("browser.search.hiddenOneOffs", "Google,Yahoo,Amazon.de,Bing,Delta Search,DuckDuckGo,eBay,LEO Eng-Deu,SweetIM Search,Wikipedia (de)");
[i37pensk.default] - Zeile Gefunden : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[i37pensk.default] - Zeile Gefunden : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"56e55a792f90ad2bfbebea16641fd72a124eece1\"");
[i37pensk.default] - Zeile Gefunden : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"e2977e722ac5d5fed4ef4ed6a10f8e62db2c243f\"");
[i37pensk.default] - Zeile Gefunden : user_pref("extensions.safesearch.install", "1433685403754");
[i37pensk.default] - Zeile Gefunden : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\ADMIN\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\i37pensk.default\\\\extensions\\\\abs@avi[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/*****************************************************************************[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n  /************************************************************************************\[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_13.name", "CrossriderAppUtils");
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_175.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_78.name", "CrossriderInfo");
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
[muuq18sb.default] - Zeile Gefunden : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]

*************************

AdwCleaner[R0].txt - [12533 Bytes] - [18/06/2015 22:16:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12593 Bytes] ##########
         
Beim Ausführen vom Junkware Removal Tool kam ein Bluescreen: Meldung war etwa "Windows was Shut Down to prevent furthe damage to computer"

FRST Log:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ADMIN (administrator) on SERVER on 19-06-2015 13:58:38
Running from C:\Users\ADMIN\Desktop
Loaded Profiles: ADMIN (Available Profiles: ADMIN & MICHA & EVIN & WARKO & SKIRDA & TANJA & OLGA & ANDREA & STEFFI & Herner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
( ) C:\Windows\System32\dldncoms.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Installer Service\LxInstallerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(Quester) C:\Program Files (x86)\Quester\OLfolders\OLWServer.exe
(Thinstuff s.r.o.) C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Thinstuff s.r.o.) C:\Program Files\Thinstuff\XPVS Server\thinrdpsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Thinstuff) C:\Program Files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe [81496 2014-11-07] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Speedup_umh] => C:\Program Files (x86)\Avira\AviraSpeedup\Speedup_umh.exe [194832 2015-06-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OLfolders Server.lnk [2010-09-11]
ShortcutTarget: OLfolders Server.lnk -> C:\Program Files (x86)\Quester\OLfolders\OLWServer.exe (Quester)
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thinstuff XPVS Server Administrator.lnk [2010-01-06]
ShortcutTarget: Thinstuff XPVS Server Administrator.lnk -> C:\Program Files\Thinstuff\XPVS Server\ThinRDPAdmin.exe (Thinstuff s.r.o.)
Startup: C:\Users\WARKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2011-08-02]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1412812446-529952867-3691015432-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtByDtBtBtCzzzyyDzyyEtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=808806175
SearchScopes: HKU\S-1-5-21-1412812446-529952867-3691015432-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={B4CC912F-BC06-4DD8-8940-51C8625A2777}&mid=32714c512f2bdec5c7a602962493263b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:16:33&v=11.1.0.12&sap=dsp&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Tcpip\..\Interfaces\{CB6B4AC9-D2A3-430F-8D09-4D058E97D9CB}: [NameServer] 192.168.0.5

FireFox:
========
FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default
FF NewTab: https://safesearch.avira.com/#?source=newtab
FF Homepage: https://ebanking.bkb.ch/baslerkbClientCustomer/$xp2/UgBaKUl6AfJIiYZhpbJJF7J4lgC!_9oiEddCtzjb1ZccqrdJPRn7Evo5mQxZ_ewSN7hP8K3JGAwxPfcYzFeYAX!SqvNWr_SnAa5GCpQWx7T6kT9f1Cir4m177Efdwz2XV7PbGbr_UL7RZstvfVro3dSF7S4=$/p/p/p/p/p/p|https://www.commerzbanking.de/P-Portal9/XML/ifilportal/pgf.html?Tab=811|hxxp://www.brandstores-gloster.de|https://www.google.com/analytics/web/#home/a39991606w69044338p71106497/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-1412812446-529952867-3691015432-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\ADMIN\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF user.js: detected! => C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\user.js [2015-06-16]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPEltr32.dll [2008-07-28] (UPS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-06-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-06-11] (Apple Inc.)
FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\searchplugins\avira-safesearch.xml [2015-06-07]
FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\searchplugins\BrowserDefender.xml [2013-06-26]
FF Extension: Avira Browser Safety - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\Extensions\abs@avira.com [2015-06-07]
FF Extension: Avira SafeSearch Plus - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\Extensions\safesearchplus@avira.com [2015-06-07]
FF Extension: Adblock Plus - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\i37pensk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-08]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-01-06] (DATA BECKER GmbH & Co KG) [File not signed]
R2 dldn_device; C:\Windows\system32\dldncoms.exe [1044648 2009-07-10] ( )
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 Lexware Installations Dienst; C:\Program Files (x86)\lexware\installer service\LxInstallerService.exe [24064 2013-04-25] (Haufe-Lexware GmbH & Co. KG) [File not signed]
R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2012-06-01] (iAnywhere Solutions, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 ThinRDPHlp; C:\Program Files\Thinstuff\XPVS Server\thinrdphlp.exe [65536 2014-11-12] (Thinstuff s.r.o.) [File not signed]
R2 ThinRDPSrv; C:\Program Files\Thinstuff\XPVS Server\thinrdpsrv.exe [975512 2014-11-12] (Thinstuff s.r.o.)
R3 TSXUsbSrv; C:\Program Files\Thinstuff\XPVS Server\tsxusbredirectorsrv.exe [587264 2010-04-06] (Thinstuff) [File not signed]
S4 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2011-12-02] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-06-07] (Emsisoft GmbH)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-08] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 THINRDP; C:\Windows\System32\Drivers\ThinRDP.sys [26776 2014-11-12] (Thinstuff s.r.o.)
R2 tsxpnptls; C:\Windows\System32\drivers\tsxpnptls.sys [49560 2014-11-12] (Thinstuff)
S3 tsxusbd; C:\Windows\System32\drivers\tsxusbd.sys [27672 2014-11-12] (Thinstuff)
R3 tsxusbdbus; C:\Windows\System32\DRIVERS\tsxusbdbus.sys [58008 2014-11-12] (Thinstuff)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [294248 2010-03-27] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\ADMIN\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 13:58 - 2015-06-19 13:58 - 00000000 ___DC C:\Users\ADMIN\Desktop\FRST-OlderVersion
2015-06-19 13:53 - 2015-06-19 13:53 - 00000056 _____ C:\Windows\setupact.log
2015-06-19 13:53 - 2015-06-19 13:53 - 00000000 _____ C:\Windows\setuperr.log
2015-06-19 13:49 - 2015-06-19 13:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SERVER-Windows-7-Ultimate-(64-bit).dat
2015-06-19 13:49 - 2015-06-19 13:49 - 00000000 ___DC C:\RegBackup
2015-06-19 13:48 - 2015-06-19 13:49 - 02950477 ____C (Thisisu) C:\Users\ADMIN\Desktop\JRT.exe
2015-06-19 09:36 - 2015-06-19 09:36 - 00001207 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2015-06-18 22:16 - 2015-06-18 22:17 - 00000000 ___DC C:\AdwCleaner
2015-06-18 22:15 - 2015-06-18 22:15 - 02231296 ____C C:\Users\ADMIN\Desktop\AdwCleaner_4.206.exe
2015-06-18 22:14 - 2015-06-18 22:14 - 00001425 ____C C:\Users\ADMIN\Desktop\mbam.txt
2015-06-16 19:01 - 2015-06-16 19:01 - 00032587 ____C C:\ComboFix.txt
2015-06-15 10:11 - 2015-06-15 10:11 - 00000000 ____D C:\Users\WARKO\AppData\Local\AviraSpeedup
2015-06-12 15:41 - 2015-06-12 18:51 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-12 15:31 - 2015-06-12 15:31 - 00001270 ____C C:\Users\ADMIN\Desktop\Revo Uninstaller.lnk
2015-06-12 15:31 - 2015-06-12 15:31 - 00000000 ___DC C:\Program Files (x86)\VS Revo Group
2015-06-12 15:30 - 2015-06-12 15:30 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\ADMIN\Desktop\revosetup95.exe
2015-06-10 08:26 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:26 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:26 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:26 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:26 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 08:26 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:26 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 08:26 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 08:26 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:26 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 08:26 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:26 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 08:26 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 08:26 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 08:26 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:26 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 08:26 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:26 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 08:26 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 08:26 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 08:26 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:26 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:26 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:26 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:26 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:26 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 08:26 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:26 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:26 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:26 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:26 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:26 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 08:26 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 08:26 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:26 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:26 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:26 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 08:26 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 08:26 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:26 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:26 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 08:26 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:26 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:26 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:26 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:26 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 08:26 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 08:26 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:26 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 08:26 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 08:26 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:26 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:26 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 08:26 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:26 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:26 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 08:26 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:26 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:26 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:26 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 08:25 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 08:20 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 08:20 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:20 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 08:20 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 08:20 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 08:20 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 08:20 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 08:20 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 08:20 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 08:20 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 08:20 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 08:20 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:20 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:20 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 08:20 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 08:20 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 08:20 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 08:20 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 08:20 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 08:20 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 08:20 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 08:20 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 08:20 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 08:20 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 08:20 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 08:20 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 08:20 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 08:20 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:20 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 08:20 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 08:20 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:20 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:20 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 08:20 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 08:20 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 08:20 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 08:20 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:20 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 08:20 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 08:20 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 08:20 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 08:20 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 08:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 08:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 08:17 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 08:14 - 2015-06-19 08:17 - 00000000 ___DC C:\Users\OLGA\AppData\Local\AviraSpeedup
2015-06-09 07:54 - 2015-06-09 07:57 - 00000000 ___DC C:\Lexware
2015-06-09 07:51 - 2015-06-09 08:20 - 00003700 ____C C:\LxWebAccess.log
2015-06-08 22:13 - 2015-06-08 22:13 - 00000000 ___DC C:\KVRT_Data
2015-06-08 22:07 - 2015-06-08 22:07 - 00000000 ____C C:\ProgramData\rebootpending.txt
2015-06-08 22:04 - 2015-06-08 22:06 - 104852640 ____C (Kaspersky Lab ZAO) C:\Users\ADMIN\Desktop\KVRT.exe
2015-06-08 21:53 - 2015-06-16 19:01 - 00000000 ___DC C:\Qoobox
2015-06-08 21:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 21:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 21:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 21:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 21:52 - 2015-06-16 18:57 - 00000000 ____D C:\Windows\erdnt
2015-06-08 21:35 - 2015-06-12 15:40 - 00000000 ___DC C:\Users\ADMIN\Desktop\mbar
2015-06-08 21:34 - 2015-06-12 15:39 - 16502728 ____C (Malwarebytes Corp.) C:\Users\ADMIN\Desktop\mbar-1.09.1.1004.exe
2015-06-08 21:25 - 2015-06-19 13:58 - 00022698 ____C C:\Users\ADMIN\Desktop\FRST.txt
2015-06-08 21:25 - 2015-06-08 21:26 - 00070024 ____C C:\Users\ADMIN\Desktop\Addition.txt
2015-06-08 21:24 - 2015-06-19 13:58 - 02109952 ____C (Farbar) C:\Users\ADMIN\Desktop\FRST64.exe
2015-06-08 21:24 - 2015-06-19 13:58 - 00000000 ___DC C:\FRST
2015-06-08 21:17 - 2015-06-09 18:33 - 05628161 ___RC (Swearware) C:\Users\ADMIN\Desktop\ComboFix.exe
2015-06-08 20:34 - 2015-06-18 21:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 20:34 - 2015-06-08 21:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-08 20:34 - 2015-06-08 20:34 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 20:34 - 2015-06-08 20:34 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-06-08 20:34 - 2015-06-08 20:34 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-08 20:34 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 20:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 18:38 - 2015-06-08 18:38 - 02209056 ____C C:\Program Files\avira-eu-cleaner_de.exe
2015-06-08 13:43 - 2015-06-08 13:43 - 04683232 ____C (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_issu_3007592595_kp9g9gv8vh7da77kof1i_wd.exe
2015-06-08 08:38 - 2015-06-19 09:36 - 00000000 ___DC C:\Users\MICHA\AppData\Local\AviraSpeedup
2015-06-08 08:19 - 2015-06-12 15:17 - 00000000 ____D C:\Users\TANJA\AppData\Local\AviraSpeedup
2015-06-08 07:58 - 2015-06-18 15:31 - 00000000 ___DC C:\Users\ANDREA\AppData\Local\AviraSpeedup
2015-06-07 19:02 - 2015-06-07 19:02 - 00000749 ____C C:\Users\ADMIN\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-07 19:01 - 2015-06-14 07:47 - 00000000 ___DC C:\EEK
2015-06-07 18:58 - 2015-06-07 19:00 - 157093432 ____C C:\Program Files (x86)\EmsisoftEmergencyKit.exe
2015-06-07 18:55 - 2015-06-19 07:06 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\AviraSpeedup
2015-06-07 15:58 - 2015-06-19 09:56 - 00000000 ____D C:\Users\Public\Speedup Sessions
2015-06-07 15:58 - 2015-06-19 09:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-06-07 15:51 - 2015-06-09 09:00 - 00000000 ___DC C:\Program Files (x86)\Avira
2015-06-07 15:51 - 2015-06-08 22:08 - 00000000 ___DC C:\ProgramData\Avira
2015-06-05 16:47 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 16:47 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 16:47 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 16:47 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 10:18 - 2015-06-05 11:17 - 00003546 _____ C:\Windows\System32\Tasks\Adobe Flash Player {5064EE77-0M61-4F38-V100-96E2C039847L}
2015-06-05 07:58 - 2015-06-05 07:58 - 00000000 ____D C:\Users\TANJA\AppData\Local\GWX
2015-06-04 08:01 - 2015-06-04 08:01 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\GWX
2015-06-04 06:50 - 2015-06-10 07:45 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-06-03 15:48 - 2015-06-03 16:47 - 00003542 _____ C:\Windows\System32\Tasks\Adobe Flash Player {7764EE77-0M61-4F38-V100-96E2C039847L}
2015-06-03 07:49 - 2015-06-03 07:49 - 00000000 ___DC C:\Users\MICHA\AppData\Local\GWX
2015-06-03 07:20 - 2015-06-03 07:20 - 00010938 _____ C:\Users\ADMIN\Desktop\Rüdiger Mayer.xlsx
2015-06-02 09:51 - 2015-06-02 09:51 - 00000000 ___DC C:\Users\EVIN\AppData\Local\GWX
2015-06-02 08:05 - 2015-06-02 08:05 - 00000000 ___DC C:\Users\OLGA\AppData\Local\GWX
2015-06-02 07:51 - 2015-06-02 07:51 - 00000000 ____D C:\Users\WARKO\AppData\Local\GWX
2015-06-02 07:46 - 2015-06-02 07:46 - 00000000 ___DC C:\Users\ANDREA\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 13:57 - 2012-08-31 05:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-19 13:54 - 2012-03-27 06:54 - 00000000 ___DC C:\Users\ADMIN\AppData\Roaming\TeamViewer
2015-06-19 13:53 - 2012-08-31 13:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 13:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 13:49 - 2014-10-09 11:07 - 00001456 ____C C:\Users\OLGA\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-19 13:39 - 2012-01-13 16:33 - 00000000 ___DC C:\ProgramData\SFirm
2015-06-19 13:23 - 2012-01-13 16:33 - 00000000 ___DC C:\Program Files (x86)\SFirm
2015-06-19 12:53 - 2010-08-20 12:52 - 00000000 ____D C:\Users\MICHA\AppData\Roaming\SuperMailer
2015-06-19 12:51 - 2012-08-31 13:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 11:56 - 2009-07-14 06:45 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 11:56 - 2009-07-14 06:45 - 00021264 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 11:23 - 2010-12-19 17:55 - 01624286 _____ C:\Windows\WindowsUpdate.log
2015-06-19 10:37 - 2010-01-05 18:50 - 00000000 ___DC C:\ProgramData\Lexware
2015-06-19 08:17 - 2014-09-20 13:59 - 00000000 ___DC C:\Users\OLGA\AppData\Local\Adobe
2015-06-19 08:10 - 2011-08-27 12:16 - 00000000 ____D C:\Users\TANJA\AppData\Local\Adobe
2015-06-18 22:30 - 2009-07-14 19:58 - 00704634 _____ C:\Windows\system32\perfh007.dat
2015-06-18 22:30 - 2009-07-14 19:58 - 00151332 _____ C:\Windows\system32\perfc007.dat
2015-06-18 22:30 - 2009-07-14 07:13 - 01629346 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 22:14 - 2015-01-21 11:55 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2015-06-18 12:43 - 2010-12-06 00:57 - 00001456 ____C C:\Users\MICHA\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-18 12:31 - 2011-02-25 09:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68BDC679-60F8-46A8-925A-9D79283136F2}
2015-06-18 08:31 - 2014-09-20 15:28 - 00000000 ___DC C:\Users\ANDREA\AppData\Local\Adobe
2015-06-18 02:00 - 2010-01-27 09:22 - 00000000 ___DC C:\Users\MICHA\AppData\Local\Adobe
2015-06-18 02:00 - 2010-01-05 18:48 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\Adobe
2015-06-17 15:56 - 2011-02-04 14:23 - 00001456 ____C C:\Users\ADMIN\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-17 15:22 - 2013-03-25 09:34 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{761DD680-4A8C-4B5B-88B2-62301D74769F}
2015-06-17 08:06 - 2010-08-27 08:53 - 00000000 ____D C:\Users\WARKO\AppData\Local\Adobe
2015-06-17 06:56 - 2009-07-14 04:34 - 00000533 _____ C:\Windows\win.ini
2015-06-16 18:57 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2015-06-15 10:11 - 2010-08-26 08:08 - 00129312 _____ C:\Users\WARKO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-15 10:11 - 2009-07-14 06:57 - 00001547 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-12 12:45 - 2014-09-20 14:03 - 00000000 ___DC C:\Users\OLGA\AppData\Roaming\Lexware
2015-06-11 04:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:28 - 2009-07-14 06:45 - 05174184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 03:08 - 2010-01-12 14:01 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-06-11 03:07 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2010-01-05 18:11 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 19:58 - 2012-08-31 05:56 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 19:58 - 2012-08-31 05:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 19:58 - 2011-06-11 08:50 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 08:14 - 2014-09-20 16:07 - 00129312 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2015-06-10 08:13 - 2014-09-20 13:59 - 00008224 ____C C:\Users\OLGA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-10 07:45 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-10 07:45 - 2015-03-08 12:22 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-10 07:45 - 2015-03-08 09:50 - 00000000 ___DC C:\Users\Herner
2015-06-10 07:45 - 2014-09-20 15:43 - 00000000 ___DC C:\Users\STEFFI
2015-06-10 07:45 - 2014-09-20 15:28 - 00000000 ___DC C:\Users\ANDREA
2015-06-10 07:45 - 2014-09-20 13:58 - 00000000 ___DC C:\Users\OLGA
2015-06-10 07:45 - 2011-08-27 12:15 - 00000000 ____D C:\Users\TANJA
2015-06-10 07:45 - 2010-09-28 15:57 - 00000000 ____D C:\Users\SKIRDA
2015-06-10 07:45 - 2010-08-24 14:33 - 00000000 ____D C:\Users\WARKO
2015-06-10 07:45 - 2010-01-12 09:05 - 00000000 ___DC C:\Users\EVIN
2015-06-10 07:45 - 2010-01-06 12:18 - 00000000 ___DC C:\Users\MICHA
2015-06-10 07:45 - 2010-01-05 17:34 - 00000000 ___DC C:\Users\ADMIN
2015-06-10 07:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-09 19:41 - 2009-07-14 04:34 - 38010880 _____ C:\Windows\system32\config\components.bak
2015-06-09 19:41 - 2009-07-14 04:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2015-06-09 19:41 - 2009-07-14 04:34 - 103284736 _____ C:\Windows\system32\config\software.bak
2015-06-09 19:41 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\sam.bak
2015-06-09 19:41 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-06-09 19:41 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-06-09 10:39 - 2015-01-21 11:55 - 00000977 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-09 09:14 - 2010-01-12 09:06 - 00129312 ____C C:\Users\EVIN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-09 09:03 - 2015-03-08 11:45 - 00000000 ___DC C:\Users\ADMIN\AppData\Local\Avg2013
2015-06-09 09:00 - 2015-03-08 12:19 - 00000000 ___DC C:\ProgramData\AVG2013
2015-06-09 09:00 - 2011-06-07 11:07 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2015-06-09 09:00 - 2011-06-07 11:06 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2015-06-09 09:00 - 2010-11-12 08:58 - 00000000 ___DC C:\ProgramData\MFAData
2015-06-09 09:00 - 2010-01-06 15:03 - 00000000 ___DC C:\Program Files (x86)\AVG
2015-06-09 09:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-09 07:52 - 2013-08-22 16:38 - 00000000 ___DC C:\ProgramData\SQL Anywhere 12
2015-06-09 07:50 - 2010-01-05 18:06 - 00129312 ____C C:\Users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 22:11 - 2015-03-08 12:19 - 00000000 ___DC C:\$AVG
2015-06-08 20:48 - 2015-01-22 08:42 - 04197016 ____C (Kaspersky Lab ZAO) C:\Users\ADMIN\Desktop\TDSSKiller.exe
2015-06-08 08:38 - 2010-01-06 12:18 - 00129312 ____C C:\Users\MICHA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 08:19 - 2011-08-27 12:16 - 00129312 _____ C:\Users\TANJA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-07 19:42 - 2010-02-27 13:46 - 00000000 ___DC C:\Users\ADMIN\AppData\Roaming\skypePM
2015-06-07 18:56 - 2014-09-20 13:59 - 00129312 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-06-07 15:25 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-07 15:25 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 08:19 - 2015-01-21 09:36 - 00001456 ____C C:\Users\ANDREA\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-06-04 08:00 - 2012-04-26 18:23 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 14:22 - 2015-03-09 09:55 - 00000000 ___DC C:\Users\MICHA\AppData\Local\Avg2013
2015-05-29 08:15 - 2010-08-20 07:28 - 00000000 ___DC C:\Program Files (x86)\SuperMailer
2015-05-27 08:01 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-22 07:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-20 07:43 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2015-06-08 18:38 - 2015-06-08 18:38 - 2209056 ____C () C:\Program Files\avira-eu-cleaner_de.exe
2015-06-08 13:43 - 2015-06-08 13:43 - 4683232 ____C (Avira Operations GmbH & Co. KG) C:\Program Files\avira_de_issu_3007592595_kp9g9gv8vh7da77kof1i_wd.exe
2010-02-12 12:59 - 2011-02-07 17:52 - 0105182 _RSHC () C:\Program Files (x86)\DLS8Uninstall.log
2015-06-07 18:58 - 2015-06-07 19:00 - 157093432 ____C () C:\Program Files (x86)\EmsisoftEmergencyKit.exe
2011-11-24 16:16 - 2011-07-14 11:31 - 1456640 ____C () C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
2010-12-09 14:38 - 2011-11-03 11:33 - 0000132 ____C () C:\Users\ADMIN\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-12-16 16:13 - 2013-04-30 08:19 - 0000132 ____C () C:\Users\ADMIN\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-02-08 12:55 - 2015-03-12 09:30 - 0000132 ____C () C:\Users\ADMIN\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-02-04 14:23 - 2015-06-17 15:56 - 0001456 ____C () C:\Users\ADMIN\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2010-01-05 20:34 - 2011-01-09 16:57 - 0007599 ____C () C:\Users\ADMIN\AppData\Local\Resmon.ResmonCfg
2011-06-06 20:50 - 2011-06-06 20:51 - 0000222 ____C () C:\ProgramData\dldn.log
2010-10-12 12:28 - 2010-10-12 12:28 - 0000229 ____C () C:\ProgramData\dldnDiagnostics.log
2015-06-08 22:07 - 2015-06-08 22:07 - 0000000 ____C () C:\ProgramData\rebootpending.txt
2010-10-12 12:27 - 2010-10-12 12:27 - 0000000 ____C () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:43

==================== End of log ============================
         

Alt 20.06.2015, 07:20   #9
schrauber
/// the machine
/// TB-Ausbilder
 

DHL Virus / Malware eingefangen - Standard

DHL Virus / Malware eingefangen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu DHL Virus / Malware eingefangen
.dll, antivirus, avg, avira, browser, dhl email, dhl virus, entfernen, explorer, flash player, format, helper, homepage, kaspersky, malware, mozilla, newtab, registry, rootkit, rundll, scan, security, server, software, svchost.exe, system, virus, windows



Ähnliche Themen: DHL Virus / Malware eingefangen


  1. Angst Malware/Virus eingefangen zu haben - Wie am besten vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 20.10.2015 (3)
  2. Vielleicht Malware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (15)
  3. Malware eingefangen?
    Lob, Kritik und Wünsche - 21.12.2014 (0)
  4. Malware eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (25)
  5. Windows 7: Malware eingefangen
    Log-Analyse und Auswertung - 30.11.2014 (11)
  6. vlc.de malware eingefangen
    Log-Analyse und Auswertung - 27.10.2014 (7)
  7. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  8. Renitente Malware eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (3)
  9. Malware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (11)
  10. Adware und Malware eingefangen
    Log-Analyse und Auswertung - 19.04.2013 (15)
  11. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  12. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  13. trojaner eingefangen , malware auswertung :)
    Log-Analyse und Auswertung - 19.04.2011 (21)
  14. Pishing-Malware eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (25)
  15. Malware Doctor eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  16. Mal wieder was eingefangen: rundll32.exe Virus/Malware | Programmabstürze
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (12)
  17. Trojaner Malware eingefangen!Menno...
    Log-Analyse und Auswertung - 05.11.2008 (2)

Zum Thema DHL Virus / Malware eingefangen - Hallo, ich habe mir offensichtlich den DHL Virus eingefangen. Im Eifer des Gefechts habe ich schon verschieden Virenscanner, Malwarescanner und Rootkit Scanner durchlaufen lassen. Darunter AVG, Kaspersky, Avira, Malwarebytes. Diese - DHL Virus / Malware eingefangen...
Archiv
Du betrachtest: DHL Virus / Malware eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.