Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 wie kann ich den DHL Trojaner vollständig entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.06.2015, 17:50   #1
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Hallo Team von Trojaner Board,
ich habe letze Woche ein mail von DHL bekommen mit einer zipdatei und habe diese entpackt und die pdf Datei angeklickt... ich war so in gedanken und habe überhaupt nicht nachgedacht...
beim Anklicken wurde mir klar da stimmt was nicht und ich habe gesehen dass der Absender ein ganz andere war..und auch die Transaktionsnummer gab es dann nicht auf der orginal DHL Seite.
Somit ging ich davon aus dass ich den Trojaner aktiviert habe...
ich habe nun 3 oder 4 mal das Antivirusporgramm Windows Microsoft Security Essential drüber laufen lassen und es wurden auch Viren gefunden und in Quarantäne geschoben. ich habe diese jedes Mal gelöscht und erst bei driten oder 4. Vollscann kam keine Virusmeldung mehr...

Dannach bekam ich am nächsten Tag lauter "Mail delivered emails in meinen Posteingängen waren insgesamt über 300 Emails...
Ich habe meine Passwörter alle von einem anderen - virenfreien- Rechner geändert und dann bekam ich heute nur noch 3 oder 4 solche Mail waren vielleicht noch in der Schleife...

Der rechner zeigt sonst keine Auffälligkeiten im Moment auch nicht beim booten, aber ich traue der sache nicht und wüsste gerne ob ich wirklich alles erwischt habe und der rechner clean ist....

So hier nun die einzelnen vorbereiteten Dateien:

Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:51 on 08/06/2015 

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
------------------------------------------------------------------------
         
Adittion.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ******* ******* at 2015-06-08 21:58:39
Running from C:\Users\******* *******\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2361403017-131952453-2753301349-500 - Administrator - Disabled)
Gast (S-1-5-21-2361403017-131952453-2753301349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2361403017-131952453-2753301349-1006 - Limited - Enabled)
******* ******* (S-1-5-21-2361403017-131952453-2753301349-1000 - Administrator - Enabled) => C:\Users\******* *******

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Amazon Kindle (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5400 series Benutzerregistrierung (HKLM-x32\...\Canon MG5400 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version:  - )
DATA BECKER CD-DVD Druckerei 7 (HKLM-x32\...\CD-DVD Druckerei 7_is1) (Version: 7.50.0.30 - DATA BECKER GmbH & Co. KG)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.18_WHQL (HKLM\...\Elantech) (Version: 7.0.4.18 - ELAN Microelectronics Corp.)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free YouTube Download version 3.1.25.423 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.25.423 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.53.113 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.53.113 - DVDVideoSoft Ltd.)
freeTunes*3.0 (HKLM-x32\...\{447E3935-A085-42D4-0001-8BE5E4034B40}) (Version: 3.0.12.1213 - Engelmann Media GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (x32 Version: 4.8.0000 - SweetIM Technologies Ltd.) Hidden
Inxmail Professional 4.3 (HKLM-x32\...\Inxmail Professional 4.3) (Version:  - )
iSkysoft Video Converter Ultimate(Build 5.4.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.4.1.0 - iSkysoft Software)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kalender-Excel-8.8.1 (HKLM-x32\...\Kalender-Excel-8.8.1_is1) (Version: 8.8.1 - MSDatec)
Langenscheidt Grammatiktrainer 6.0 Spanisch (HKLM-x32\...\Grammatiktrainer 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.38.2.9 - Silicon Motion)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3711 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3711 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
lingDIALOG (HKLM-x32\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
MAGIX Foto Manager 8 6.0.1.457 (D) (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.457 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Online Druck Service 3.4.3.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video deluxe 15 8.0.0.62 (D) (HKLM-x32\...\MAGIX Video deluxe 15 D) (Version: 8.0.0.62 - MAGIX AG)
maxdome Download Manager 4.1.300.78 (HKLM-x32\...\{E948B551-08DB-4163-8995-8C43B03D1B19}) (Version: 4.1.30078 - Prosieben)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.5.3.255 (D) (HKLM-x32\...\Mufin MusicFinder Base D) (Version: 1.5.3.255 - MAGIX AG)
MyFreeCodec (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\MyFreeCodec) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.1 - )
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\CopyTrans Suite) (Version: 3.006 - WindSolutions)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.8 - Lenovo)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Play Movie (HKLM-x32\...\{A450831D-25F6-4F42-9662-D000B25E0D82}) (Version: 1.5.1.6121 - CyberLink Corp.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney Business 4.0 S-Edition (HKLM-x32\...\{3DE6A16F-DB09-449E-B12E-651F661BB488}) (Version: 4.0 - Star Finanz GmbH)
StarMoney Business 6.0 S-Edition (HKLM-x32\...\{FC477001-3A24-41C8-BA59-13852DECA894}) (Version: 6.0 - Star Finanz GmbH)
STRATO HiDrive (HKLM-x32\...\{3E00C574-B650-401D-A898-4581AAD6CC74}) (Version: 1.0.0 - STRATO AG)
SweetIM Bundle by SweetPacks (HKLM-x32\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.4100.36 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.4100.36 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.4100.36 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vokabeltrainer-Update 6.0.18 (HKLM-x32\...\{5BB72321-F9E7-42C2-9400-AFC195E4F8C6}) (Version: 6.0.18 - Langenscheidt)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2361403017-131952453-2753301349-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

05-06-2015 07:21:07 Geplanter Prüfpunkt
08-06-2015 21:19:14 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {081BD915-8196-4DE0-BC8E-54D3F734B254} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {1CA3D3E7-A0EB-4DF3-85F5-F79CC85EC4A9} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2010-05-10] (TuneUp Software)
Task: {2E42311C-CED5-4D60-8BAD-88CB42AB868E} - System32\Tasks\{7693949C-A2E9-4CCA-80FE-31A2CD043C87} => pcalua.exe -a "C:\Users\******* *******\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=tugs <==== ATTENTION
Task: {4F2C44CE-875B-4DD2-82FD-0A58AC37FC78} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop*******-******* ******* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {563D3DE8-68BC-4EB0-B27B-53921030EFCE} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {57B5279F-9950-4FA0-978B-E422F1FF26F8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-11] (CyberLink)
Task: {5F2992FE-7099-467D-BC0D-AF4465F2B8C5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {61A9FD26-BC8F-4C12-B656-569F68885C58} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {681DC04C-1C98-49A8-AF51-F1F5A8E32D20} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-18] (Microsoft Corporation)
Task: {785D922F-7D2B-4813-8D5A-C9A8059DE065} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {798B4A27-F2E7-4CB5-B750-557905AC80EC} - System32\Tasks\DSite => C:\Users\*******~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7C191AA8-1FAD-4A86-9522-2428AC3AE259} - System32\Tasks\{4C0194EE-5537-4843-BF98-35E386F7AF29} => pcalua.exe -a "C:\Users\******* *******\Downloads\jxpiinstall(2).exe" -d "C:\Users\******* *******\Downloads"
Task: {86B704FE-543E-4592-AF0C-59FA38C2049C} - System32\Tasks\QtraxPlayer => 1100543380.portal.qtrax.com
Task: {89B60E71-5723-40D5-9AE2-085B88429DB8} - System32\Tasks\{FD219611-8DDF-4579-B780-03A680E4B801} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {8B6F2A58-7B0F-48F8-9FCC-9C017F0F1461} - System32\Tasks\{D00D62CE-151C-418D-8CE5-7F8E7C5AADF9} => pcalua.exe -a "C:\Users\******* *******\Downloads\AudibleDM_iTunesSetup(1).exe" -d "C:\Users\******* *******\Downloads"
Task: {8F202157-4DB7-450F-BDE4-9237CA717E2E} - System32\Tasks\{8AADBB6C-24F7-4A73-9ADB-11100F00F1A5} => pcalua.exe -a "C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe" -c "/appName=SweetIM Bundle by SweetPacks" "/linkurl=hxxp://lp.sweetim.com/SweetPacksBundleUninstaller" "/sweettext=SweetIM (SweetIM for Messenger, Toolbar, Update Manager)"
Task: {A23B1418-EC13-46DC-841E-0803EBAE2455} - System32\Tasks\{6C8D082B-2E0E-47F7-8AE1-F0B82A491C80} => pcalua.exe -a F:\setup.exe -d F:\
Task: {B0D4189C-9C9F-46EC-A7DB-E3D6260BE0C2} - System32\Tasks\4815 => Wscript.exe C:\Users\*******~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C8B9888B-9034-4E7E-B751-CF75A1FC868D} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {D8015C09-7A25-4FA4-8A07-7D884828C692} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {DB58FCD4-A756-48CF-8AAB-94420D59BC69} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E341CB5D-1B58-4ED4-A235-C973BB57199A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E735D288-00C2-414C-99B1-64AEA6BC488F} - System32\Tasks\{D475E93F-77B6-4201-B4EA-954BB9D8EBE5} => pcalua.exe -a "C:\Users\******* *******\Downloads\AudibleDM_iTunesSetup(3).exe" -d "C:\Users\******* *******\Downloads"
Task: {F1E6B4FA-3393-4C65-9939-95DF21E5D556} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {F544CF95-285C-439E-9472-9EE09603C945} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {F854969B-9DD6-44A6-A1ED-30696D6AF1F1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-28 12:58 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2009-08-11 18:59 - 2009-08-11 18:59 - 00173344 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 01057512 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00627944 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00514352 _____ () C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00517352 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoXML.dll
2014-07-27 22:38 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\PATCHW32.dll
2010-08-17 10:31 - 2010-04-20 22:41 - 00318976 _____ () C:\windows\system32\370prop.ax
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-04 21:42 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-10-04 21:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-06-08 21:07 - 2015-06-08 21:07 - 00043008 _____ () c:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrvfwh.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-10-22 23:31 - 2014-10-22 23:31 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-08-17 10:18 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5761E1F0-A1E8-4F33-8CBE-EB9127C61DBD}] => (Allow) C:\Program Files (x86)\Lenovo\PlayMovie\PlayMovie.exe
FirewallRules: [{B5D35172-AF0C-408C-8DA9-22472454AC31}] => (Allow) C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe
FirewallRules: [{3CDB0F72-B965-4EBF-8B3E-38A057E71AC1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{C68AF74B-49DB-497D-8FF4-B350B32C5BA5}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{267868FF-88F0-44BB-9466-968D89E23090}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{0B187981-CC75-46D9-91B8-F7B8B8F1A51A}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{5441AE00-64B6-4911-9DC5-C79BEDA4FFFB}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{32CA0032-763C-41D0-AF80-504B2ADD9CB5}] => (Allow) C:\windows\System32\IgrsSvcs.exe
FirewallRules: [{2D48B278-0A58-4C15-818F-8949D72E3669}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ReadyCom.exe
FirewallRules: [{3903A43D-8C84-4319-B438-485D2B22B41C}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
FirewallRules: [{ED1ABDF5-2B04-459D-8AAC-056D4BD84D1F}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{AA47AE03-BB9D-44B4-9B5E-2026C94F876A}] => (Allow) C:\Program Files\Lenovo\ReadyComm\Projectionist.exe
FirewallRules: [{9D2AB2B0-AA2D-49ED-AE0D-47DA6529B1F0}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{6DBF2D53-3411-4F12-A69C-8E5511407677}] => (Allow) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
FirewallRules: [{ECE394B8-303E-45A7-91C8-15828BD08833}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{CF8044D5-9209-4C41-8A68-B8F6F4277793}] => (Allow) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
FirewallRules: [{E38C05F4-8156-46AA-8F33-36AD466D1CD8}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{D7AD91D8-BEE9-4B13-ADBA-409E9D3D60E3}] => (Allow) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
FirewallRules: [{5BA4E51D-E6D3-402E-8520-032D7D07ACCC}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{78F30922-FF1D-4EA7-9EBB-2DB455A9502B}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{5928519A-2F1B-43F8-8B89-8B537E2CA522}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\app\StarMoney.exe
FirewallRules: [{77302389-FB7E-4E55-88E6-8AC45AE61007}] => (Allow) C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\app\StarMoney.exe
FirewallRules: [{DA3315BC-7717-463E-9982-04110E3870A6}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{D40D7D3E-21D7-44CC-89B4-CF6D4332438E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{E3950429-5B1D-4103-AD9B-EC9EF99E05B1}] => (Allow) C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2CCD9CC8-E416-4EBF-8A6D-BE9EC286FD42}] => (Allow) C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1697D3A7-7BDE-4A3B-B272-4FE4FE213959}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{002AAE78-C9A9-45CE-91EB-BC0C6667400D}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe
FirewallRules: [{8661FE83-5E1D-4834-BA56-9108F1B6B980}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6D1B1E5D-B933-4B84-8AF0-ECE2F454F119}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{044EE441-A44D-4A87-81FB-4CF04C83EE0E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\app\StarMoney.exe
FirewallRules: [{92088180-83B8-4550-9ECB-3A966B7B2E99}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\app\StarMoney.exe
FirewallRules: [TCP Query User{80BDCAB3-EC76-4895-9FE1-5CD917460CAE}C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9721C51A-DA40-4EBD-BED1-AD010FECB3FE}C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\******* *******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0125153B-57D7-445F-A1DF-7122D405BEF9}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6D5FD094-9C19-45A2-AE78-845640D5122F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{DA158FA4-F244-4BD2-B1CE-E2A0ABF5B5D3}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{29DE43EB-91B4-43B0-8AE5-DBD34649C6D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CAA98C0-F0B6-4279-8FBA-5FD836022442}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8952BD8E-D5B3-4E32-BB88-1ECAACC813BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B1C94AD-1440-4E26-BCBC-14869A0C5806}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7FCD578-277A-4DDB-861E-D626D232EFF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA94CC17-233D-4050-9316-F13E5341BC1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6555282B-B9B7-4FA2-A75F-AA7E23731C89}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D8C3E479-96CF-4A1F-8B96-3E5EF8B9C04A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6DE18905-F47E-4040-93E3-7FE3A7E1804D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05CA5064-89CE-4E33-AEA9-8C7BA1413E52}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 09:24:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b6c

Startzeit: 01d0a21e10da9b08

Endzeit: 2813

Anwendungspfad: C:\windows\Explorer.EXE

Berichts-ID: eb5165e0-0e13-11e5-b4c4-d4a9d9bbbea3

Error: (06/08/2015 09:15:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/08/2015 09:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.3.8, Zeitstempel: 0x4cd2c1c1
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea0b
ID des fehlerhaften Prozesses: 0x1bc8
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3

Error: (06/05/2015 07:15:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"1".
Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/05/2015 07:15:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (06/04/2015 04:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 9.0.4100.36, Zeitstempel: 0x4be7eab5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x540
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21809938

Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21809938

Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/04/2015 07:03:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21808893


System errors:
=============
Error: (06/08/2015 09:08:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/08/2015 09:06:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/05/2015 10:57:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 114.21.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/05/2015 10:57:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.199.1629.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/05/2015 10:57:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.199.1629.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/05/2015 10:57:41 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.199.1629.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.8.0204.00

	Quellpfad: 4.8.0204.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/05/2015 10:49:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2015 10:46:36 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/05/2015 09:22:27 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/04/2015 05:04:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office:
=========================
Error: (06/08/2015 09:24:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567b6c01d0a21e10da9b082813C:\windows\Explorer.EXEeb5165e0-0e13-11e5-b4c4-d4a9d9bbbea3

Error: (06/08/2015 09:15:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/08/2015 09:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DATA BECKER Update Service.exe0.0.3.84cd2c1c1ntdll.dll6.1.7601.187985507b3e0c0000374000cea0b1bc801d0a21eb667e434C:\Program Files (x86)\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\windows\SysWOW64\ntdll.dllf6d68526-0e11-11e5-b4c4-d4a9d9bbbea3

Error: (06/05/2015 07:15:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0"c:\program files (x86)\windows live\messenger\wlcsdk.exe

Error: (06/05/2015 07:15:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (06/04/2015 04:40:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OneClick.exe9.0.4100.364be7eab5ntdll.dll6.1.7601.187985507b3e0c00000050002dfe454001d09e89eca024f1C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exeC:\windows\SysWOW64\ntdll.dllaf7c6d73-0ac7-11e5-8dee-d5ee7b4cb1ac

Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21809938

Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21809938

Error: (06/04/2015 07:03:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/04/2015 07:03:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21808893


CodeIntegrity Errors:
===================================
  Date: 2014-10-21 17:35:09.377
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-21 17:35:09.153
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-23 11:55:55.996
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-23 11:55:55.811
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3958.85 MB
Available physical RAM: 2086.73 MB
Total Pagefile: 7915.89 MB
Available Pagefile: 5573.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:552.22 GB) (Free:84.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.66 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:14.44 GB) (Free:11.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0DD185C2)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=552.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 80E6F3FA)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)

==================== End of log ============================
         

FRST frst.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ******* ******* (administrator) on LAPTOP******* on 08-06-2015 21:57:56
Running from C:\Users\******* *******\Downloads
Loaded Profiles: ******* ******* (Available Profiles: ******* *******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Dropbox, Inc.) C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(STRATO) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-26] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-17] (Google Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-10-03]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk [2013-10-03]
ShortcutTarget: STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid={62D5D87B-D5AA-11E2-BBC0-C44619C07852}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-01-13] (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll [2014-04-11] (Thinknice Co. Limited)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-26] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-13] (DVDVideoSoft Ltd.)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-03-18] (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-03-18] (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Tcpip\..\Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: [NameServer] 8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: [NameServer] 8.8.8.8,192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188

FireFox:
========
FF ProfilePath: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll [2012-06-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-2361403017-131952453-2753301349-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF user.js: detected! => C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\user.js [2014-04-27]
FF SearchPlugin: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\delta.xml [2013-06-14]
FF SearchPlugin: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\Search_Results.xml [2015-01-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2015-06-08]
FF Extension: Fast Start - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\faststartff@gmail.com [2014-07-27]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\admin@proxy-listen.de.xpi [2014-01-20]
FF Extension: Best Proxy Switcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-20]
FF Extension: anonymoX - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\client@anonymox.net.xpi [2014-01-20]
FF Extension: Firebug - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-10-04]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-24] <==== ATTENTION

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-01-08]
CHR Extension: (Gmail) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR Extension: (Extutil) - C:\Users\*******~1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-27]
CHR Extension: (Managera) - C:\Users\*******~1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-27]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2011-07-16] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403208 2010-05-10] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [146928 2010-01-21] (CyberLink Corp.)
U3 BcmSqlStartupSvc; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 21:56 - 2015-06-08 21:57 - 00052853 _____ C:\Users\******* *******\Downloads\Addition.txt
2015-06-08 21:54 - 2015-06-08 21:58 - 00000000 ____D C:\FRST
2015-06-08 21:54 - 2015-06-08 21:57 - 00036297 _____ C:\Users\******* *******\Downloads\FRST.txt
2015-06-08 21:53 - 2015-06-08 21:53 - 02108928 _____ (Farbar) C:\Users\******* *******\Downloads\FRST64.exe
2015-06-08 21:50 - 2015-06-08 21:50 - 00000000 _____ C:\Users\******* *******\defogger_reenable
2015-06-04 16:41 - 2015-06-04 16:41 - 00000000 ____D C:\Users\******* *******\AppData\Local\CrashDumps
2015-06-03 21:55 - 2015-06-03 21:55 - 00000000 ____D C:\12bf32d59e7e9d01b7adf8
2015-06-03 21:29 - 2015-06-03 21:29 - 00000000 ____D C:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 12:50 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-24 12:50 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-24 12:50 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-24 12:50 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-24 12:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-24 12:50 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-24 12:50 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-24 12:50 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-24 12:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-24 12:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-24 12:50 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-24 12:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-24 12:50 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-24 12:50 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-24 12:50 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-24 12:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-24 12:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-24 12:50 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-24 12:50 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-24 12:50 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-24 12:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-24 12:50 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-24 12:50 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-24 12:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-24 12:50 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-24 12:50 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-24 12:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-24 12:50 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-24 12:50 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-24 12:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-24 12:50 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-24 12:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-24 12:50 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-24 12:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-24 12:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-24 12:50 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-24 12:50 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-24 12:50 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-24 12:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-24 12:50 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-24 12:50 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-24 12:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-24 12:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-24 12:50 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-24 12:50 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-24 12:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-24 12:50 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-24 12:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-24 12:50 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-24 12:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-24 12:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-24 12:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-24 12:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-24 12:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-24 12:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-24 12:50 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-24 12:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-24 12:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-24 12:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-24 12:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-24 12:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-24 12:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-24 12:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-24 12:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-24 12:50 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-24 12:50 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-24 12:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-24 12:50 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-24 12:50 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-24 12:50 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-24 12:50 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-24 12:50 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-24 12:50 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-24 12:50 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-24 12:50 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-24 12:50 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-24 12:50 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-24 12:50 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-24 12:50 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-24 12:50 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-24 12:50 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-24 12:50 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-24 12:48 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-24 12:46 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-24 12:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-24 12:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-24 12:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-24 12:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-24 10:54 - 2015-05-24 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 21:51 - 2011-07-17 22:33 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 21:50 - 2011-07-17 10:22 - 00000000 ____D C:\Users\******* *******\Documents\Outlook-Dateien
2015-06-08 21:50 - 2011-07-14 16:42 - 00000000 ____D C:\Users\******* *******
2015-06-08 21:43 - 2010-08-17 09:59 - 01091502 _____ C:\windows\WindowsUpdate.log
2015-06-08 21:42 - 2011-08-19 10:08 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Skype
2015-06-08 21:38 - 2013-05-22 21:08 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 21:31 - 2011-07-15 00:08 - 00000000 ____D C:\Users\******* *******\AppData\Local\Adobe
2015-06-08 21:16 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:16 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:09 - 2010-08-17 01:39 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-08 21:09 - 2010-08-17 01:39 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-08 21:09 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-08 21:08 - 2012-09-13 21:27 - 00000000 ___RD C:\Users\******* *******\Dropbox
2015-06-08 21:08 - 2012-09-13 21:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Dropbox
2015-06-08 21:07 - 2011-10-21 17:06 - 00000000 ____D C:\Users\******* *******\AppData\Local\13EFF61B-C0BE-4E7C-A631-8DB65ADD1790.aplzod
2015-06-08 21:04 - 2014-12-15 22:49 - 00007119 _____ C:\windows\setupact.log
2015-06-08 21:04 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-05 10:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-05 07:22 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-04 16:47 - 2015-01-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-06-03 22:47 - 2009-07-14 06:45 - 05057440 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\system32\GWX
2015-06-03 22:43 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-03 22:42 - 2012-06-28 17:58 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 22:42 - 2012-06-28 17:53 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 22:11 - 2013-08-15 23:08 - 00000000 ____D C:\windows\system32\MRT
2015-06-03 22:11 - 2011-08-21 11:56 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-03 22:11 - 2011-07-14 16:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-03 21:40 - 2014-08-28 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-03 21:04 - 2013-03-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-02 23:41 - 2013-04-08 21:57 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 S-Edition
2015-05-27 21:12 - 2014-05-16 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-24 12:46 - 2011-07-17 22:33 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 12:46 - 2011-07-17 22:33 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 12:46 - 2011-07-17 22:33 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 22:21 - 2013-05-20 22:41 - 00000000 ____D C:\Users\******* *******\AppData\Local\Deployment
2015-05-10 10:10 - 2012-09-13 21:23 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-08-02 18:51 - 2013-08-02 18:51 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-02 18:48 - 2015-04-27 20:13 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2011-10-06 22:37 - 2011-10-06 22:38 - 0013003 _____ () C:\Users\******* *******\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-09-18 21:50 - 2013-09-18 23:38 - 145672688 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-18 21:50 - 2013-09-18 23:38 - 0001817 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2013-06-29 18:43 - 2013-06-29 18:43 - 0001456 _____ () C:\Users\******* *******\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-08 21:28 - 2015-02-08 21:28 - 0003560 _____ () C:\Users\******* *******\AppData\Local\recently-used.xbel
2011-07-14 17:34 - 2011-07-14 17:34 - 0000088 _____ () C:\ProgramData\profile.xml

Some files in TEMP:
====================
C:\Users\******* *******\AppData\Local\Temp\-bjjkz3q.dll
C:\Users\******* *******\AppData\Local\Temp\11d731b32dae4aaabac29fa6cd68ed90.dll
C:\Users\******* *******\AppData\Local\Temp\2024c4f2375c4b3fa39a075ca1bf550e.dll
C:\Users\******* *******\AppData\Local\Temp\25af56168c444d588a323ab502fb30e9.dll
C:\Users\******* *******\AppData\Local\Temp\2e1a786f20324ab3b52a967ee0fa6c63.dll
C:\Users\******* *******\AppData\Local\Temp\344f8714c90a4aeeb9c71b700f094ede.dll
C:\Users\******* *******\AppData\Local\Temp\356153d7dd074f8382e840e60e5c7711.dll
C:\Users\******* *******\AppData\Local\Temp\3DA.exe
C:\Users\******* *******\AppData\Local\Temp\40dfcefa5214443c89de2b48cb0e6ff2.dll
C:\Users\******* *******\AppData\Local\Temp\4d848098574649ad8ebecad588f5deba.dll
C:\Users\******* *******\AppData\Local\Temp\5573343603ea4dcc9c657f5ad86aeb06.dll
C:\Users\******* *******\AppData\Local\Temp\5BAA.exe
C:\Users\******* *******\AppData\Local\Temp\5c7e87fc1dd94e36a85a69dc11121f52.dll
C:\Users\******* *******\AppData\Local\Temp\60b3cd74ce7a4234bed495fb46c65858.dll
C:\Users\******* *******\AppData\Local\Temp\64A.exe
C:\Users\******* *******\AppData\Local\Temp\6522f064d51a47ee8fee4fdd6cf06e07.dll
C:\Users\******* *******\AppData\Local\Temp\66cccb2b73484c0691d3a6eec3ed4a57.dll
C:\Users\******* *******\AppData\Local\Temp\6916c4df8b4443828171ffd3e7eaf079.dll
C:\Users\******* *******\AppData\Local\Temp\7107ff45b98343c8a9759303d8d0fce7.dll
C:\Users\******* *******\AppData\Local\Temp\76469894716c4c7e9606a13d8f33847b.dll
C:\Users\******* *******\AppData\Local\Temp\78748e3476c94da6b4e423dfff3471bd.dll
C:\Users\******* *******\AppData\Local\Temp\7z920.exe
C:\Users\******* *******\AppData\Local\Temp\89a2d4818f5e428eb504a8a90fa6f5cf.dll
C:\Users\******* *******\AppData\Local\Temp\8c927caeef9e40af80ad1309befc1c63.dll
C:\Users\******* *******\AppData\Local\Temp\8D51~.exe
C:\Users\******* *******\AppData\Local\Temp\8D52~.exe
C:\Users\******* *******\AppData\Local\Temp\8D53~.exe
C:\Users\******* *******\AppData\Local\Temp\8d7e8090ae5d47e0be37088ee26dd7c6.dll
C:\Users\******* *******\AppData\Local\Temp\98407e817f454e9ab178a8ecacc8c488.dll
C:\Users\******* *******\AppData\Local\Temp\a0828cc18e2e446da21b2f95a7701351.dll
C:\Users\******* *******\AppData\Local\Temp\aafe3bf435a141e9b84aa4a10d1d1526.dll
C:\Users\******* *******\AppData\Local\Temp\aca029aeca9e4165a613f5450eea5553.dll
C:\Users\******* *******\AppData\Local\Temp\ad4b788ac29d4b28b20eb8afeffb71a4.dll
C:\Users\******* *******\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\******* *******\AppData\Local\Temp\ae755d928a804f86b21bfde9058c83ae.dll
C:\Users\******* *******\AppData\Local\Temp\AskSLib.dll
C:\Users\******* *******\AppData\Local\Temp\b2a97147f6af4411ac0caf80e03f3581.dll
C:\Users\******* *******\AppData\Local\Temp\b578c9e8a4cf4a8eb8686e5bc67be014.dll
C:\Users\******* *******\AppData\Local\Temp\BackupSetup.exe
C:\Users\******* *******\AppData\Local\Temp\bi_cleaner.exe
C:\Users\******* *******\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\******* *******\AppData\Local\Temp\c245d2ad13874b02be2ee206ae9cd9f5.dll
C:\Users\******* *******\AppData\Local\Temp\c8409dc2d47d435c819077d790ecb908.dll
C:\Users\******* *******\AppData\Local\Temp\c9b053c0c0784f90b1bd48f0d0b39960.dll
C:\Users\******* *******\AppData\Local\Temp\ChilkatDotNet2.dll
C:\Users\******* *******\AppData\Local\Temp\cp6zmeg8.dll
C:\Users\******* *******\AppData\Local\Temp\dc5dcf91d8ef4ed5ae5ce4fb9787591a.dll
C:\Users\******* *******\AppData\Local\Temp\DeleteVF.exe
C:\Users\******* *******\AppData\Local\Temp\DeltaTB.exe
C:\Users\******* *******\AppData\Local\Temp\DivXSetup.exe
C:\Users\******* *******\AppData\Local\Temp\dp.exe
C:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrvfwh.dll
C:\Users\******* *******\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\******* *******\AppData\Local\Temp\e8eb3fcd2ad94a528cfc5ca4a5562d19.dll
C:\Users\******* *******\AppData\Local\Temp\f3687dbf2c0d448598e8aee19cfc7bb6.dll
C:\Users\******* *******\AppData\Local\Temp\FileSystemView.dll
C:\Users\******* *******\AppData\Local\Temp\freetunes3_full.exe
C:\Users\******* *******\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\******* *******\AppData\Local\Temp\GenericUninstall.exe
C:\Users\******* *******\AppData\Local\Temp\ICReinstall_CodecPack.exe
C:\Users\******* *******\AppData\Local\Temp\ICReinstall_Firefox_Setup_16.0.1.exe
C:\Users\******* *******\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
C:\Users\******* *******\AppData\Local\Temp\ITapi3.dll
C:\Users\******* *******\AppData\Local\Temp\mgsqlite3.dll
C:\Users\******* *******\AppData\Local\Temp\mgxfonts.exe
C:\Users\******* *******\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\******* *******\AppData\Local\Temp\mpam-81557672.exe
C:\Users\******* *******\AppData\Local\Temp\MSETUP4.EXE
C:\Users\******* *******\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\******* *******\AppData\Local\Temp\nsd106E.exe
C:\Users\******* *******\AppData\Local\Temp\nsi81EB.exe
C:\Users\******* *******\AppData\Local\Temp\nsi85E2.exe
C:\Users\******* *******\AppData\Local\Temp\nsiC48.exe
C:\Users\******* *******\AppData\Local\Temp\nst7D97.exe
C:\Users\******* *******\AppData\Local\Temp\nsy14E2.exe
C:\Users\******* *******\AppData\Local\Temp\nsy1E8C.exe
C:\Users\******* *******\AppData\Local\Temp\ose00000.exe
C:\Users\******* *******\AppData\Local\Temp\sdan.exe
C:\Users\******* *******\AppData\Local\Temp\sdapk.exe
C:\Users\******* *******\AppData\Local\Temp\sdaspwn.exe
C:\Users\******* *******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\******* *******\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\******* *******\AppData\Local\Temp\uf0kqdwe.dll
C:\Users\******* *******\AppData\Local\Temp\uninst1.exe
C:\Users\******* *******\AppData\Local\Temp\uninstall.exe
C:\Users\******* *******\AppData\Local\Temp\uninstaller.exe
C:\Users\******* *******\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\******* *******\AppData\Local\Temp\vcredist_x64.exe
C:\Users\******* *******\AppData\Local\Temp\wajam_install.exe
C:\Users\******* *******\AppData\Local\Temp\WEB.DE_Sicherheitsupdate_Sep2012_Setup.exe
C:\Users\******* *******\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\******* *******\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup_quiet.exe
C:\Users\******* *******\AppData\Local\Temp\wgtiicyi.dll
C:\Users\******* *******\AppData\Local\Temp\WSSetup.exe
C:\Users\******* *******\AppData\Local\Temp\xmlUpdater.exe
C:\Users\******* *******\AppData\Local\Temp\_TinDel.exe
C:\Users\******* *******\AppData\Local\Temp\{0F806C95-AB71-4ACB-A648-B6B10128888C}-27.0.1453.116_27.0.1453.110_chrome_updater.exe
C:\Users\******* *******\AppData\Local\Temp\{3FE870E9-3DC5-4376-8618-040A43C2C532}-30.0.1599.69_29.0.1547.76_chrome_updater.exe
C:\Users\******* *******\AppData\Local\Temp\{CDC5965D-C94C-4ACC-8E97-7BEEFE8497DD}-29.0.1547.66_29.0.1547.62_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 07:14

==================== End of log ============================
         

Alt 09.06.2015, 18:01   #2
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



GMER gmer.txt
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-08 22:28:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\*******~1\AppData\Local\Temp\uxtiqpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\kernel32.dll!FindResourceW                                                                                                                                                           0000000076335911 5 bytes JMP 0000000100440980
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\kernel32.dll!FindResourceA                                                                                                                                                           000000007634e95b 5 bytes JMP 0000000100440930
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadStringW                                                                                                                                                               0000000076b28eb9 5 bytes JMP 0000000100440fd0
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadStringA                                                                                                                                                               0000000076b2db21 5 bytes JMP 0000000100441110
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadMenuW                                                                                                                                                                 0000000076b34391 5 bytes JMP 0000000100440b40
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!LoadMenuA                                                                                                                                                                 0000000076b44eef 5 bytes JMP 0000000100440ad0
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!CreateDialogParamA                                                                                                                                                        0000000076b45246 5 bytes JMP 00000001004409d0
.text    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[3900] C:\windows\syswow64\user32.DLL!CreateDialogParamW                                                                                                                                                        0000000076b510dc 5 bytes JMP 0000000100440a50
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                                             0000000076338769 4 bytes JMP 0000000162dc86d5
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\ole32.dll!OleLoadFromStream                                                                                                                                                          00000000764d6143 4 bytes JMP 00000001632b3057
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!SysFreeString                                                                                                                                                           00000000766d3e59 4 bytes JMP 0000000162dfa1aa
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!VariantClear                                                                                                                                                            00000000766d3eae 4 bytes JMP 0000000162e08168
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                                                                                                                                   00000000766d4731 4 bytes JMP 0000000162e04734
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType                                                                                                                                                       00000000766d5dee 4 bytes JMP 0000000162e3529f
?        C:\windows\system32\mssprxy.dll [4640] entry point in ".rdata" section                                                                                                                                                                                                      00000000534171e6
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\Program Files (x86)\Microsoft Office\Office14\BCSProxy32.dll!ReleaseMutex + 215                                                                                                                       0000000052b42338 4 bytes [9A, EE, 80, 4E]
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                  00000000777b1401 2 bytes JMP 7635b1ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                    00000000777b1419 2 bytes JMP 7635b31a C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                  00000000777b1431 2 bytes JMP 763d8f09 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                  00000000777b144a 2 bytes CALL 76334885 C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                         * 9
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                     00000000777b14dd 2 bytes JMP 763d8802 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                              00000000777b14f5 2 bytes JMP 763d89d8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                     00000000777b150d 2 bytes JMP 763d86f8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                              00000000777b1525 2 bytes JMP 763d8ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                    00000000777b153d 2 bytes JMP 7634fc78 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                         00000000777b1555 2 bytes JMP 763568bf C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                  00000000777b156d 2 bytes JMP 763d8fc1 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                    00000000777b1585 2 bytes JMP 763d8b22 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                       00000000777b159d 2 bytes JMP 763d86bc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                    00000000777b15b5 2 bytes JMP 7634fd11 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                  00000000777b15cd 2 bytes JMP 7635b2b0 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                              00000000777b16b2 2 bytes JMP 763d8e84 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                              00000000777b16bd 2 bytes JMP 763d8651 C:\windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  c:\users\*******~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxrvfwh.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-06-08 19:07:44)                                             0000000004f00000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24)           000000006a4f0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004a900000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30)                                                         0000000006000000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30)                                                           000000004ad00000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)        0000000069f80000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000069c90000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30)                                                                                        0000000069bd0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)        00000000699f0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         00000000659b0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)          0000000068ed0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            0000000068c70000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)            00000000699c0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30)                                                                                           000000006dbd0000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28)  0000000069990000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)         0000000069950000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26)   0000000069900000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30)                                                                       0000000068b90000
Library  C:\Users\******* *******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe [3628](2015-03-04 21:45:30)                                                                       0000000068720000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                                                                                                                                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619c07852                                                                                                                                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                                                                                                                                                                             
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619c07852 (not active ControlSet)                                                                                                                                                                             

---- EOF - GMER 2.1 ----
         
Logfile Microsoft Security Essentials 0306.2015

Code:
ATTFilter
Die Konfiguration von Microsoft-Antischadsoftware hat sich geändert. Handelt es sich um ein unerwartetes Ereignis, müssen die Einstellungen überprüft werden, da die Änderung ggf. auf Schadsoftware zurückzuführen ist.
 	Alter Wert: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReportingLocation = 
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport

 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReportingLocation = 
SOAP:https://spynet2.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
SOAP:https://spynetalt.microsoft.com/AntiMalwareServices/2/SpynetReportSrvc.asmx
REST:https://spynet2.microsoft.com/spyNet.svc/submitReport
REST:https://spynetalt.microsoft.com/spyNet.svc/submitReport
BOND:https://spynet2.microsoft.com/spyNet.svc/bond/submitreport
BOND:https://spynetalt.microsoft.com/spyNet.svc/bond/submitreport
         
Logfile 03.06.2015
Code:
ATTFilter
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet.G&threatid=2147691939&enterprise=0
 	Name: Trojan:Win32/Emotet.G
 	ID: 2147691939
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\++++++++\AppData\Local\3fe82f3b963b5bcf36ee658a80c09fe7.exe
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Echtzeitschutz
 	Benutzer: Laptop
 	Prozessname: C:\Windows\explorer.exe
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
         

logfile 03.06.2015

Code:
ATTFilter
Von Microsoft-Antischadsoftware wurden Maßnahmen zum Schutz des Computers vor Schadsoftware oder anderer potenziell unerwünschter Software ergriffen.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet.G&threatid=2147691939&enterprise=0
 	Name: Trojan:Win32/Emotet.G
 	ID: 2147691939
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\+++++++\AppData\Local\3fe82f3b963b5bcf36ee658a80c09fe7.exe;regkey:_HKCU@S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\3fe82f3b963b5bcf36ee658a80c09fe7;runkey:_HKCU@S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\3fe82f3b963b5bcf36ee658a80c09fe7
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Echtzeitschutz
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Windows\explorer.exe
 	Aktion: Quarantäne
 	Aktionsstatus:  Führen Sie eine vollständige Überprüfung aus, um das Entfernen von Schadsoftware und anderer potenziell unerwünschter Software abzuschließen. Informationen zu Überprüfungsoptionen finden Sie unter "Hilfe und Support". 
	Starten Sie den Computer neu, um das Entfernen von Schadsoftware und anderer potenziell unerwünschter Software abzuschließen. 
 	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
 	Modulversion: AM: 1.1.11701.0, NIS: 2.1.11502.0
         
Logfile 04.06.2015
Code:
ATTFilter
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=2147695193&enterprise=0
 	Name: BrowserModifier:Win32/KipodToolsCby
 	ID: 2147695193
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{066F86D8-D35A-48FB-85D6-1A203DAE80F2};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{0F8B624E-49E8-4597-A4A7-5348DCAADD32};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{108BD590-972F-4522-B436-01F29D3FF0BF};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{1D45275A-BC14-4895-A248-BD29203C246F};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{31315407-D66C-4425-A652-5BCC67B28E1C};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{37CFB851-58F0-4B15-9CF3-1D37DB676D77};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{3CE9D5BD-A8E3-4E9B-9400-CE689BA79A3E};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{410112FD-9BAA-47A6-8498-567207484756};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{4C15F2BD-08B2-4363-B81C-BF7ECD1A221A};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5BE733B3-9159-4713-9274-CCF46A4C4077};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{6247EC17-5617-472B-8C0D-A35C8B63E47D};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{97F44E1A-A58A-453C-B38E-E1F6E
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Benutzer
 	Benutzer: Laptop
 	Prozessname: Unknown
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
         
Logfile 04.06.2015
Code:
ATTFilter
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/AddLyrics&threatid=195750&enterprise=0
 	Name: Adware:Win32/AddLyrics
 	ID: 195750
 	Schweregrad: Hoch
 	Kategorie: Adware
 	Pfad: containerfile:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe;file:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-chrome.crx)->[ChromeCrxPackage]->contentscript.js;file:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-lfind.dll);file:_C:\Users\+++++\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-LyricsFinderUpdater.exe);file:_C:\Users\Simone Melcher\AppData\Local\Temp\is357113909\LyricsFinder.exe->(nsis-6-main.js)
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Benutzer
 	Benutzer: Laptop
 	Prozessname: Unknown
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
         
Logfile 04.06.2015
Code:
ATTFilter
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Kuluoz.B&threatid=2147657460&enterprise=0
 	Name: TrojanDownloader:Win32/Kuluoz.B
 	ID: 2147657460
 	Schweregrad: Schwerwiegend
 	Kategorie: Downloadtrojaner
 	Pfad: containerfile:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\07ee005e3685d5456ec02e80db6c2e10f6f912ae;containerfile:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\130a6ec83c0b242c790d689faa1a876b303612e7;file:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\07ee005e3685d5456ec02e80db6c2e10f6f912ae->Postetikett_DE_#56472724.exe;file:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\130a6ec83c0b242c790d689faa1a876b303612e7->Postetikett_DE_#56472724.exe;file:_C:\Users\******* *******\AppData\Roaming\Apple Computer\MobileSync\Backup\f2e9bfa1566755b9ffe1f783ef62f6f9d2b64c94\fc5a078f1673eae9d77642d85a36c284906f3080
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Benutzer
 	Benutzer: Laptop*******\******* *******
 	Prozessname: Unknown
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
 	Modulversion: AM: 1.1.11701.0, NIS: 2.1.11502.0
         
[B]Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Code:
ATTFilter
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=2147695193&enterprise=0
 	Name: BrowserModifier:Win32/KipodToolsCby
 	ID: 2147695193
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{066F86D8-D35A-48FB-85D6-1A203DAE80F2};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{0F8B624E-49E8-4597-A4A7-5348DCAADD32};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{108BD590-972F-4522-B436-01F29D3FF0BF};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{1D45275A-BC14-4895-A248-BD29203C246F};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{31315407-D66C-4425-A652-5BCC67B28E1C};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{37CFB851-58F0-4B15-9CF3-1D37DB676D77};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{3CE9D5BD-A8E3-4E9B-9400-CE689BA79A3E};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{410112FD-9BAA-47A6-8498-567207484756};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{4C15F2BD-08B2-4363-B81C-BF7ECD1A221A};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5BE733B3-9159-4713-9274-CCF46A4C4077};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{6247EC17-5617-472B-8C0D-A35C8B63E47D};clsid:_HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{97F44E1A-A58A-453C-B38E-E1F6E
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Benutzer
 	Benutzer: Laptop*******\******* *******
 	Prozessname: Unknown
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
         
So ich hoffe sie können mir helfen und sagen was ich tun muss dass alles wieder der ok...
ich sage schon mal herzlichen Dank für die Hilfe

hier habe ich noch 2 Informationen mehr gefunden
logfile 04.04.2015
Code:
ATTFilter
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/KipodToolsCby&threatid=2147695193&enterprise=0
 	Name: BrowserModifier:Win32/KipodToolsCby
 	ID: 2147695193
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: file:_C:\Users\******* *******\AppData\Local\Temp\installhelper.dll
 	Ursprung der Erkennung: Lokaler Computer
 	Typ der Erkennung: Konkret
 	Quelle der Erkennung: Echtzeitschutz
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Windows\System32\SearchProtocolHost.exe
 	Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
         
logfile 04.04.2015
Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
BrowserModifier:Win32/KipodToolsCby
Name: BrowserModifier:Win32/KipodToolsCby
ID: 2147695193
Schweregrad: Hoch
Kategorie: Browserveränderer
Pfad: file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe.manifest;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\COPYING.LGPLv2;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\English.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\French.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\Portuguese.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\Lang\Spanish.lng;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\license.txt;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\NCTWMAProfiles.prx;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\aspi32.exe;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\COPYING.LGPLv2;file:_C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\flac lice
Ursprung der Erkennung: Lokaler Computer
Typ der Erkennung: Konkret
Quelle der Erkennung: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\System32\SearchProtocolHost.exe
Signaturversion: AV: 1.199.1629.0, AS: 1.199.1629.0, NIS: 114.21.0.0
Modulversion: AM: 1.1.11701.0, NIS: 2.1.11502.0
__________________


Alt 10.06.2015, 05:32   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
__________________

Alt 11.06.2015, 21:32   #4
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Hallo schrauber hier die ersten Logfiles:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.11.03
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Simone Melcher :: LAPTOPSIMONE [administrator]

11.06.2015 18:50:24
mbar-log-2015-06-11 (18-50-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 439154
Time elapsed: 1 hour(s), 42 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Simone Melcher\AppData\Local\Temp\android\android.exe (Backdoor.Bot) -> Delete on reboot. [e9861a9f5a301b1b12eda201d52c1fe1]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.11.04
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Simone Melcher :: LAPTOPSIMONE [administrator]

11.06.2015 20:46:38
mbar-log-2015-06-11 (20-46-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 439022
Time elapsed: 1 hour(s), 27 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Der rest folgt sobald die restlichen scans durch sind....
so hier nun der rest von TDSS Scan
Code:
ATTFilter
22:19:34.0676 0x1588  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:19:47.0028 0x1588  ============================================================
22:19:47.0028 0x1588  Current date / time: 2015/06/11 22:19:47.0028
22:19:47.0028 0x1588  SystemInfo:
22:19:47.0028 0x1588  
22:19:47.0028 0x1588  OS Version: 6.1.7601 ServicePack: 1.0
22:19:47.0028 0x1588  Product type: Workstation
22:19:47.0028 0x1588  ComputerName: LAPTOPSIMONE
22:19:47.0028 0x1588  UserName: Simone Melcher
22:19:47.0028 0x1588  Windows directory: C:\windows
22:19:47.0028 0x1588  System windows directory: C:\windows
22:19:47.0028 0x1588  Running under WOW64
22:19:47.0028 0x1588  Processor architecture: Intel x64
22:19:47.0028 0x1588  Number of processors: 4
22:19:47.0028 0x1588  Page size: 0x1000
22:19:47.0028 0x1588  Boot type: Normal boot
22:19:47.0028 0x1588  ============================================================
22:19:47.0438 0x1588  KLMD registered as C:\windows\system32\drivers\55487027.sys
22:19:48.0128 0x1588  System UUID: {D1560C40-B450-2B1B-F8EC-99EF7A7011C5}
22:19:49.0478 0x1588  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:19:49.0488 0x1588  ============================================================
22:19:49.0488 0x1588  \Device\Harddisk0\DR0:
22:19:49.0488 0x1588  MBR partitions:
22:19:49.0488 0x1588  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
22:19:49.0488 0x1588  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x45073000
22:19:49.0508 0x1588  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x450D8000, BlocksNum 0x39FD800
22:19:49.0508 0x1588  ============================================================
22:19:49.0589 0x1588  C: <-> \Device\Harddisk0\DR0\Partition2
22:19:49.0789 0x1588  D: <-> \Device\Harddisk0\DR0\Partition3
22:19:49.0839 0x1588  ============================================================
         
Code:
ATTFilter
22:19:49.0839 0x1588  Initialize success
22:19:49.0839 0x1588  ============================================================
22:19:58.0431 0x16f4  ============================================================
22:19:58.0431 0x16f4  Scan started
22:19:58.0431 0x16f4  Mode: Manual; 
22:19:58.0431 0x16f4  ============================================================
22:19:58.0431 0x16f4  KSN ping started
22:20:01.0301 0x16f4  KSN ping finished: true
22:20:01.0861 0x16f4  ================ Scan system memory ========================
22:20:01.0861 0x16f4  System memory - ok
22:20:01.0861 0x16f4  ================ Scan services =============================
22:20:02.0141 0x16f4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
22:20:02.0151 0x16f4  1394ohci - ok
22:20:02.0211 0x16f4  [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883           C:\windows\system32\DRIVERS\61883.sys
22:20:02.0221 0x16f4  61883 - ok
22:20:02.0251 0x16f4  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\windows\system32\drivers\acedrv11.sys
22:20:04.0012 0x16f4  acedrv11 - ok
22:20:04.0082 0x16f4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
22:20:04.0092 0x16f4  ACPI - ok
22:20:04.0122 0x16f4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
22:20:04.0122 0x16f4  AcpiPmi - ok
22:20:04.0162 0x16f4  [ DC201246A14CB3B274DF59FAF539AB07, D4DAED256E9EDD5ADD7384E9FD9F8DC2B1029543BC894367B582BA7119FABD94 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
22:20:04.0162 0x16f4  ACPIVPC - ok
22:20:04.0292 0x16f4  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:04.0302 0x16f4  AdobeFlashPlayerUpdateSvc - ok
22:20:04.0352 0x16f4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
22:20:04.0382 0x16f4  adp94xx - ok
22:20:04.0462 0x16f4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
22:20:04.0482 0x16f4  adpahci - ok
22:20:04.0573 0x16f4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
22:20:04.0583 0x16f4  adpu320 - ok
22:20:04.0643 0x16f4  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:20:04.0643 0x16f4  AeLookupSvc - ok
22:20:04.0693 0x16f4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
22:20:04.0723 0x16f4  AFD - ok
22:20:04.0783 0x16f4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
22:20:04.0783 0x16f4  agp440 - ok
22:20:04.0813 0x16f4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
22:20:04.0823 0x16f4  ALG - ok
22:20:04.0843 0x16f4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
22:20:04.0843 0x16f4  aliide - ok
22:20:04.0873 0x16f4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
22:20:04.0873 0x16f4  amdide - ok
22:20:04.0893 0x16f4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
22:20:04.0903 0x16f4  AmdK8 - ok
22:20:04.0913 0x16f4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
22:20:04.0913 0x16f4  AmdPPM - ok
22:20:04.0983 0x16f4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:20:04.0993 0x16f4  amdsata - ok
22:20:05.0013 0x16f4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
22:20:05.0023 0x16f4  amdsbs - ok
22:20:05.0043 0x16f4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:20:05.0043 0x16f4  amdxata - ok
22:20:05.0073 0x16f4  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\windows\system32\drivers\appid.sys
22:20:05.0083 0x16f4  AppID - ok
22:20:05.0093 0x16f4  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:20:05.0103 0x16f4  AppIDSvc - ok
22:20:05.0133 0x16f4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
22:20:05.0133 0x16f4  Appinfo - ok
22:20:05.0233 0x16f4  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:05.0233 0x16f4  Apple Mobile Device - ok
22:20:05.0263 0x16f4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
22:20:05.0273 0x16f4  arc - ok
22:20:05.0283 0x16f4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
22:20:05.0293 0x16f4  arcsas - ok
22:20:06.0063 0x16f4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:20:06.0123 0x16f4  aspnet_state - ok
22:20:06.0143 0x16f4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:20:06.0143 0x16f4  AsyncMac - ok
22:20:06.0173 0x16f4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
22:20:06.0173 0x16f4  atapi - ok
22:20:06.0613 0x16f4  [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr            C:\windows\system32\DRIVERS\athrx.sys
22:20:06.0703 0x16f4  athr - ok
22:20:06.0823 0x16f4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:20:06.0863 0x16f4  AudioEndpointBuilder - ok
22:20:06.0893 0x16f4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
22:20:06.0923 0x16f4  AudioSrv - ok
22:20:06.0983 0x16f4  [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc             C:\windows\system32\DRIVERS\avc.sys
22:20:06.0983 0x16f4  Avc - ok
22:20:07.0023 0x16f4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:20:07.0033 0x16f4  AxInstSV - ok
22:20:07.0083 0x16f4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
22:20:07.0123 0x16f4  b06bdrv - ok
22:20:07.0143 0x16f4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
22:20:07.0163 0x16f4  b57nd60a - ok
22:20:07.0213 0x16f4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
22:20:07.0223 0x16f4  BDESVC - ok
22:20:07.0233 0x16f4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
22:20:07.0233 0x16f4  Beep - ok
22:20:07.0293 0x16f4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
22:20:07.0343 0x16f4  BFE - ok
22:20:07.0423 0x16f4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
22:20:07.0503 0x16f4  BITS - ok
22:20:07.0523 0x16f4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:20:07.0523 0x16f4  blbdrive - ok
22:20:07.0643 0x16f4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:20:07.0663 0x16f4  Bonjour Service - ok
22:20:07.0703 0x16f4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:20:07.0703 0x16f4  bowser - ok
22:20:07.0723 0x16f4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
22:20:07.0733 0x16f4  BrFiltLo - ok
22:20:07.0743 0x16f4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
22:20:07.0753 0x16f4  BrFiltUp - ok
22:20:07.0773 0x16f4  [ 34F786535F9245E4028C57B28248C9D8, 95CB2B765BF4388A9204A8A974DCFF431CBC26E7274937386720514FF23871CB ] Bridge0         C:\windows\system32\drivers\WDBridge.sys
22:20:07.0783 0x16f4  Bridge0 - ok
22:20:07.0813 0x16f4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
22:20:07.0823 0x16f4  Browser - ok
22:20:07.0863 0x16f4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\system32\DRIVERS\BrSerId.sys
22:20:07.0873 0x16f4  Brserid - ok
22:20:07.0893 0x16f4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:20:07.0893 0x16f4  BrSerWdm - ok
22:20:07.0913 0x16f4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:20:07.0913 0x16f4  BrUsbMdm - ok
22:20:07.0923 0x16f4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\system32\DRIVERS\BrUsbSer.sys
22:20:07.0923 0x16f4  BrUsbSer - ok
22:20:07.0953 0x16f4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
22:20:07.0963 0x16f4  BthEnum - ok
22:20:07.0983 0x16f4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
22:20:07.0983 0x16f4  BTHMODEM - ok
22:20:08.0003 0x16f4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
22:20:08.0013 0x16f4  BthPan - ok
22:20:08.0073 0x16f4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
22:20:08.0103 0x16f4  BTHPORT - ok
22:20:08.0123 0x16f4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
22:20:08.0133 0x16f4  bthserv - ok
22:20:08.0163 0x16f4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
22:20:08.0173 0x16f4  BTHUSB - ok
22:20:08.0213 0x16f4  [ 6E04458E98DAF28826482E41A7A62DF5, 995B371E7384CC05D3A0B462B31A3EA56D8715A93D15B45DB3A78C7F7CF13A40 ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
22:20:08.0213 0x16f4  btusbflt - ok
22:20:08.0243 0x16f4  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B, 2A2039DD524E989EA91B7C91D5F295C663D1E27ABD64777D2F3137EB1C42C258 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
22:20:08.0243 0x16f4  btwaudio - ok
22:20:08.0263 0x16f4  [ 82DC8B7C626E526681C1BEBED2BC3FF9, 58260E88CDD7388ABA563F9B8F2F3FA17022DB9E4C56EBA0761E99B919A8EAF8 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
22:20:08.0273 0x16f4  btwavdt - ok
22:20:08.0333 0x16f4  [ C73EB036BFC5A27B9CB87B29F7ED88C3, ED303B500F24C7F647400F5377B20CB92567B1771F0947B500C61907292495F7 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
22:20:08.0373 0x16f4  btwdins - ok
22:20:08.0403 0x16f4  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
22:20:08.0403 0x16f4  btwl2cap - ok
22:20:08.0413 0x16f4  [ 28E105AD3B79F440BF94780F507BF66A, EF4E6CCAB16765E2C88666625C13CB3299B668159A94CB201E3B44701A30640A ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
22:20:08.0413 0x16f4  btwrchid - ok
22:20:08.0433 0x16f4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:20:08.0443 0x16f4  cdfs - ok
22:20:08.0473 0x16f4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
22:20:08.0473 0x16f4  cdrom - ok
22:20:08.0513 0x16f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
22:20:08.0543 0x16f4  CertPropSvc - ok
22:20:08.0583 0x16f4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
22:20:08.0583 0x16f4  circlass - ok
22:20:08.0623 0x16f4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
22:20:08.0653 0x16f4  CLFS - ok
22:20:08.0783 0x16f4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:08.0803 0x16f4  clr_optimization_v2.0.50727_32 - ok
22:20:08.0843 0x16f4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:20:08.0853 0x16f4  clr_optimization_v2.0.50727_64 - ok
22:20:08.0933 0x16f4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:08.0933 0x16f4  clr_optimization_v4.0.30319_32 - ok
22:20:08.0963 0x16f4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:20:09.0023 0x16f4  clr_optimization_v4.0.30319_64 - ok
22:20:09.0043 0x16f4  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
22:20:09.0043 0x16f4  clwvd - ok
22:20:09.0073 0x16f4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
22:20:09.0073 0x16f4  CmBatt - ok
22:20:09.0103 0x16f4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
22:20:09.0113 0x16f4  cmdide - ok
22:20:09.0183 0x16f4  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\windows\system32\Drivers\cng.sys
22:20:09.0223 0x16f4  CNG - ok
22:20:09.0363 0x16f4  [ 7247A4D0875F5F28919E0787E11B7B57, 9F79077619E626A8DAE74D9EF819BF1D061455CBCAD23C491EC595A2F6C21DED ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:20:09.0403 0x16f4  CnxtHdAudService - ok
22:20:09.0433 0x16f4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
22:20:09.0433 0x16f4  Compbatt - ok
22:20:09.0473 0x16f4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
22:20:09.0483 0x16f4  CompositeBus - ok
22:20:09.0483 0x16f4  COMSysApp - ok
22:20:09.0513 0x16f4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
22:20:09.0513 0x16f4  crcdisk - ok
22:20:09.0553 0x16f4  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:20:09.0563 0x16f4  CryptSvc - ok
22:20:09.0743 0x16f4  [ BD989CFC6E296373A7EA59514E17A199, 2259B966B8780B08EF6B8E27039C8125D5A751E3C01AB92F20E77F5467B40DEC ] DBService       C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
22:20:09.0893 0x16f4  DBService - ok
22:20:10.0003 0x16f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
22:20:10.0023 0x16f4  DcomLaunch - ok
22:20:10.0063 0x16f4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
22:20:10.0083 0x16f4  defragsvc - ok
22:20:10.0113 0x16f4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:20:10.0123 0x16f4  DfsC - ok
22:20:10.0163 0x16f4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
22:20:10.0183 0x16f4  Dhcp - ok
22:20:10.0623 0x16f4  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\windows\system32\diagtrack.dll
22:20:10.0703 0x16f4  DiagTrack - ok
22:20:10.0783 0x16f4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
22:20:10.0783 0x16f4  discache - ok
22:20:10.0823 0x16f4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
22:20:10.0823 0x16f4  Disk - ok
22:20:10.0873 0x16f4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:20:10.0893 0x16f4  Dnscache - ok
22:20:10.0943 0x16f4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
22:20:10.0953 0x16f4  dot3svc - ok
22:20:10.0983 0x16f4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
22:20:10.0983 0x16f4  DPS - ok
22:20:11.0023 0x16f4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:20:11.0023 0x16f4  drmkaud - ok
22:20:11.0133 0x16f4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:20:11.0193 0x16f4  DXGKrnl - ok
22:20:11.0243 0x16f4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
22:20:11.0243 0x16f4  EapHost - ok
22:20:11.0483 0x16f4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
22:20:11.0643 0x16f4  ebdrv - ok
22:20:11.0713 0x16f4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\windows\System32\lsass.exe
22:20:11.0713 0x16f4  EFS - ok
22:20:11.0833 0x16f4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:20:11.0863 0x16f4  ehRecvr - ok
22:20:11.0903 0x16f4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
22:20:11.0903 0x16f4  ehSched - ok
22:20:11.0963 0x16f4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
22:20:11.0993 0x16f4  elxstor - ok
22:20:12.0023 0x16f4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
22:20:12.0023 0x16f4  ErrDev - ok
22:20:12.0073 0x16f4  [ FB558CEBEA17A6B63205985DFF39E662, D62375B81E76A48B4BCF747384B650D17773CF03C4FA2EF7D5FA88A763C655C0 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
22:20:12.0083 0x16f4  ETD - ok
22:20:12.0143 0x16f4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
22:20:12.0163 0x16f4  EventSystem - ok
22:20:12.0233 0x16f4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
22:20:12.0243 0x16f4  exfat - ok
22:20:12.0263 0x16f4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:20:12.0273 0x16f4  fastfat - ok
22:20:12.0333 0x16f4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
22:20:12.0403 0x16f4  Fax - ok
22:20:12.0453 0x16f4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
22:20:12.0453 0x16f4  fdc - ok
22:20:12.0543 0x16f4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
22:20:12.0543 0x16f4  fdPHost - ok
22:20:12.0633 0x16f4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
22:20:12.0633 0x16f4  FDResPub - ok
22:20:12.0653 0x16f4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:20:12.0653 0x16f4  FileInfo - ok
22:20:12.0673 0x16f4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:20:12.0683 0x16f4  Filetrace - ok
22:20:13.0323 0x16f4  [ 167D24A045499EBEF438F231976158DF, 237F1495BA79D9082D6B383FE9AC5C6154A6F76F181000401F5790236EB57301 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
22:20:13.0413 0x16f4  FirebirdServerMAGIXInstance - ok
22:20:13.0483 0x16f4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
22:20:13.0483 0x16f4  flpydisk - ok
22:20:13.0673 0x16f4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:20:13.0683 0x16f4  FltMgr - ok
22:20:13.0843 0x16f4  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\windows\system32\FntCache.dll
22:20:13.0903 0x16f4  FontCache - ok
22:20:14.0003 0x16f4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:20:14.0003 0x16f4  FontCache3.0.0.0 - ok
22:20:14.0143 0x16f4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:20:14.0143 0x16f4  FsDepends - ok
22:20:14.0303 0x16f4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:20:14.0303 0x16f4  Fs_Rec - ok
22:20:14.0523 0x16f4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:20:14.0633 0x16f4  fvevol - ok
22:20:14.0753 0x16f4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
22:20:14.0763 0x16f4  gagp30kx - ok
22:20:14.0833 0x16f4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:20:14.0833 0x16f4  GEARAspiWDM - ok
22:20:15.0173 0x16f4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
22:20:15.0223 0x16f4  gpsvc - ok
22:20:15.0413 0x16f4  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:20:15.0423 0x16f4  gupdate - ok
22:20:15.0433 0x16f4  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:20:15.0433 0x16f4  gupdatem - ok
22:20:15.0683 0x16f4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:20:15.0693 0x16f4  gusvc - ok
22:20:15.0753 0x16f4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:20:15.0753 0x16f4  hcw85cir - ok
22:20:15.0813 0x16f4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:20:15.0823 0x16f4  HdAudAddService - ok
22:20:15.0883 0x16f4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
22:20:15.0883 0x16f4  HDAudBus - ok
22:20:16.0003 0x16f4  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
22:20:16.0003 0x16f4  HECIx64 - ok
22:20:16.0103 0x16f4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
22:20:16.0103 0x16f4  HidBatt - ok
22:20:16.0153 0x16f4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
22:20:16.0153 0x16f4  HidBth - ok
22:20:16.0243 0x16f4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
22:20:16.0243 0x16f4  HidIr - ok
22:20:16.0323 0x16f4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
22:20:16.0323 0x16f4  hidserv - ok
22:20:16.0403 0x16f4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
22:20:16.0413 0x16f4  HidUsb - ok
22:20:16.0463 0x16f4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
22:20:16.0473 0x16f4  hkmsvc - ok
22:20:16.0583 0x16f4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:20:16.0603 0x16f4  HomeGroupListener - ok
22:20:16.0703 0x16f4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:20:16.0713 0x16f4  HomeGroupProvider - ok
22:20:16.0793 0x16f4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
22:20:16.0793 0x16f4  HpSAMD - ok
22:20:16.0903 0x16f4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:20:16.0973 0x16f4  HTTP - ok
22:20:17.0053 0x16f4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:20:17.0053 0x16f4  hwpolicy - ok
22:20:17.0113 0x16f4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
22:20:17.0123 0x16f4  i8042prt - ok
22:20:17.0423 0x16f4  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
22:20:17.0443 0x16f4  iaStor - ok
22:20:17.0643 0x16f4  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:20:17.0643 0x16f4  IAStorDataMgrSvc - ok
22:20:17.0863 0x16f4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:20:17.0913 0x16f4  iaStorV - ok
22:20:18.0323 0x16f4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:20:18.0443 0x16f4  idsvc - ok
22:20:18.0453 0x16f4  IEEtwCollectorService - ok
22:20:18.0643 0x16f4  IePluginService - ok
22:20:19.0053 0x16f4  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
22:20:19.0393 0x16f4  igfx - ok
22:20:19.0664 0x16f4  [ D951D20153E51928F9DB2227D6FF5C7A, 8D49F3D85452C65D5188C9516E89631E718A07E34176CF6FA0B1E02D8C18ABDB ] IGRS            C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
22:20:19.0664 0x16f4  IGRS - ok
22:20:19.0724 0x16f4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
22:20:19.0724 0x16f4  iirsp - ok
22:20:19.0784 0x16f4  [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:20:19.0794 0x16f4  IJPLMSVC - ok
22:20:20.0034 0x16f4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
22:20:20.0114 0x16f4  IKEEXT - ok
22:20:20.0164 0x16f4  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
22:20:20.0174 0x16f4  Impcd - ok
22:20:20.0234 0x16f4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
22:20:20.0244 0x16f4  intelide - ok
22:20:20.0264 0x16f4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:20:20.0274 0x16f4  intelppm - ok
22:20:20.0324 0x16f4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:20:20.0324 0x16f4  IPBusEnum - ok
         
Code:
ATTFilter
22:20:20.0354 0x16f4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:20:20.0354 0x16f4  IpFilterDriver - ok
22:20:20.0414 0x16f4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:20:20.0444 0x16f4  iphlpsvc - ok
22:20:20.0504 0x16f4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
22:20:20.0514 0x16f4  IPMIDRV - ok
22:20:20.0544 0x16f4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:20:20.0544 0x16f4  IPNAT - ok
22:20:20.0644 0x16f4  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:20:20.0714 0x16f4  iPod Service - ok
22:20:20.0794 0x16f4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:20:20.0794 0x16f4  IRENUM - ok
22:20:20.0824 0x16f4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
22:20:20.0824 0x16f4  isapnp - ok
22:20:20.0864 0x16f4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
22:20:20.0874 0x16f4  iScsiPrt - ok
22:20:20.0964 0x16f4  [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a        C:\windows\system32\DRIVERS\k57nd60a.sys
22:20:20.0974 0x16f4  k57nd60a - ok
22:20:21.0004 0x16f4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
22:20:21.0014 0x16f4  kbdclass - ok
22:20:21.0054 0x16f4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
22:20:21.0054 0x16f4  kbdhid - ok
22:20:21.0114 0x16f4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\windows\system32\lsass.exe
22:20:21.0114 0x16f4  KeyIso - ok
22:20:21.0144 0x16f4  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:20:21.0154 0x16f4  KSecDD - ok
22:20:21.0184 0x16f4  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:20:21.0194 0x16f4  KSecPkg - ok
22:20:21.0254 0x16f4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
22:20:21.0254 0x16f4  ksthunk - ok
22:20:21.0304 0x16f4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
22:20:21.0324 0x16f4  KtmRm - ok
22:20:21.0394 0x16f4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
22:20:21.0404 0x16f4  LanmanServer - ok
22:20:21.0464 0x16f4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:20:21.0474 0x16f4  LanmanWorkstation - ok
22:20:21.0704 0x16f4  [ 7FCB3EC66361F157BCD5B5C33CE2AC16, F4A96124AE0B4BEB1B7A8F7865B9FE474DD87B9C409681A2DDFAA3AADE562B13 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
22:20:21.0734 0x16f4  Lenovo ReadyComm AppSvc - ok
22:20:21.0824 0x16f4  [ 5287074E79E4BA82510886F684DC5F72, 76C884617FBDEBEE61B33997CA93C2A2B9B902692B84E2D897E56C54833CFD1E ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
22:20:21.0894 0x16f4  Lenovo ReadyComm ConnSvc - ok
22:20:21.0924 0x16f4  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
22:20:21.0934 0x16f4  LHDmgr - ok
22:20:21.0994 0x16f4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:20:22.0004 0x16f4  lltdio - ok
22:20:22.0064 0x16f4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:20:22.0094 0x16f4  lltdsvc - ok
22:20:22.0134 0x16f4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:20:22.0134 0x16f4  lmhosts - ok
22:20:22.0244 0x16f4  [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:20:22.0254 0x16f4  LMS - ok
22:20:22.0314 0x16f4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
22:20:22.0314 0x16f4  LSI_FC - ok
22:20:22.0374 0x16f4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
22:20:22.0374 0x16f4  LSI_SAS - ok
22:20:22.0414 0x16f4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
22:20:22.0414 0x16f4  LSI_SAS2 - ok
22:20:22.0434 0x16f4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
22:20:22.0434 0x16f4  LSI_SCSI - ok
22:20:22.0474 0x16f4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
22:20:22.0484 0x16f4  luafv - ok
22:20:22.0625 0x16f4  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\windows\system32\drivers\mbamchameleon.sys
22:20:22.0635 0x16f4  mbamchameleon - ok
22:20:22.0685 0x16f4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:20:22.0685 0x16f4  Mcx2Svc - ok
22:20:22.0735 0x16f4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
22:20:22.0735 0x16f4  megasas - ok
22:20:22.0775 0x16f4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
22:20:22.0795 0x16f4  MegaSR - ok
22:20:22.0865 0x16f4  Microsoft SharePoint Workspace Audit Service - ok
22:20:22.0915 0x16f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
22:20:22.0925 0x16f4  MMCSS - ok
22:20:22.0935 0x16f4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
22:20:22.0935 0x16f4  Modem - ok
22:20:22.0975 0x16f4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:20:22.0975 0x16f4  monitor - ok
22:20:23.0015 0x16f4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:20:23.0025 0x16f4  mouclass - ok
22:20:23.0035 0x16f4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:20:23.0035 0x16f4  mouhid - ok
22:20:23.0075 0x16f4  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:20:23.0085 0x16f4  mountmgr - ok
22:20:23.0145 0x16f4  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:20:23.0155 0x16f4  MozillaMaintenance - ok
22:20:23.0245 0x16f4  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
22:20:23.0255 0x16f4  MpFilter - ok
22:20:23.0344 0x16f4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
22:20:23.0352 0x16f4  mpio - ok
22:20:23.0414 0x16f4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:20:23.0418 0x16f4  mpsdrv - ok
22:20:23.0488 0x16f4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
22:20:23.0568 0x16f4  MpsSvc - ok
22:20:23.0653 0x16f4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:20:23.0660 0x16f4  MRxDAV - ok
22:20:23.0696 0x16f4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:20:23.0704 0x16f4  mrxsmb - ok
22:20:23.0779 0x16f4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:20:23.0803 0x16f4  mrxsmb10 - ok
22:20:23.0820 0x16f4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:20:23.0826 0x16f4  mrxsmb20 - ok
22:20:23.0848 0x16f4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
22:20:23.0850 0x16f4  msahci - ok
22:20:23.0878 0x16f4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
22:20:23.0885 0x16f4  msdsm - ok
22:20:23.0912 0x16f4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
22:20:23.0921 0x16f4  MSDTC - ok
22:20:23.0994 0x16f4  [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV            C:\windows\system32\DRIVERS\msdv.sys
22:20:23.0997 0x16f4  MSDV - ok
22:20:24.0029 0x16f4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:20:24.0032 0x16f4  Msfs - ok
22:20:24.0042 0x16f4  MsgPlusDriver - ok
22:20:24.0061 0x16f4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:20:24.0063 0x16f4  mshidkmdf - ok
22:20:24.0096 0x16f4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
22:20:24.0098 0x16f4  msisadrv - ok
22:20:24.0176 0x16f4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:20:24.0185 0x16f4  MSiSCSI - ok
22:20:24.0196 0x16f4  msiserver - ok
22:20:24.0231 0x16f4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:20:24.0233 0x16f4  MSKSSRV - ok
22:20:24.0279 0x16f4  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:20:24.0281 0x16f4  MsMpSvc - ok
22:20:24.0295 0x16f4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:20:24.0297 0x16f4  MSPCLOCK - ok
22:20:24.0308 0x16f4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:20:24.0310 0x16f4  MSPQM - ok
22:20:24.0359 0x16f4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:20:24.0377 0x16f4  MsRPC - ok
22:20:24.0433 0x16f4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
22:20:24.0437 0x16f4  mssmbios - ok
22:20:24.0470 0x16f4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:20:24.0471 0x16f4  MSTEE - ok
22:20:24.0484 0x16f4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
22:20:24.0487 0x16f4  MTConfig - ok
22:20:24.0511 0x16f4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
22:20:24.0514 0x16f4  Mup - ok
22:20:24.0579 0x16f4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
22:20:24.0624 0x16f4  napagent - ok
22:20:24.0687 0x16f4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:20:24.0707 0x16f4  NativeWifiP - ok
22:20:24.0785 0x16f4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
22:20:24.0840 0x16f4  NDIS - ok
22:20:24.0881 0x16f4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:20:24.0884 0x16f4  NdisCap - ok
22:20:24.0908 0x16f4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:20:24.0910 0x16f4  NdisTapi - ok
22:20:24.0952 0x16f4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:20:24.0957 0x16f4  Ndisuio - ok
22:20:25.0003 0x16f4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:20:25.0010 0x16f4  NdisWan - ok
22:20:25.0027 0x16f4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:20:25.0031 0x16f4  NDProxy - ok
22:20:25.0053 0x16f4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:20:25.0057 0x16f4  NetBIOS - ok
22:20:25.0104 0x16f4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:20:25.0116 0x16f4  NetBT - ok
22:20:25.0137 0x16f4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\windows\system32\lsass.exe
22:20:25.0140 0x16f4  Netlogon - ok
22:20:25.0186 0x16f4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
22:20:25.0208 0x16f4  Netman - ok
22:20:25.0264 0x16f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0288 0x16f4  NetMsmqActivator - ok
22:20:25.0304 0x16f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0310 0x16f4  NetPipeActivator - ok
22:20:25.0359 0x16f4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
22:20:25.0393 0x16f4  netprofm - ok
22:20:25.0409 0x16f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0415 0x16f4  NetTcpActivator - ok
22:20:25.0434 0x16f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:20:25.0440 0x16f4  NetTcpPortSharing - ok
22:20:25.0868 0x16f4  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\windows\system32\DRIVERS\netw5v64.sys
22:20:26.0136 0x16f4  netw5v64 - ok
22:20:26.0208 0x16f4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
22:20:26.0213 0x16f4  nfrd960 - ok
22:20:26.0271 0x16f4  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:20:26.0277 0x16f4  NisDrv - ok
22:20:26.0319 0x16f4  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:20:26.0342 0x16f4  NisSrv - ok
22:20:26.0384 0x16f4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
22:20:26.0408 0x16f4  NlaSvc - ok
22:20:26.0443 0x16f4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:20:26.0446 0x16f4  Npfs - ok
22:20:26.0482 0x16f4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
22:20:26.0487 0x16f4  nsi - ok
22:20:26.0521 0x16f4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:20:26.0524 0x16f4  nsiproxy - ok
22:20:26.0746 0x16f4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:20:26.0825 0x16f4  Ntfs - ok
22:20:26.0861 0x16f4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
22:20:26.0863 0x16f4  Null - ok
22:20:26.0902 0x16f4  [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
22:20:26.0907 0x16f4  NVHDA - ok
22:20:27.0859 0x16f4  [ B8A1174BFD21AF0379B4807BFC85FA66, FEA45F8DF69EC026760560D2A16988F1E2EFAED6A3B6E9DE1040083568E51631 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
22:20:28.0536 0x16f4  nvlddmkm - ok
22:20:28.0646 0x16f4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:20:28.0653 0x16f4  nvraid - ok
22:20:28.0708 0x16f4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:20:28.0716 0x16f4  nvstor - ok
22:20:28.0828 0x16f4  [ 8C639660B1CB88A966674FC13B8F43A2, C794554D771CA61746F21D2CF73A7F0B5919FCB6EEE2A1A88B3EFA5CA7AFE662 ] nvsvc           C:\windows\system32\nvvsvc.exe
22:20:28.0848 0x16f4  nvsvc - ok
22:20:28.0928 0x16f4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
22:20:28.0934 0x16f4  nv_agp - ok
22:20:28.0983 0x16f4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
22:20:28.0987 0x16f4  ohci1394 - ok
22:20:29.0082 0x16f4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:29.0088 0x16f4  ose - ok
22:20:29.0410 0x16f4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:20:29.0679 0x16f4  osppsvc - ok
22:20:29.0754 0x16f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:20:29.0772 0x16f4  p2pimsvc - ok
22:20:29.0822 0x16f4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
22:20:29.0845 0x16f4  p2psvc - ok
22:20:29.0885 0x16f4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
22:20:29.0891 0x16f4  Parport - ok
22:20:29.0930 0x16f4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:20:29.0934 0x16f4  partmgr - ok
22:20:29.0970 0x16f4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
22:20:29.0980 0x16f4  PcaSvc - ok
22:20:30.0009 0x16f4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
22:20:30.0017 0x16f4  pci - ok
22:20:30.0057 0x16f4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
22:20:30.0060 0x16f4  pciide - ok
22:20:30.0095 0x16f4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
22:20:30.0106 0x16f4  pcmcia - ok
22:20:30.0131 0x16f4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
22:20:30.0135 0x16f4  pcw - ok
22:20:30.0210 0x16f4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:20:30.0241 0x16f4  PEAUTH - ok
22:20:30.0817 0x16f4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
22:20:30.0821 0x16f4  PerfHost - ok
22:20:30.0990 0x16f4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
22:20:31.0069 0x16f4  pla - ok
22:20:31.0141 0x16f4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:20:31.0160 0x16f4  PlugPlay - ok
22:20:31.0196 0x16f4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:20:31.0200 0x16f4  PNRPAutoReg - ok
22:20:31.0231 0x16f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:20:31.0245 0x16f4  PNRPsvc - ok
22:20:31.0307 0x16f4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:20:31.0339 0x16f4  PolicyAgent - ok
22:20:31.0399 0x16f4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
22:20:31.0409 0x16f4  Power - ok
22:20:31.0471 0x16f4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:20:31.0476 0x16f4  PptpMiniport - ok
22:20:31.0516 0x16f4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
22:20:31.0520 0x16f4  Processor - ok
22:20:31.0564 0x16f4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
22:20:31.0576 0x16f4  ProfSvc - ok
22:20:31.0649 0x16f4  [ 9CC2C93394241E602DA63826413055FF, 844FA885A2FF59758D5E97084AD81C48DFA2BBC39E4CDE7B04D200820426D7EA ] Prosieben       C:\Program Files (x86)\maxdome\DCBin\DCService.exe
22:20:31.0653 0x16f4  Prosieben - ok
22:20:31.0670 0x16f4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\windows\system32\lsass.exe
22:20:31.0673 0x16f4  ProtectedStorage - ok
22:20:31.0723 0x16f4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:20:31.0730 0x16f4  Psched - ok
22:20:31.0775 0x16f4  [ FB46E9A827A8799EBD7BFA9128C91F37, 7C40E9C1720522D76AF45A588DFF47BDF0E2A99AF3A396854A00F1273EA13193 ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
22:20:31.0824 0x16f4  PSI - ok
22:20:31.0836 0x16f4  PS_MDP - ok
22:20:32.0016 0x16f4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
22:20:32.0127 0x16f4  ql2300 - ok
22:20:32.0155 0x16f4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
22:20:32.0161 0x16f4  ql40xx - ok
22:20:32.0253 0x16f4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
22:20:32.0267 0x16f4  QWAVE - ok
22:20:32.0339 0x16f4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:20:32.0342 0x16f4  QWAVEdrv - ok
22:20:32.0407 0x16f4  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\windows\WindowsMobile\rapimgr.dll
22:20:32.0417 0x16f4  RapiMgr - ok
22:20:32.0469 0x16f4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:20:32.0471 0x16f4  RasAcd - ok
22:20:32.0506 0x16f4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:20:32.0510 0x16f4  RasAgileVpn - ok
22:20:32.0656 0x16f4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
22:20:32.0664 0x16f4  RasAuto - ok
22:20:32.0700 0x16f4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:20:32.0707 0x16f4  Rasl2tp - ok
22:20:32.0836 0x16f4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
22:20:32.0860 0x16f4  RasMan - ok
22:20:32.0957 0x16f4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:20:32.0962 0x16f4  RasPppoe - ok
22:20:32.0979 0x16f4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:20:32.0983 0x16f4  RasSstp - ok
22:20:33.0050 0x16f4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:20:33.0072 0x16f4  rdbss - ok
22:20:33.0131 0x16f4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
22:20:33.0133 0x16f4  rdpbus - ok
22:20:33.0151 0x16f4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:20:33.0154 0x16f4  RDPCDD - ok
22:20:33.0176 0x16f4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:20:33.0179 0x16f4  RDPENCDD - ok
22:20:33.0200 0x16f4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:20:33.0202 0x16f4  RDPREFMP - ok
22:20:33.0321 0x16f4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:20:33.0331 0x16f4  RDPWD - ok
22:20:33.0395 0x16f4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:20:33.0406 0x16f4  rdyboost - ok
22:20:33.0419 0x16f4  ReadyComm.DirectRouter - ok
22:20:33.0511 0x16f4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:20:33.0519 0x16f4  RemoteAccess - ok
22:20:33.0616 0x16f4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:20:33.0626 0x16f4  RemoteRegistry - ok
22:20:33.0667 0x16f4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
22:20:33.0675 0x16f4  RFCOMM - ok
22:20:33.0726 0x16f4  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\windows\system32\DRIVERS\RMCAST.sys
22:20:33.0734 0x16f4  RMCAST - ok
22:20:33.0779 0x16f4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:20:33.0784 0x16f4  RpcEptMapper - ok
22:20:33.0825 0x16f4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
22:20:33.0828 0x16f4  RpcLocator - ok
22:20:33.0888 0x16f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
22:20:33.0911 0x16f4  RpcSs - ok
22:20:34.0000 0x16f4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:20:34.0004 0x16f4  rspndr - ok
22:20:34.0047 0x16f4  [ 5AAB4808E8CCAE8C2ECDA5B791260616, EFA49ADD657D209AFE73CE0E9184E319D5F7A8A0C6B60BEFA0AAB172B2D397BA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
22:20:34.0059 0x16f4  RSUSBSTOR - ok
22:20:34.0094 0x16f4  [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
22:20:34.0111 0x16f4  RTL8167 - ok
22:20:34.0137 0x16f4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\windows\system32\lsass.exe
22:20:34.0140 0x16f4  SamSs - ok
22:20:34.0193 0x16f4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
22:20:34.0199 0x16f4  sbp2port - ok
22:20:34.0250 0x16f4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:20:34.0262 0x16f4  SCardSvr - ok
22:20:34.0310 0x16f4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:20:34.0313 0x16f4  scfilter - ok
22:20:34.0403 0x16f4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
22:20:34.0494 0x16f4  Schedule - ok
22:20:34.0548 0x16f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
22:20:34.0552 0x16f4  SCPolicySvc - ok
22:20:34.0593 0x16f4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:20:34.0604 0x16f4  SDRSVC - ok
22:20:34.0638 0x16f4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:20:34.0641 0x16f4  secdrv - ok
22:20:34.0671 0x16f4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
22:20:34.0675 0x16f4  seclogon - ok
22:20:34.0828 0x16f4  [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:20:34.0927 0x16f4  Secunia PSI Agent - ok
22:20:35.0000 0x16f4  [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:20:35.0018 0x16f4  Secunia Update Agent - ok
22:20:35.0067 0x16f4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
22:20:35.0073 0x16f4  SENS - ok
22:20:35.0097 0x16f4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:20:35.0101 0x16f4  SensrSvc - ok
22:20:35.0131 0x16f4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
22:20:35.0133 0x16f4  Serenum - ok
22:20:35.0176 0x16f4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
22:20:35.0182 0x16f4  Serial - ok
22:20:35.0221 0x16f4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
22:20:35.0224 0x16f4  sermouse - ok
22:20:35.0300 0x16f4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
22:20:35.0308 0x16f4  SessionEnv - ok
22:20:35.0340 0x16f4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:20:35.0342 0x16f4  sffdisk - ok
22:20:35.0362 0x16f4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:20:35.0365 0x16f4  sffp_mmc - ok
22:20:35.0379 0x16f4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:20:35.0381 0x16f4  sffp_sd - ok
22:20:35.0408 0x16f4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
22:20:35.0411 0x16f4  sfloppy - ok
22:20:35.0490 0x16f4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:20:35.0508 0x16f4  SharedAccess - ok
22:20:35.0580 0x16f4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:20:35.0603 0x16f4  ShellHWDetection - ok
22:20:35.0632 0x16f4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
22:20:35.0635 0x16f4  SiSRaid2 - ok
22:20:35.0656 0x16f4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
22:20:35.0661 0x16f4  SiSRaid4 - ok
22:20:35.0831 0x16f4  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:20:35.0846 0x16f4  SkypeUpdate - ok
22:20:35.0896 0x16f4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:20:35.0901 0x16f4  Smb - ok
22:20:35.0971 0x16f4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:20:35.0975 0x16f4  SNMPTRAP - ok
22:20:36.0021 0x16f4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
22:20:36.0023 0x16f4  spldr - ok
22:20:36.0081 0x16f4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
22:20:36.0108 0x16f4  Spooler - ok
22:20:36.0366 0x16f4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
22:20:36.0561 0x16f4  sppsvc - ok
22:20:36.0670 0x16f4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:20:36.0676 0x16f4  sppuinotify - ok
22:20:36.0733 0x16f4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
22:20:36.0755 0x16f4  srv - ok
22:20:36.0803 0x16f4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:20:36.0848 0x16f4  srv2 - ok
22:20:36.0890 0x16f4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:20:36.0898 0x16f4  srvnet - ok
22:20:36.0967 0x16f4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:20:36.0978 0x16f4  SSDPSRV - ok
22:20:37.0004 0x16f4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:20:37.0011 0x16f4  SstpSvc - ok
22:20:37.0249 0x16f4  [ E8606BF6BE3B7481D95F1DD2E4F3FCBA, 522646B5266C3E18AF909CB49F411ABB10F5DCD02A2B923C1EA209529AFD1A94 ] StarMoney Business 4.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:20:37.0367 0x16f4  StarMoney Business 4.0 OnlineUpdate - ok
22:20:37.0518 0x16f4  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney Business 6.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:20:37.0550 0x16f4  StarMoney Business 6.0 OnlineUpdate - ok
22:20:37.0614 0x16f4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
22:20:37.0632 0x16f4  stexstor - ok
22:20:37.0729 0x16f4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
22:20:37.0771 0x16f4  stisvc - ok
22:20:37.0813 0x16f4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
22:20:37.0814 0x16f4  swenum - ok
22:20:37.0940 0x16f4  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:20:37.0965 0x16f4  SwitchBoard - ok
22:20:38.0019 0x16f4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
22:20:38.0048 0x16f4  swprv - ok
22:20:38.0215 0x16f4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
22:20:38.0318 0x16f4  SysMain - ok
22:20:38.0385 0x16f4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
22:20:38.0393 0x16f4  TabletInputService - ok
22:20:38.0435 0x16f4  [ BCD6A90D6FD757CE9C29DDC850F7F231, 8E736A42B28BE11EC524C40DFA1C7A88BBE10CBC97320F128BCBE44051BBCC81 ] tap0901         C:\windows\system32\DRIVERS\tap0901.sys
22:20:38.0438 0x16f4  tap0901 - ok
22:20:38.0487 0x16f4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
22:20:38.0510 0x16f4  TapiSrv - ok
22:20:38.0567 0x16f4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
22:20:38.0573 0x16f4  TBS - ok
22:20:38.0817 0x16f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:20:38.0926 0x16f4  Tcpip - ok
22:20:39.0098 0x16f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:20:39.0175 0x16f4  TCPIP6 - ok
22:20:39.0279 0x16f4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:20:39.0282 0x16f4  tcpipreg - ok
22:20:39.0339 0x16f4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:20:39.0341 0x16f4  TDPIPE - ok
22:20:39.0386 0x16f4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:20:39.0389 0x16f4  TDTCP - ok
22:20:39.0435 0x16f4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:20:39.0442 0x16f4  tdx - ok
22:20:39.0489 0x16f4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
22:20:39.0494 0x16f4  TermDD - ok
22:20:39.0608 0x16f4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
22:20:39.0678 0x16f4  TermService - ok
22:20:39.0747 0x16f4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
22:20:39.0752 0x16f4  Themes - ok
22:20:39.0787 0x16f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
22:20:39.0791 0x16f4  THREADORDER - ok
22:20:39.0841 0x16f4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
22:20:39.0849 0x16f4  TrkWks - ok
22:20:39.0914 0x16f4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:20:39.0924 0x16f4  TrustedInstaller - ok
22:20:39.0992 0x16f4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:20:39.0995 0x16f4  tssecsrv - ok
22:20:40.0060 0x16f4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
22:20:40.0064 0x16f4  TsUsbFlt - ok
22:20:40.0624 0x16f4  [ 92010D59383302086C635B7D25A05A33, 9E51BF0EA4705A86C3D8D0D5989438C55CC43D2880A6FA0C9FEA30388EA88537 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:20:40.0674 0x16f4  TuneUp.Defrag - ok
22:20:40.0798 0x16f4  [ 6525DD751ECBE7FEAFF75E3B178AACC1, 87FFF30E8807515A13C74351B7D7F45785BA7B37DEA89DE1A86A6740B8F23D2F ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:20:40.0883 0x16f4  TuneUp.UtilitiesSvc - ok
22:20:40.0988 0x16f4  [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:20:40.0990 0x16f4  TuneUpUtilitiesDrv - ok
22:20:41.0060 0x16f4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:20:41.0066 0x16f4  tunnel - ok
22:20:41.0188 0x16f4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
22:20:41.0192 0x16f4  uagp35 - ok
22:20:41.0250 0x16f4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:20:41.0272 0x16f4  udfs - ok
22:20:41.0348 0x16f4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:20:41.0354 0x16f4  UI0Detect - ok
22:20:41.0434 0x16f4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
22:20:41.0438 0x16f4  uliagpkx - ok
22:20:41.0610 0x16f4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
22:20:41.0614 0x16f4  umbus - ok
22:20:41.0684 0x16f4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
22:20:41.0686 0x16f4  UmPass - ok
22:20:42.0664 0x16f4  [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:20:42.0822 0x16f4  UNS - ok
22:20:43.0043 0x16f4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
22:20:43.0059 0x16f4  upnphost - ok
22:20:43.0153 0x16f4  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService     C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
22:20:43.0345 0x16f4  UPnPService - ok
22:20:43.0401 0x16f4  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
22:20:43.0405 0x16f4  USBAAPL64 - ok
22:20:43.0465 0x16f4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
22:20:43.0471 0x16f4  usbaudio - ok
22:20:43.0516 0x16f4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
22:20:43.0522 0x16f4  usbccgp - ok
22:20:43.0580 0x16f4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
22:20:43.0585 0x16f4  usbcir - ok
22:20:43.0616 0x16f4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
22:20:43.0619 0x16f4  usbehci - ok
22:20:43.0683 0x16f4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:20:43.0780 0x16f4  usbhub - ok
22:20:43.0981 0x16f4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:20:43.0984 0x16f4  usbohci - ok
22:20:44.0058 0x16f4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
22:20:44.0061 0x16f4  usbprint - ok
22:20:44.0123 0x16f4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
22:20:44.0126 0x16f4  usbscan - ok
22:20:44.0226 0x16f4  [ 310ABD644511CBEEE16814095759D670, 416935D68882822DEFFD1CEEC2EEC8F8FC27E76414C2C529C82F84DF15C21F71 ] usbsmi          C:\windows\system32\DRIVERS\SMIksdrv.sys
22:20:44.0236 0x16f4  usbsmi - ok
22:20:44.0333 0x16f4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:20:44.0338 0x16f4  USBSTOR - ok
22:20:44.0439 0x16f4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
22:20:44.0441 0x16f4  usbuhci - ok
22:20:44.0588 0x16f4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
22:20:44.0623 0x16f4  usbvideo - ok
22:20:44.0711 0x16f4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
22:20:44.0715 0x16f4  UxSms - ok
22:20:44.0784 0x16f4  [ C8EB4193D33A48A4AD2D5D7CA121CF88, 057AB74992D342839337B9057462517B0FD622D521A160D895220ABCC23DD3BC ] UxTuneUp        C:\windows\System32\uxtuneup.dll
22:20:44.0788 0x16f4  UxTuneUp - ok
22:20:44.0815 0x16f4  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\windows\system32\lsass.exe
22:20:44.0817 0x16f4  VaultSvc - ok
22:20:44.0846 0x16f4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
22:20:44.0849 0x16f4  vdrvroot - ok
22:20:45.0057 0x16f4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
22:20:45.0084 0x16f4  vds - ok
22:20:45.0155 0x16f4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:20:45.0158 0x16f4  vga - ok
22:20:45.0228 0x16f4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
22:20:45.0230 0x16f4  VgaSave - ok
22:20:45.0341 0x16f4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
22:20:45.0351 0x16f4  vhdmp - ok
22:20:45.0418 0x16f4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
22:20:45.0420 0x16f4  viaide - ok
22:20:45.0471 0x16f4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
22:20:45.0475 0x16f4  volmgr - ok
22:20:45.0619 0x16f4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:20:45.0636 0x16f4  volmgrx - ok
22:20:45.0786 0x16f4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:20:45.0800 0x16f4  volsnap - ok
22:20:45.0922 0x16f4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
22:20:45.0930 0x16f4  vsmraid - ok
22:20:46.0079 0x16f4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
22:20:46.0152 0x16f4  VSS - ok
22:20:46.0179 0x16f4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:20:46.0181 0x16f4  vwifibus - ok
22:20:46.0221 0x16f4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:20:46.0224 0x16f4  vwififlt - ok
22:20:46.0283 0x16f4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
22:20:46.0286 0x16f4  vwifimp - ok
22:20:46.0342 0x16f4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
22:20:46.0364 0x16f4  W32Time - ok
22:20:46.0423 0x16f4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
22:20:46.0425 0x16f4  WacomPen - ok
22:20:46.0478 0x16f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:20:46.0482 0x16f4  WANARP - ok
22:20:46.0499 0x16f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:20:46.0504 0x16f4  Wanarpv6 - ok
22:20:46.0744 0x16f4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
22:20:46.0853 0x16f4  WatAdminSvc - ok
22:20:47.0446 0x16f4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
22:20:47.0540 0x16f4  wbengine - ok
22:20:47.0700 0x16f4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:20:47.0712 0x16f4  WbioSrvc - ok
22:20:47.0815 0x16f4  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\windows\WindowsMobile\wcescomm.dll
22:20:47.0834 0x16f4  WcesComm - ok
22:20:48.0049 0x16f4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:20:48.0068 0x16f4  wcncsvc - ok
22:20:48.0121 0x16f4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:20:48.0126 0x16f4  WcsPlugInService - ok
22:20:48.0190 0x16f4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
22:20:48.0193 0x16f4  Wd - ok
22:20:48.0301 0x16f4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:20:48.0368 0x16f4  Wdf01000 - ok
22:20:48.0457 0x16f4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:20:48.0464 0x16f4  WdiServiceHost - ok
22:20:48.0512 0x16f4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:20:48.0518 0x16f4  WdiSystemHost - ok
22:20:48.0634 0x16f4  [ 2A444ACF7DD446505BCC801F8F6AE5FD, A257CBA8D1B96D4E8C2085DB5D28C5D4FFA64767ABA5FE764F1AA2697D0E994B ] wdmirror        C:\windows\system32\DRIVERS\WDMirror.sys
22:20:48.0635 0x16f4  wdmirror - ok
22:20:48.0697 0x16f4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
22:20:48.0711 0x16f4  WebClient - ok
22:20:48.0838 0x16f4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:20:48.0853 0x16f4  Wecsvc - ok
22:20:48.0900 0x16f4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:20:48.0907 0x16f4  wercplsupport - ok
22:20:48.0999 0x16f4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
22:20:49.0011 0x16f4  WerSvc - ok
22:20:49.0078 0x16f4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:20:49.0080 0x16f4  WfpLwf - ok
22:20:49.0131 0x16f4  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
22:20:49.0139 0x16f4  WimFltr - ok
22:20:49.0165 0x16f4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:20:49.0167 0x16f4  WIMMount - ok
22:20:49.0201 0x16f4  WinDefend - ok
22:20:49.0240 0x16f4  WinHttpAutoProxySvc - ok
22:20:49.0324 0x16f4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:20:49.0337 0x16f4  Winmgmt - ok
22:20:49.0850 0x16f4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
22:20:50.0001 0x16f4  WinRM - ok
22:20:50.0159 0x16f4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
22:20:50.0177 0x16f4  WinUsb - ok
22:20:50.0302 0x16f4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
22:20:50.0357 0x16f4  Wlansvc - ok
22:20:50.0412 0x16f4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
22:20:50.0414 0x16f4  WmiAcpi - ok
22:20:50.0578 0x16f4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:20:50.0587 0x16f4  wmiApSrv - ok
22:20:50.0699 0x16f4  WMPNetworkSvc - ok
22:20:50.0751 0x16f4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:20:50.0756 0x16f4  WPCSvc - ok
22:20:50.0855 0x16f4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:20:50.0863 0x16f4  WPDBusEnum - ok
22:20:50.0929 0x16f4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:20:50.0932 0x16f4  ws2ifsl - ok
22:20:51.0016 0x16f4  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\windows\system32\drivers\VirtualAudio1.sys
22:20:51.0042 0x16f4  WsAudio_Device(1) - ok
22:20:51.0140 0x16f4  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(2) C:\windows\system32\drivers\VirtualAudio2.sys
22:20:51.0188 0x16f4  WsAudio_Device(2) - ok
22:20:51.0248 0x16f4  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(3) C:\windows\system32\drivers\VirtualAudio3.sys
22:20:51.0284 0x16f4  WsAudio_Device(3) - ok
22:20:51.0331 0x16f4  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(4) C:\windows\system32\drivers\VirtualAudio4.sys
22:20:51.0366 0x16f4  WsAudio_Device(4) - ok
22:20:51.0403 0x16f4  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(5) C:\windows\system32\drivers\VirtualAudio5.sys
22:20:51.0438 0x16f4  WsAudio_Device(5) - ok
22:20:51.0498 0x16f4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
22:20:51.0520 0x16f4  wscsvc - ok
22:20:51.0597 0x16f4  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
22:20:51.0600 0x16f4  WSDPrintDevice - ok
22:20:51.0646 0x16f4  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\windows\system32\DRIVERS\WSDScan.sys
22:20:51.0649 0x16f4  WSDScan - ok
22:20:51.0674 0x16f4  WSearch - ok
22:20:51.0754 0x16f4  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
22:20:51.0768 0x16f4  wsvd - ok
22:20:52.0072 0x16f4  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\windows\system32\wuaueng.dll
22:20:52.0233 0x16f4  wuauserv - ok
22:20:52.0297 0x16f4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:20:52.0302 0x16f4  WudfPf - ok
22:20:52.0343 0x16f4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\drivers\WUDFRd.sys
22:20:52.0354 0x16f4  WUDFRd - ok
22:20:52.0396 0x16f4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:20:52.0417 0x16f4  wudfsvc - ok
22:20:52.0461 0x16f4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
22:20:52.0476 0x16f4  WwanSvc - ok
22:20:52.0704 0x16f4  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl
22:20:52.0711 0x16f4  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:20:52.0741 0x16f4  ================ Scan global ===============================
22:20:52.0793 0x16f4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
22:20:52.0831 0x16f4  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:20:52.0876 0x16f4  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:20:53.0013 0x16f4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
22:20:53.0061 0x16f4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
22:20:53.0083 0x16f4  [ Global ] - ok
22:20:53.0084 0x16f4  ================ Scan MBR ==================================
22:20:53.0132 0x16f4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:20:53.0602 0x16f4  \Device\Harddisk0\DR0 - ok
22:20:53.0602 0x16f4  ================ Scan VBR ==================================
22:20:53.0632 0x16f4  [ C140740B5CAEC5C55629DA8992358D71 ] \Device\Harddisk0\DR0\Partition1
22:20:53.0635 0x16f4  \Device\Harddisk0\DR0\Partition1 - ok
22:20:53.0653 0x16f4  [ 9E636BC3B0566C77417399F86794F79C ] \Device\Harddisk0\DR0\Partition2
22:20:53.0656 0x16f4  \Device\Harddisk0\DR0\Partition2 - ok
22:20:53.0701 0x16f4  [ E8C175857B525D8E380CE00B9F5E53AD ] \Device\Harddisk0\DR0\Partition3
22:20:53.0728 0x16f4  \Device\Harddisk0\DR0\Partition3 - ok
22:20:53.0728 0x16f4  ================ Scan generic autorun ======================
22:20:53.0731 0x16f4  NvCplDaemon - ok
22:20:53.0860 0x16f4  [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
22:20:53.0904 0x16f4  cAudioFilterAgent - ok
22:20:54.0040 0x16f4  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
22:20:54.0116 0x16f4  MSC - ok
22:20:54.0183 0x16f4  [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
22:20:54.0195 0x16f4  IAStorIcon - ok
22:20:54.0261 0x16f4  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
22:20:54.0277 0x16f4  UpdateP2GShortCut - ok
22:20:54.0347 0x16f4  [ 696A74A2E7AAD166D0A97499A43AD084, A661156C420B3198A82A6A395B986B28E89645CCFEFF4ED68B95EE5FC447E032 ] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
22:20:54.0352 0x16f4  TrayServer - ok
22:20:54.0419 0x16f4  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:20:54.0422 0x16f4  APSDaemon - ok
22:20:54.0463 0x16f4  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:20:54.0482 0x16f4  SwitchBoard - ok
22:20:54.0563 0x16f4  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:20:54.0568 0x16f4  BCSSync - ok
22:20:54.0686 0x16f4  [ CDFFB0058BA113ED8C6099DE11FAAD49, D258D1F340734113C1E538C32DF15011009C19A9E88E0F471E3D8387D4EA7AEB ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
22:20:54.0765 0x16f4  CanonQuickMenu - ok
22:20:54.0833 0x16f4  [ B793DDE01D181ED91F333BF10FE2FC50, F9BA0FD8EC0C0E9D7E5969BC9ED0D0322EDFC8E65B11F642A7118B41F5BF197F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
22:20:54.0867 0x16f4  IJNetworkScannerSelectorEX - ok
22:20:55.0039 0x16f4  [ EA0CE8F77F1272A3D97C70BF3CE457F7, 2E9D95CE9103FBD74D3D9671341E1258C41320B6AE1BF996C41D0813BECB84CD ] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
22:20:55.0152 0x16f4  iSkysoft Helper Compact.exe - ok
22:20:55.0355 0x16f4  [ A1F127095742B85D34D81ED32DB4E0D6, F949C2281A8F2837D61E961A635058DDC1EAC255F4CA27BED1A8DDA58EBA0513 ] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
22:20:56.0085 0x16f4  DelaypluginInstall - ok
22:20:56.0265 0x16f4  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:20:56.0513 0x16f4  QuickTime Task - ok
22:20:57.0036 0x16f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:20:57.0090 0x16f4  Sidebar - ok
22:20:57.0180 0x16f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:20:57.0186 0x16f4  mctadmin - ok
22:20:57.0241 0x16f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:20:57.0283 0x16f4  Sidebar - ok
22:20:57.0301 0x16f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:20:57.0306 0x16f4  mctadmin - ok
22:20:57.0414 0x16f4  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
22:20:57.0417 0x16f4  iCloudServices - ok
22:20:57.0608 0x16f4  [ 3A9FA910E679385D3F5647B9B8CF5CA2, DE321EB829E461CF91474C942FEDCC6FA0C20D9674067FE21C6F3DF438F61A4B ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
22:20:57.0654 0x16f4  OfficeSyncProcess - ok
22:20:57.0681 0x16f4  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:20:57.0686 0x16f4  swg - ok
22:20:57.0723 0x16f4  [ 105C276BB7B43501225C419B062096D0, F5D35230FC5E116FB04147F216313D2E2542D96E975B19F5FD9F7641CF11271F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
22:20:57.0725 0x16f4  ApplePhotoStreams - ok
22:20:57.0768 0x16f4  Skype - ok
22:20:57.0772 0x16f4  Waiting for KSN requests completion. In queue: 115
22:20:58.0772 0x16f4  Waiting for KSN requests completion. In queue: 115
22:20:59.0773 0x16f4  Waiting for KSN requests completion. In queue: 115
22:21:00.0783 0x16f4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
22:21:00.0823 0x16f4  Win FW state via NFP2: enabled
22:21:03.0783 0x16f4  ============================================================
22:21:03.0783 0x16f4  Scan finished
22:21:03.0783 0x16f4  ============================================================
22:21:03.0793 0x12ec  Detected object count: 0
22:21:03.0793 0x12ec  Actual detected object count: 0
22:21:48.0488 0x1a0c  ============================================================
22:21:48.0489 0x1a0c  Scan started
22:21:48.0489 0x1a0c  Mode: Manual; SigCheck; TDLFS; 
22:21:48.0489 0x1a0c  ============================================================
22:21:48.0489 0x1a0c  KSN ping started
22:21:51.0248 0x1a0c  KSN ping finished: true
22:21:51.0713 0x1a0c  ================ Scan system memory ========================
22:21:51.0713 0x1a0c  System memory - ok
22:21:51.0723 0x1a0c  ================ Scan services =============================
22:21:51.0883 0x1a0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\DRIVERS\1394ohci.sys
22:21:52.0043 0x1a0c  1394ohci - ok
22:21:52.0083 0x1a0c  [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883           C:\windows\system32\DRIVERS\61883.sys
22:21:52.0183 0x1a0c  61883 - ok
22:21:52.0233 0x1a0c  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\windows\system32\drivers\acedrv11.sys
22:21:52.0263 0x1a0c  acedrv11 - ok
22:21:52.0323 0x1a0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
22:21:52.0363 0x1a0c  ACPI - ok
22:21:52.0403 0x1a0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
22:21:52.0503 0x1a0c  AcpiPmi - ok
22:21:52.0533 0x1a0c  [ DC201246A14CB3B274DF59FAF539AB07, D4DAED256E9EDD5ADD7384E9FD9F8DC2B1029543BC894367B582BA7119FABD94 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
22:21:52.0553 0x1a0c  ACPIVPC - ok
22:21:52.0874 0x1a0c  [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:52.0904 0x1a0c  AdobeFlashPlayerUpdateSvc - ok
22:21:52.0964 0x1a0c  [ 2F6B34B83843F0C5118B63AC634F5BF4,
         

Geändert von Trinitat (11.06.2015 um 21:26 Uhr)

Alt 11.06.2015, 21:33   #5
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Code:
ATTFilter
43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
22:21:53.0014 0x1a0c  adp94xx - ok
22:21:53.0054 0x1a0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
22:21:53.0094 0x1a0c  adpahci - ok
22:21:53.0174 0x1a0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
22:21:53.0204 0x1a0c  adpu320 - ok
22:21:53.0264 0x1a0c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
22:21:53.0344 0x1a0c  AeLookupSvc - ok
22:21:53.0434 0x1a0c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
22:21:53.0544 0x1a0c  AFD - ok
22:21:53.0574 0x1a0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
22:21:53.0594 0x1a0c  agp440 - ok
22:21:53.0624 0x1a0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
22:21:53.0724 0x1a0c  ALG - ok
22:21:53.0784 0x1a0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
22:21:53.0804 0x1a0c  aliide - ok
22:21:53.0904 0x1a0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
22:21:53.0924 0x1a0c  amdide - ok
22:21:53.0994 0x1a0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
22:21:54.0064 0x1a0c  AmdK8 - ok
22:21:54.0074 0x1a0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
22:21:54.0114 0x1a0c  AmdPPM - ok
22:21:54.0154 0x1a0c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
22:21:54.0174 0x1a0c  amdsata - ok
22:21:54.0284 0x1a0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
22:21:54.0314 0x1a0c  amdsbs - ok
22:21:54.0344 0x1a0c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
22:21:54.0374 0x1a0c  amdxata - ok
22:21:54.0444 0x1a0c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\windows\system32\drivers\appid.sys
22:21:54.0494 0x1a0c  AppID - ok
22:21:54.0524 0x1a0c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\windows\System32\appidsvc.dll
22:21:54.0574 0x1a0c  AppIDSvc - ok
22:21:54.0634 0x1a0c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
22:21:54.0724 0x1a0c  Appinfo - ok
22:21:54.0854 0x1a0c  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:54.0874 0x1a0c  Apple Mobile Device - ok
22:21:54.0904 0x1a0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
22:21:54.0934 0x1a0c  arc - ok
22:21:54.0954 0x1a0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
22:21:54.0974 0x1a0c  arcsas - ok
22:21:55.0104 0x1a0c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:21:55.0134 0x1a0c  aspnet_state - ok
22:21:55.0154 0x1a0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
22:21:55.0354 0x1a0c  AsyncMac - ok
22:21:55.0374 0x1a0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
22:21:55.0394 0x1a0c  atapi - ok
22:21:55.0504 0x1a0c  [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr            C:\windows\system32\DRIVERS\athrx.sys
22:21:55.0654 0x1a0c  athr - ok
22:21:55.0714 0x1a0c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:21:55.0794 0x1a0c  AudioEndpointBuilder - ok
22:21:55.0854 0x1a0c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
22:21:55.0914 0x1a0c  AudioSrv - ok
22:21:55.0944 0x1a0c  [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc             C:\windows\system32\DRIVERS\avc.sys
22:21:55.0994 0x1a0c  Avc - ok
22:21:56.0034 0x1a0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
22:21:56.0144 0x1a0c  AxInstSV - ok
22:21:56.0204 0x1a0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
22:21:56.0294 0x1a0c  b06bdrv - ok
22:21:56.0324 0x1a0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
22:21:56.0374 0x1a0c  b57nd60a - ok
22:21:56.0424 0x1a0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
22:21:56.0484 0x1a0c  BDESVC - ok
22:21:56.0544 0x1a0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
22:21:56.0644 0x1a0c  Beep - ok
22:21:56.0714 0x1a0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
22:21:56.0804 0x1a0c  BFE - ok
22:21:56.0864 0x1a0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
22:21:57.0134 0x1a0c  BITS - ok
22:21:57.0154 0x1a0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
22:21:57.0184 0x1a0c  blbdrive - ok
22:21:57.0314 0x1a0c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:57.0354 0x1a0c  Bonjour Service - ok
22:21:57.0424 0x1a0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
22:21:57.0494 0x1a0c  bowser - ok
22:21:57.0524 0x1a0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
22:21:57.0584 0x1a0c  BrFiltLo - ok
22:21:57.0614 0x1a0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
22:21:57.0654 0x1a0c  BrFiltUp - ok
22:21:57.0704 0x1a0c  [ 34F786535F9245E4028C57B28248C9D8, 95CB2B765BF4388A9204A8A974DCFF431CBC26E7274937386720514FF23871CB ] Bridge0         C:\windows\system32\drivers\WDBridge.sys
22:21:57.0724 0x1a0c  Bridge0 - ok
22:21:57.0804 0x1a0c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
22:21:57.0884 0x1a0c  Browser - ok
22:21:57.0914 0x1a0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\system32\DRIVERS\BrSerId.sys
22:21:58.0014 0x1a0c  Brserid - ok
22:21:58.0034 0x1a0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
22:21:58.0084 0x1a0c  BrSerWdm - ok
22:21:58.0114 0x1a0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
22:21:58.0164 0x1a0c  BrUsbMdm - ok
22:21:58.0174 0x1a0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\system32\DRIVERS\BrUsbSer.sys
22:21:58.0214 0x1a0c  BrUsbSer - ok
22:21:58.0264 0x1a0c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
22:21:58.0324 0x1a0c  BthEnum - ok
22:21:58.0384 0x1a0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
22:21:58.0434 0x1a0c  BTHMODEM - ok
22:21:58.0464 0x1a0c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
22:21:58.0514 0x1a0c  BthPan - ok
22:21:58.0594 0x1a0c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
22:21:58.0654 0x1a0c  BTHPORT - ok
22:21:58.0724 0x1a0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
22:21:58.0815 0x1a0c  bthserv - ok
22:21:58.0905 0x1a0c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
22:21:58.0955 0x1a0c  BTHUSB - ok
22:21:59.0025 0x1a0c  [ 6E04458E98DAF28826482E41A7A62DF5, 995B371E7384CC05D3A0B462B31A3EA56D8715A93D15B45DB3A78C7F7CF13A40 ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
22:21:59.0045 0x1a0c  btusbflt - ok
22:21:59.0125 0x1a0c  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B, 2A2039DD524E989EA91B7C91D5F295C663D1E27ABD64777D2F3137EB1C42C258 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
22:21:59.0145 0x1a0c  btwaudio - ok
22:21:59.0185 0x1a0c  [ 82DC8B7C626E526681C1BEBED2BC3FF9, 58260E88CDD7388ABA563F9B8F2F3FA17022DB9E4C56EBA0761E99B919A8EAF8 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
22:21:59.0205 0x1a0c  btwavdt - ok
22:21:59.0725 0x1a0c  [ C73EB036BFC5A27B9CB87B29F7ED88C3, ED303B500F24C7F647400F5377B20CB92567B1771F0947B500C61907292495F7 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
22:21:59.0785 0x1a0c  btwdins - ok
22:21:59.0815 0x1a0c  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
22:21:59.0835 0x1a0c  btwl2cap - ok
22:21:59.0845 0x1a0c  [ 28E105AD3B79F440BF94780F507BF66A, EF4E6CCAB16765E2C88666625C13CB3299B668159A94CB201E3B44701A30640A ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
22:21:59.0865 0x1a0c  btwrchid - ok
22:21:59.0885 0x1a0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
22:21:59.0975 0x1a0c  cdfs - ok
22:22:00.0005 0x1a0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
22:22:00.0045 0x1a0c  cdrom - ok
22:22:00.0095 0x1a0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
22:22:00.0195 0x1a0c  CertPropSvc - ok
22:22:00.0215 0x1a0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
22:22:00.0265 0x1a0c  circlass - ok
22:22:00.0315 0x1a0c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
22:22:00.0355 0x1a0c  CLFS - ok
22:22:00.0445 0x1a0c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:00.0465 0x1a0c  clr_optimization_v2.0.50727_32 - ok
22:22:00.0545 0x1a0c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:22:00.0565 0x1a0c  clr_optimization_v2.0.50727_64 - ok
22:22:00.0895 0x1a0c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:00.0925 0x1a0c  clr_optimization_v4.0.30319_32 - ok
22:22:00.0985 0x1a0c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:22:01.0015 0x1a0c  clr_optimization_v4.0.30319_64 - ok
22:22:01.0055 0x1a0c  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
22:22:01.0065 0x1a0c  clwvd - ok
22:22:01.0115 0x1a0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
22:22:01.0155 0x1a0c  CmBatt - ok
22:22:01.0205 0x1a0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
22:22:01.0225 0x1a0c  cmdide - ok
22:22:01.0305 0x1a0c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\windows\system32\Drivers\cng.sys
22:22:01.0375 0x1a0c  CNG - ok
22:22:01.0445 0x1a0c  [ 7247A4D0875F5F28919E0787E11B7B57, 9F79077619E626A8DAE74D9EF819BF1D061455CBCAD23C491EC595A2F6C21DED ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:22:01.0495 0x1a0c  CnxtHdAudService - ok
22:22:01.0575 0x1a0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
22:22:01.0595 0x1a0c  Compbatt - ok
22:22:01.0655 0x1a0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
22:22:01.0695 0x1a0c  CompositeBus - ok
22:22:01.0705 0x1a0c  COMSysApp - ok
22:22:01.0745 0x1a0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
22:22:01.0766 0x1a0c  crcdisk - ok
22:22:01.0846 0x1a0c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\windows\system32\cryptsvc.dll
22:22:01.0926 0x1a0c  CryptSvc - ok
22:22:02.0166 0x1a0c  [ BD989CFC6E296373A7EA59514E17A199, 2259B966B8780B08EF6B8E27039C8125D5A751E3C01AB92F20E77F5467B40DEC ] DBService       C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
22:22:02.0386 0x1a0c  DBService - detected UnsignedFile.Multi.Generic ( 1 )
22:22:02.0386 0x1a0c  Detect skipped due to KSN trusted
22:22:02.0386 0x1a0c  DBService - ok
22:22:02.0446 0x1a0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
22:22:02.0566 0x1a0c  DcomLaunch - ok
22:22:02.0616 0x1a0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
22:22:02.0726 0x1a0c  defragsvc - ok
22:22:02.0756 0x1a0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
22:22:02.0846 0x1a0c  DfsC - ok
22:22:02.0956 0x1a0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
22:22:03.0036 0x1a0c  Dhcp - ok
22:22:03.0556 0x1a0c  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\windows\system32\diagtrack.dll
22:22:03.0696 0x1a0c  DiagTrack - ok
22:22:03.0726 0x1a0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
22:22:03.0816 0x1a0c  discache - ok
22:22:03.0846 0x1a0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
22:22:03.0866 0x1a0c  Disk - ok
22:22:03.0916 0x1a0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
22:22:03.0976 0x1a0c  Dnscache - ok
22:22:04.0026 0x1a0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
22:22:04.0136 0x1a0c  dot3svc - ok
22:22:04.0186 0x1a0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
22:22:04.0286 0x1a0c  DPS - ok
22:22:04.0336 0x1a0c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
22:22:04.0366 0x1a0c  drmkaud - ok
22:22:04.0496 0x1a0c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
22:22:04.0576 0x1a0c  DXGKrnl - ok
22:22:04.0616 0x1a0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
22:22:04.0716 0x1a0c  EapHost - ok
22:22:04.0996 0x1a0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
22:22:05.0186 0x1a0c  ebdrv - ok
22:22:05.0236 0x1a0c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\windows\System32\lsass.exe
22:22:05.0306 0x1a0c  EFS - ok
22:22:05.0456 0x1a0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
22:22:05.0566 0x1a0c  ehRecvr - ok
22:22:05.0596 0x1a0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
22:22:05.0666 0x1a0c  ehSched - ok
22:22:05.0786 0x1a0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
22:22:05.0826 0x1a0c  elxstor - ok
22:22:05.0876 0x1a0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
22:22:05.0916 0x1a0c  ErrDev - ok
22:22:05.0966 0x1a0c  [ FB558CEBEA17A6B63205985DFF39E662, D62375B81E76A48B4BCF747384B650D17773CF03C4FA2EF7D5FA88A763C655C0 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
22:22:06.0006 0x1a0c  ETD - ok
22:22:06.0146 0x1a0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
22:22:06.0256 0x1a0c  EventSystem - ok
22:22:06.0286 0x1a0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
22:22:06.0366 0x1a0c  exfat - ok
22:22:06.0446 0x1a0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
22:22:06.0546 0x1a0c  fastfat - ok
22:22:06.0626 0x1a0c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
22:22:06.0726 0x1a0c  Fax - ok
22:22:06.0776 0x1a0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
22:22:06.0806 0x1a0c  fdc - ok
22:22:06.0856 0x1a0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
22:22:06.0966 0x1a0c  fdPHost - ok
22:22:06.0996 0x1a0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
22:22:07.0066 0x1a0c  FDResPub - ok
22:22:07.0126 0x1a0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
22:22:07.0146 0x1a0c  FileInfo - ok
22:22:07.0166 0x1a0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
22:22:07.0256 0x1a0c  Filetrace - ok
22:22:07.0736 0x1a0c  [ 167D24A045499EBEF438F231976158DF, 237F1495BA79D9082D6B383FE9AC5C6154A6F76F181000401F5790236EB57301 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
22:22:07.0866 0x1a0c  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
22:22:07.0866 0x1a0c  Detect skipped due to KSN trusted
22:22:07.0866 0x1a0c  FirebirdServerMAGIXInstance - ok
22:22:07.0906 0x1a0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
22:22:07.0946 0x1a0c  flpydisk - ok
22:22:08.0026 0x1a0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
22:22:08.0056 0x1a0c  FltMgr - ok
22:22:08.0156 0x1a0c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\windows\system32\FntCache.dll
22:22:08.0286 0x1a0c  FontCache - ok
22:22:08.0416 0x1a0c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:22:08.0436 0x1a0c  FontCache3.0.0.0 - ok
22:22:08.0486 0x1a0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
22:22:08.0506 0x1a0c  FsDepends - ok
22:22:08.0566 0x1a0c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
22:22:08.0586 0x1a0c  Fs_Rec - ok
22:22:08.0636 0x1a0c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
22:22:08.0676 0x1a0c  fvevol - ok
22:22:08.0706 0x1a0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
22:22:08.0736 0x1a0c  gagp30kx - ok
22:22:08.0806 0x1a0c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:22:08.0826 0x1a0c  GEARAspiWDM - ok
22:22:08.0906 0x1a0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
22:22:09.0036 0x1a0c  gpsvc - ok
22:22:09.0146 0x1a0c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:09.0166 0x1a0c  gupdate - ok
22:22:09.0176 0x1a0c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:22:09.0196 0x1a0c  gupdatem - ok
22:22:09.0306 0x1a0c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:22:09.0326 0x1a0c  gusvc - ok
22:22:09.0376 0x1a0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
22:22:09.0446 0x1a0c  hcw85cir - ok
22:22:09.0486 0x1a0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:22:09.0556 0x1a0c  HdAudAddService - ok
22:22:09.0626 0x1a0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
22:22:09.0656 0x1a0c  HDAudBus - ok
22:22:09.0676 0x1a0c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
22:22:09.0696 0x1a0c  HECIx64 - ok
22:22:09.0756 0x1a0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
22:22:09.0796 0x1a0c  HidBatt - ok
22:22:09.0826 0x1a0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
22:22:09.0866 0x1a0c  HidBth - ok
22:22:09.0906 0x1a0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
22:22:09.0956 0x1a0c  HidIr - ok
22:22:09.0986 0x1a0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
22:22:10.0086 0x1a0c  hidserv - ok
22:22:10.0136 0x1a0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
22:22:10.0176 0x1a0c  HidUsb - ok
22:22:10.0206 0x1a0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
22:22:10.0296 0x1a0c  hkmsvc - ok
22:22:10.0356 0x1a0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:22:10.0436 0x1a0c  HomeGroupListener - ok
22:22:10.0476 0x1a0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:22:10.0526 0x1a0c  HomeGroupProvider - ok
22:22:10.0606 0x1a0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
22:22:10.0636 0x1a0c  HpSAMD - ok
22:22:10.0736 0x1a0c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
22:22:10.0866 0x1a0c  HTTP - ok
22:22:10.0956 0x1a0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
22:22:10.0986 0x1a0c  hwpolicy - ok
22:22:11.0086 0x1a0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
22:22:11.0116 0x1a0c  i8042prt - ok
22:22:11.0206 0x1a0c  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
22:22:11.0246 0x1a0c  iaStor - ok
22:22:11.0356 0x1a0c  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:22:11.0376 0x1a0c  IAStorDataMgrSvc - ok
22:22:11.0476 0x1a0c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
22:22:11.0516 0x1a0c  iaStorV - ok
22:22:11.0867 0x1a0c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:22:11.0927 0x1a0c  idsvc - ok
22:22:11.0937 0x1a0c  IEEtwCollectorService - ok
22:22:11.0987 0x1a0c  IePluginService - ok
22:22:12.0577 0x1a0c  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
22:22:12.0907 0x1a0c  igfx - ok
22:22:13.0017 0x1a0c  [ D951D20153E51928F9DB2227D6FF5C7A, 8D49F3D85452C65D5188C9516E89631E718A07E34176CF6FA0B1E02D8C18ABDB ] IGRS            C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
22:22:13.0027 0x1a0c  IGRS - ok
22:22:13.0047 0x1a0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
22:22:13.0067 0x1a0c  iirsp - ok
22:22:13.0187 0x1a0c  [ EDCCC8C13B1EB882F77BA0ABB84566E7, DB299C1D2CFC197CF2FE69358F5EEDE94DCC4C919AF5D2CDFFF0DE476612C988 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:22:13.0217 0x1a0c  IJPLMSVC - ok
22:22:13.0357 0x1a0c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
22:22:13.0437 0x1a0c  IKEEXT - ok
22:22:13.0487 0x1a0c  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
22:22:13.0557 0x1a0c  Impcd - ok
22:22:13.0617 0x1a0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
22:22:13.0637 0x1a0c  intelide - ok
22:22:13.0687 0x1a0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
22:22:13.0737 0x1a0c  intelppm - ok
22:22:13.0787 0x1a0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
22:22:13.0877 0x1a0c  IPBusEnum - ok
22:22:13.0907 0x1a0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
22:22:14.0007 0x1a0c  IpFilterDriver - ok
22:22:14.0057 0x1a0c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
22:22:14.0167 0x1a0c  iphlpsvc - ok
22:22:14.0227 0x1a0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
22:22:14.0267 0x1a0c  IPMIDRV - ok
22:22:14.0327 0x1a0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
22:22:14.0437 0x1a0c  IPNAT - ok
22:22:14.0507 0x1a0c  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:22:14.0547 0x1a0c  iPod Service - ok
22:22:14.0597 0x1a0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
22:22:14.0697 0x1a0c  IRENUM - ok
22:22:14.0767 0x1a0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
22:22:14.0787 0x1a0c  isapnp - ok
22:22:14.0848 0x1a0c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
22:22:14.0888 0x1a0c  iScsiPrt - ok
22:22:14.0948 0x1a0c  [ 7DBAFE10C1B777305C80BEA42FBDA710, 768638FAD1FF94F2C15E2F1558F9A03730195B041CCBBC82241EC1F92CD7D46F ] k57nd60a        C:\windows\system32\DRIVERS\k57nd60a.sys
22:22:14.0988 0x1a0c  k57nd60a - ok
22:22:15.0038 0x1a0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
22:22:15.0058 0x1a0c  kbdclass - ok
22:22:15.0108 0x1a0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
22:22:15.0128 0x1a0c  kbdhid - ok
22:22:15.0158 0x1a0c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\windows\system32\lsass.exe
22:22:15.0178 0x1a0c  KeyIso - ok
22:22:15.0228 0x1a0c  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
22:22:15.0248 0x1a0c  KSecDD - ok
22:22:15.0318 0x1a0c  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
22:22:15.0338 0x1a0c  KSecPkg - ok
22:22:15.0378 0x1a0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
22:22:15.0468 0x1a0c  ksthunk - ok
22:22:15.0608 0x1a0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
22:22:15.0718 0x1a0c  KtmRm - ok
22:22:15.0848 0x1a0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
22:22:15.0948 0x1a0c  LanmanServer - ok
22:22:15.0998 0x1a0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:22:16.0078 0x1a0c  LanmanWorkstation - ok
22:22:16.0318 0x1a0c  [ 7FCB3EC66361F157BCD5B5C33CE2AC16, F4A96124AE0B4BEB1B7A8F7865B9FE474DD87B9C409681A2DDFAA3AADE562B13 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
22:22:16.0358 0x1a0c  Lenovo ReadyComm AppSvc - ok
22:22:16.0408 0x1a0c  [ 5287074E79E4BA82510886F684DC5F72, 76C884617FBDEBEE61B33997CA93C2A2B9B902692B84E2D897E56C54833CFD1E ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
22:22:16.0448 0x1a0c  Lenovo ReadyComm ConnSvc - ok
22:22:16.0488 0x1a0c  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
22:22:16.0508 0x1a0c  LHDmgr - ok
22:22:16.0568 0x1a0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
22:22:16.0658 0x1a0c  lltdio - ok
22:22:16.0778 0x1a0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
22:22:16.0898 0x1a0c  lltdsvc - ok
22:22:16.0938 0x1a0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
22:22:17.0048 0x1a0c  lmhosts - ok
22:22:17.0358 0x1a0c  [ 1E2F802846EB944E0333EFEE7C9532A8, 86EB59BF238E3DB8AF9E379B0BAE5AEC734C15598E665062B2E19C0A58BEF783 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:22:17.0388 0x1a0c  LMS - ok
22:22:17.0508 0x1a0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
22:22:17.0538 0x1a0c  LSI_FC - ok
22:22:17.0568 0x1a0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
22:22:17.0598 0x1a0c  LSI_SAS - ok
22:22:17.0668 0x1a0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
22:22:17.0688 0x1a0c  LSI_SAS2 - ok
22:22:17.0718 0x1a0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
22:22:17.0738 0x1a0c  LSI_SCSI - ok
22:22:17.0808 0x1a0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
22:22:17.0908 0x1a0c  luafv - ok
22:22:17.0958 0x1a0c  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\windows\system32\drivers\mbamchameleon.sys
22:22:17.0978 0x1a0c  mbamchameleon - ok
22:22:18.0028 0x1a0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
22:22:18.0048 0x1a0c  Mcx2Svc - ok
22:22:18.0088 0x1a0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
22:22:18.0108 0x1a0c  megasas - ok
22:22:18.0218 0x1a0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
22:22:18.0248 0x1a0c  MegaSR - ok
22:22:18.0358 0x1a0c  Microsoft SharePoint Workspace Audit Service - ok
22:22:18.0418 0x1a0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
22:22:18.0508 0x1a0c  MMCSS - ok
22:22:18.0558 0x1a0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
22:22:18.0628 0x1a0c  Modem - ok
22:22:18.0698 0x1a0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
22:22:18.0728 0x1a0c  monitor - ok
22:22:18.0808 0x1a0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
22:22:18.0828 0x1a0c  mouclass - ok
22:22:18.0909 0x1a0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
22:22:18.0969 0x1a0c  mouhid - ok
22:22:19.0089 0x1a0c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
22:22:19.0109 0x1a0c  mountmgr - ok
22:22:19.0379 0x1a0c  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:22:19.0399 0x1a0c  MozillaMaintenance - ok
22:22:19.0609 0x1a0c  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
22:22:19.0649 0x1a0c  MpFilter - ok
22:22:19.0849 0x1a0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
22:22:19.0879 0x1a0c  mpio - ok
22:22:19.0959 0x1a0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
22:22:20.0039 0x1a0c  mpsdrv - ok
22:22:20.0429 0x1a0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
22:22:20.0559 0x1a0c  MpsSvc - ok
22:22:20.0609 0x1a0c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
22:22:20.0689 0x1a0c  MRxDAV - ok
22:22:20.0729 0x1a0c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
22:22:20.0789 0x1a0c  mrxsmb - ok
22:22:20.0829 0x1a0c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
22:22:20.0879 0x1a0c  mrxsmb10 - ok
22:22:20.0909 0x1a0c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
22:22:20.0959 0x1a0c  mrxsmb20 - ok
22:22:20.0989 0x1a0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
22:22:21.0009 0x1a0c  msahci - ok
22:22:21.0039 0x1a0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
22:22:21.0069 0x1a0c  msdsm - ok
22:22:21.0149 0x1a0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
22:22:21.0199 0x1a0c  MSDTC - ok
22:22:21.0279 0x1a0c  [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV            C:\windows\system32\DRIVERS\msdv.sys
22:22:21.0339 0x1a0c  MSDV - ok
22:22:21.0389 0x1a0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
22:22:21.0489 0x1a0c  Msfs - ok
22:22:21.0499 0x1a0c  MsgPlusDriver - ok
22:22:21.0549 0x1a0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
22:22:21.0619 0x1a0c  mshidkmdf - ok
22:22:21.0669 0x1a0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
22:22:21.0689 0x1a0c  msisadrv - ok
22:22:21.0789 0x1a0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
22:22:21.0889 0x1a0c  MSiSCSI - ok
22:22:21.0899 0x1a0c  msiserver - ok
22:22:21.0989 0x1a0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
22:22:22.0099 0x1a0c  MSKSSRV - ok
22:22:22.0179 0x1a0c  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:22:22.0209 0x1a0c  MsMpSvc - ok
22:22:22.0269 0x1a0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
22:22:22.0359 0x1a0c  MSPCLOCK - ok
22:22:22.0429 0x1a0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
22:22:22.0519 0x1a0c  MSPQM - ok
22:22:22.0569 0x1a0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
22:22:22.0599 0x1a0c  MsRPC - ok
22:22:22.0669 0x1a0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
22:22:22.0689 0x1a0c  mssmbios - ok
22:22:22.0739 0x1a0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
22:22:22.0819 0x1a0c  MSTEE - ok
22:22:22.0849 0x1a0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
22:22:22.0889 0x1a0c  MTConfig - ok
22:22:22.0939 0x1a0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
22:22:22.0959 0x1a0c  Mup - ok
22:22:23.0009 0x1a0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
22:22:23.0109 0x1a0c  napagent - ok
22:22:23.0159 0x1a0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
22:22:23.0229 0x1a0c  NativeWifiP - ok
22:22:23.0309 0x1a0c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
22:22:23.0369 0x1a0c  NDIS - ok
22:22:23.0439 0x1a0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
22:22:23.0539 0x1a0c  NdisCap - ok
22:22:23.0569 0x1a0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
22:22:23.0669 0x1a0c  NdisTapi - ok
22:22:23.0699 0x1a0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
22:22:23.0789 0x1a0c  Ndisuio - ok
22:22:23.0829 0x1a0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
22:22:23.0929 0x1a0c  NdisWan - ok
22:22:23.0949 0x1a0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
22:22:24.0049 0x1a0c  NDProxy - ok
22:22:24.0069 0x1a0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
22:22:24.0179 0x1a0c  NetBIOS - ok
22:22:24.0249 0x1a0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
22:22:24.0369 0x1a0c  NetBT - ok
22:22:24.0399 0x1a0c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\windows\system32\lsass.exe
22:22:24.0419 0x1a0c  Netlogon - ok
22:22:24.0479 0x1a0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
22:22:24.0579 0x1a0c  Netman - ok
22:22:24.0639 0x1a0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0659 0x1a0c  NetMsmqActivator - ok
22:22:24.0689 0x1a0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0719 0x1a0c  NetPipeActivator - ok
22:22:24.0779 0x1a0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
22:22:24.0869 0x1a0c  netprofm - ok
22:22:24.0890 0x1a0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0920 0x1a0c  NetTcpActivator - ok
22:22:24.0930 0x1a0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:22:24.0960 0x1a0c  NetTcpPortSharing - ok
22:22:25.0240 0x1a0c  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\windows\system32\DRIVERS\netw5v64.sys
22:22:25.0610 0x1a0c  netw5v64 - ok
22:22:25.0650 0x1a0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
22:22:25.0670 0x1a0c  nfrd960 - ok
22:22:25.0710 0x1a0c  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:22:25.0740 0x1a0c  NisDrv - ok
22:22:25.0780 0x1a0c  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:22:25.0820 0x1a0c  NisSrv - ok
22:22:25.0870 0x1a0c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
22:22:25.0940 0x1a0c  NlaSvc - ok
22:22:25.0960 0x1a0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
22:22:26.0060 0x1a0c  Npfs - ok
22:22:26.0100 0x1a0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
22:22:26.0200 0x1a0c  nsi - ok
22:22:26.0240 0x1a0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
22:22:26.0330 0x1a0c  nsiproxy - ok
22:22:26.0460 0x1a0c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
22:22:26.0560 0x1a0c  Ntfs - ok
22:22:26.0590 0x1a0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
22:22:26.0670 0x1a0c  Null - ok
22:22:26.0720 0x1a0c  [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
22:22:26.0740 0x1a0c  NVHDA - ok
22:22:27.0321 0x1a0c  [ B8A1174BFD21AF0379B4807BFC85FA66, FEA45F8DF69EC026760560D2A16988F1E2EFAED6A3B6E9DE1040083568E51631 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
22:22:27.0861 0x1a0c  nvlddmkm - ok
22:22:27.0911 0x1a0c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
22:22:27.0931 0x1a0c  nvraid - ok
22:22:27.0971 0x1a0c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
22:22:27.0991 0x1a0c  nvstor - ok
22:22:28.0041 0x1a0c  [ 8C639660B1CB88A966674FC13B8F43A2, C794554D771CA61746F21D2CF73A7F0B5919FCB6EEE2A1A88B3EFA5CA7AFE662 ] nvsvc           C:\windows\system32\nvvsvc.exe
22:22:28.0071 0x1a0c  nvsvc - ok
22:22:28.0101 0x1a0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
22:22:28.0121 0x1a0c  nv_agp - ok
22:22:28.0161 0x1a0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
22:22:28.0211 0x1a0c  ohci1394 - ok
22:22:28.0251 0x1a0c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:28.0271 0x1a0c  ose - ok
22:22:28.0561 0x1a0c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:22:28.0821 0x1a0c  osppsvc - ok
22:22:28.0891 0x1a0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
22:22:28.0972 0x1a0c  p2pimsvc - ok
22:22:29.0012 0x1a0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
22:22:29.0052 0x1a0c  p2psvc - ok
22:22:29.0092 0x1a0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
22:22:29.0112 0x1a0c  Parport - ok
22:22:29.0142 0x1a0c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
22:22:29.0172 0x1a0c  partmgr - ok
22:22:29.0222 0x1a0c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
22:22:29.0292 0x1a0c  PcaSvc - ok
22:22:29.0322 0x1a0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
22:22:29.0352 0x1a0c  pci - ok
22:22:29.0392 0x1a0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
22:22:29.0412 0x1a0c  pciide - ok
22:22:29.0462 0x1a0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
22:22:29.0502 0x1a0c  pcmcia - ok
22:22:29.0522 0x1a0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
22:22:29.0552 0x1a0c  pcw - ok
22:22:29.0612 0x1a0c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
22:22:29.0682 0x1a0c  PEAUTH - ok
22:22:29.0812 0x1a0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
22:22:29.0842 0x1a0c  PerfHost - ok
22:22:29.0973 0x1a0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
22:22:30.0123 0x1a0c  pla - ok
22:22:30.0183 0x1a0c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
22:22:30.0243 0x1a0c  PlugPlay - ok
22:22:30.0283 0x1a0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
22:22:30.0323 0x1a0c  PNRPAutoReg - ok
22:22:30.0373 0x1a0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
22:22:30.0413 0x1a0c  PNRPsvc - ok
22:22:30.0473 0x1a0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
22:22:30.0593 0x1a0c  PolicyAgent - ok
22:22:30.0663 0x1a0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
22:22:30.0763 0x1a0c  Power - ok
22:22:30.0813 0x1a0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
22:22:30.0883 0x1a0c  PptpMiniport - ok
22:22:30.0933 0x1a0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
22:22:30.0983 0x1a0c  Processor - ok
22:22:31.0023 0x1a0c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
22:22:31.0093 0x1a0c  ProfSvc - ok
22:22:31.0143 0x1a0c  [ 9CC2C93394241E602DA63826413055FF, 844FA885A2FF59758D5E97084AD81C48DFA2BBC39E4CDE7B04D200820426D7EA ] Prosieben       C:\Program Files (x86)\maxdome\DCBin\DCService.exe
22:22:31.0163 0x1a0c  Prosieben - ok
22:22:31.0183 0x1a0c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\windows\system32\lsass.exe
22:22:31.0213 0x1a0c  ProtectedStorage - ok
22:22:31.0243 0x1a0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
22:22:31.0313 0x1a0c  Psched - ok
22:22:31.0343 0x1a0c  [ FB46E9A827A8799EBD7BFA9128C91F37, 7C40E9C1720522D76AF45A588DFF47BDF0E2A99AF3A396854A00F1273EA13193 ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
22:22:31.0363 0x1a0c  PSI - ok
22:22:31.0373 0x1a0c  PS_MDP - ok
22:22:31.0493 0x1a0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
22:22:31.0583 0x1a0c  ql2300 - ok
22:22:31.0613 0x1a0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
22:22:31.0643 0x1a0c  ql40xx - ok
22:22:31.0683 0x1a0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
22:22:31.0723 0x1a0c  QWAVE - ok
22:22:31.0743 0x1a0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
22:22:31.0793 0x1a0c  QWAVEdrv - ok
22:22:31.0863 0x1a0c  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\windows\WindowsMobile\rapimgr.dll
22:22:31.0893 0x1a0c  RapiMgr - ok
22:22:31.0933 0x1a0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
22:22:32.0023 0x1a0c  RasAcd - ok
22:22:32.0063 0x1a0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
22:22:32.0163 0x1a0c  RasAgileVpn - ok
22:22:32.0213 0x1a0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
22:22:32.0313 0x1a0c  RasAuto - ok
22:22:32.0363 0x1a0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
22:22:32.0433 0x1a0c  Rasl2tp - ok
22:22:32.0483 0x1a0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
22:22:32.0563 0x1a0c  RasMan - ok
22:22:32.0603 0x1a0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
22:22:32.0683 0x1a0c  RasPppoe - ok
22:22:32.0703 0x1a0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
22:22:32.0783 0x1a0c  RasSstp - ok
22:22:32.0833 0x1a0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
22:22:32.0923 0x1a0c  rdbss - ok
22:22:32.0963 0x1a0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
22:22:33.0013 0x1a0c  rdpbus - ok
22:22:33.0043 0x1a0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
22:22:33.0143 0x1a0c  RDPCDD - ok
22:22:33.0163 0x1a0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
22:22:33.0253 0x1a0c  RDPENCDD - ok
22:22:33.0273 0x1a0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
22:22:33.0343 0x1a0c  RDPREFMP - ok
22:22:33.0403 0x1a0c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
22:22:33.0463 0x1a0c  RDPWD - ok
22:22:33.0503 0x1a0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
22:22:33.0533 0x1a0c  rdyboost - ok
22:22:33.0543 0x1a0c  ReadyComm.DirectRouter - ok
22:22:33.0583 0x1a0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
22:22:33.0683 0x1a0c  RemoteAccess - ok
22:22:33.0733 0x1a0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
22:22:33.0823 0x1a0c  RemoteRegistry - ok
22:22:33.0873 0x1a0c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
22:22:33.0933 0x1a0c  RFCOMM - ok
22:22:33.0983 0x1a0c  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\windows\system32\DRIVERS\RMCAST.sys
22:22:34.0083 0x1a0c  RMCAST - ok
22:22:34.0133 0x1a0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
22:22:34.0223 0x1a0c  RpcEptMapper - ok
22:22:34.0263 0x1a0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
22:22:34.0293 0x1a0c  RpcLocator - ok
22:22:34.0343 0x1a0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
22:22:34.0433 0x1a0c  RpcSs - ok
22:22:34.0463 0x1a0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
22:22:34.0563 0x1a0c  rspndr - ok
22:22:34.0603 0x1a0c  [ 5AAB4808E8CCAE8C2ECDA5B791260616, EFA49ADD657D209AFE73CE0E9184E319D5F7A8A0C6B60BEFA0AAB172B2D397BA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
22:22:34.0633 0x1a0c  RSUSBSTOR - ok
22:22:34.0673 0x1a0c  [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
22:22:34.0703 0x1a0c  RTL8167 - ok
22:22:34.0733 0x1a0c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\windows\system32\lsass.exe
22:22:34.0753 0x1a0c  SamSs - ok
22:22:34.0783 0x1a0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
22:22:34.0813 0x1a0c  sbp2port - ok
22:22:34.0863 0x1a0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
22:22:34.0973 0x1a0c  SCardSvr - ok
22:22:35.0003 0x1a0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
22:22:35.0073 0x1a0c  scfilter - ok
22:22:35.0163 0x1a0c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
22:22:35.0313 0x1a0c  Schedule - ok
22:22:35.0363 0x1a0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
22:22:35.0443 0x1a0c  SCPolicySvc - ok
22:22:35.0473 0x1a0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
22:22:35.0523 0x1a0c  SDRSVC - ok
22:22:35.0553 0x1a0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
22:22:35.0643 0x1a0c  secdrv - ok
22:22:35.0683 0x1a0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
22:22:35.0753 0x1a0c  seclogon - ok
22:22:35.0843 0x1a0c  [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:22:35.0903 0x1a0c  Secunia PSI Agent - ok
22:22:35.0964 0x1a0c  [ 0E88FDF474F2CDD370A4A6CE77D018F0, D01DA8FF7ADB073E4EECDBDF4F5FE595D6AC70F8C57AFC9ED5C51486CFCECC50 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
22:22:35.0994 0x1a0c  Secunia Update Agent - ok
22:22:36.0024 0x1a0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
22:22:36.0124 0x1a0c  SENS - ok
22:22:36.0144 0x1a0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
22:22:36.0214 0x1a0c  SensrSvc - ok
22:22:36.0234 0x1a0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
22:22:36.0274 0x1a0c  Serenum - ok
22:22:36.0324 0x1a0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
22:22:36.0374 0x1a0c  Serial - ok
22:22:36.0414 0x1a0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
22:22:36.0464 0x1a0c  sermouse - ok
22:22:36.0584 0x1a0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
22:22:36.0694 0x1a0c  SessionEnv - ok
22:22:36.0744 0x1a0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
22:22:36.0774 0x1a0c  sffdisk - ok
22:22:36.0834 0x1a0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
22:22:36.0874 0x1a0c  sffp_mmc - ok
22:22:36.0884 0x1a0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
22:22:36.0924 0x1a0c  sffp_sd - ok
22:22:36.0974 0x1a0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
22:22:37.0004 0x1a0c  sfloppy - ok
22:22:37.0064 0x1a0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
22:22:37.0154 0x1a0c  SharedAccess - ok
22:22:37.0204 0x1a0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:22:37.0294 0x1a0c  ShellHWDetection - ok
22:22:37.0324 0x1a0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
22:22:37.0344 0x1a0c  SiSRaid2 - ok
22:22:37.0374 0x1a0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
22:22:37.0394 0x1a0c  SiSRaid4 - ok
22:22:37.0514 0x1a0c  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:22:37.0554 0x1a0c  SkypeUpdate - ok
22:22:37.0604 0x1a0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
22:22:37.0684 0x1a0c  Smb - ok
22:22:37.0744 0x1a0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
22:22:37.0784 0x1a0c  SNMPTRAP - ok
22:22:37.0814 0x1a0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
22:22:37.0834 0x1a0c  spldr - ok
22:22:37.0904 0x1a0c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
22:22:37.0974 0x1a0c  Spooler - ok
22:22:38.0184 0x1a0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
22:22:38.0454 0x1a0c  sppsvc - ok
22:22:38.0504 0x1a0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
22:22:38.0594 0x1a0c  sppuinotify - ok
22:22:38.0664 0x1a0c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
22:22:38.0744 0x1a0c  srv - ok
22:22:38.0774 0x1a0c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
22:22:38.0824 0x1a0c  srv2 - ok
22:22:38.0874 0x1a0c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
22:22:38.0894 0x1a0c  srvnet - ok
22:22:38.0934 0x1a0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
22:22:39.0034 0x1a0c  SSDPSRV - ok
22:22:39.0074 0x1a0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
22:22:39.0174 0x1a0c  SstpSvc - ok
22:22:39.0284 0x1a0c  [ E8606BF6BE3B7481D95F1DD2E4F3FCBA, 522646B5266C3E18AF909CB49F411ABB10F5DCD02A2B923C1EA209529AFD1A94 ] StarMoney Business 4.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:22:39.0334 0x1a0c  StarMoney Business 4.0 OnlineUpdate - ok
22:22:39.0434 0x1a0c  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney Business 6.0 OnlineUpdate C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
22:22:39.0484 0x1a0c  StarMoney Business 6.0 OnlineUpdate - ok
22:22:39.0524 0x1a0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
22:22:39.0544 0x1a0c  stexstor - ok
22:22:39.0594 0x1a0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
22:22:39.0674 0x1a0c  stisvc - ok
22:22:39.0714 0x1a0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
22:22:39.0734 0x1a0c  swenum - ok
22:22:39.0814 0x1a0c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:22:39.0864 0x1a0c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:22:39.0864 0x1a0c  Detect skipped due to KSN trusted
22:22:39.0864 0x1a0c  SwitchBoard - ok
22:22:39.0924 0x1a0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
22:22:40.0025 0x1a0c  swprv - ok
22:22:40.0155 0x1a0c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
22:22:40.0285 0x1a0c  SysMain - ok
22:22:40.0345 0x1a0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
22:22:40.0405 0x1a0c  TabletInputService - ok
22:22:40.0455 0x1a0c  [ BCD6A90D6FD757CE9C29DDC850F7F231, 8E736A42B28BE11EC524C40DFA1C7A88BBE10CBC97320F128BCBE44051BBCC81 ] tap0901         C:\windows\system32\DRIVERS\tap0901.sys
22:22:40.0505 0x1a0c  tap0901 - ok
22:22:40.0575 0x1a0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
22:22:40.0685 0x1a0c  TapiSrv - ok
22:22:40.0735 0x1a0c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
22:22:40.0815 0x1a0c  TBS - ok
22:22:40.0965 0x1a0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
22:22:41.0075 0x1a0c  Tcpip - ok
22:22:41.0185 0x1a0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
22:22:41.0285 0x1a0c  TCPIP6 - ok
22:22:41.0345 0x1a0c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
22:22:41.0385 0x1a0c  tcpipreg - ok
22:22:41.0445 0x1a0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
22:22:41.0475 0x1a0c  TDPIPE - ok
22:22:41.0515 0x1a0c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
22:22:41.0555 0x1a0c  TDTCP - ok
22:22:41.0605 0x1a0c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
22:22:41.0675 0x1a0c  tdx - ok
22:22:41.0705 0x1a0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
22:22:41.0725 0x1a0c  TermDD - ok
22:22:41.0795 0x1a0c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
22:22:41.0865 0x1a0c  TermService - ok
22:22:41.0895 0x1a0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
22:22:41.0945 0x1a0c  Themes - ok
22:22:41.0995 0x1a0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
22:22:42.0065 0x1a0c  THREADORDER - ok
22:22:42.0105 0x1a0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
22:22:42.0205 0x1a0c  TrkWks - ok
22:22:42.0275 0x1a0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:22:42.0365 0x1a0c  TrustedInstaller - ok
22:22:42.0425 0x1a0c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
22:22:42.0465 0x1a0c  tssecsrv - ok
22:22:42.0535 0x1a0c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
22:22:42.0595 0x1a0c  TsUsbFlt - ok
22:22:42.0665 0x1a0c  [ 92010D59383302086C635B7D25A05A33, 9E51BF0EA4705A86C3D8D0D5989438C55CC43D2880A6FA0C9FEA30388EA88537 ] TuneUp.Defrag   C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:22:42.0705 0x1a0c  TuneUp.Defrag - ok
22:22:42.0815 0x1a0c  [ 6525DD751ECBE7FEAFF75E3B178AACC1, 87FFF30E8807515A13C74351B7D7F45785BA7B37DEA89DE1A86A6740B8F23D2F ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:22:42.0895 0x1a0c  TuneUp.UtilitiesSvc - ok
22:22:42.0935 0x1a0c  [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:22:42.0955 0x1a0c  TuneUpUtilitiesDrv - ok
22:22:42.0995 0x1a0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
22:22:43.0095 0x1a0c  tunnel - ok
22:22:43.0135 0x1a0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
22:22:43.0165 0x1a0c  uagp35 - ok
22:22:43.0235 0x1a0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
22:22:43.0335 0x1a0c  udfs - ok
22:22:43.0395 0x1a0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
22:22:43.0445 0x1a0c  UI0Detect - ok
22:22:43.0495 0x1a0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
22:22:43.0515 0x1a0c  uliagpkx - ok
22:22:43.0555 0x1a0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
22:22:43.0595 0x1a0c  umbus - ok
22:22:43.0645 0x1a0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
22:22:43.0665 0x1a0c  UmPass - ok
22:22:43.0855 0x1a0c  [ AF905F4966CFC8B973623AB150CD4B2B, E1BF0481A584C10AE4A927A01A1E6B76036C18FAF7AB38D9B78641F5808D9888 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:22:43.0976 0x1a0c  UNS - ok
22:22:44.0046 0x1a0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
22:22:44.0146 0x1a0c  upnphost - ok
22:22:44.0236 0x1a0c  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9, B54B558136FF621A4C63945CF982780CD9C61F3CB15143D73B550E6D0C14A246 ] UPnPService     C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
22:22:44.0276 0x1a0c  UPnPService - detected UnsignedFile.Multi.Generic ( 1 )
22:22:44.0276 0x1a0c  Detect skipped due to KSN trusted
22:22:44.0276 0x1a0c  UPnPService - ok
22:22:44.0326 0x1a0c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
22:22:44.0366 0x1a0c  USBAAPL64 - ok
22:22:44.0406 0x1a0c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
22:22:44.0496 0x1a0c  usbaudio - ok
22:22:44.0536 0x1a0c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
22:22:44.0596 0x1a0c  usbccgp - ok
22:22:44.0636 0x1a0c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
22:22:44.0696 0x1a0c  usbcir - ok
22:22:44.0736 0x1a0c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
22:22:44.0776 0x1a0c  usbehci - ok
22:22:44.0856 0x1a0c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
22:22:44.0896 0x1a0c  usbhub - ok
22:22:44.0936 0x1a0c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
22:22:44.0966 0x1a0c  usbohci - ok
22:22:44.0996 0x1a0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
22:22:45.0046 0x1a0c  usbprint - ok
22:22:45.0096 0x1a0c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
22:22:45.0146 0x1a0c  usbscan - ok
22:22:45.0196 0x1a0c  [ 310ABD644511CBEEE16814095759D670, 416935D68882822DEFFD1CEEC2EEC8F8FC27E76414C2C529C82F84DF15C21F71 ] usbsmi          C:\windows\system32\DRIVERS\SMIksdrv.sys
22:22:45.0266 0x1a0c  usbsmi - ok
22:22:45.0326 0x1a0c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
22:22:45.0356 0x1a0c  USBSTOR - ok
22:22:45.0386 0x1a0c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
22:22:45.0416 0x1a0c  usbuhci - ok
22:22:45.0466 0x1a0c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
22:22:45.0516 0x1a0c  usbvideo - ok
22:22:45.0566 0x1a0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
22:22:45.0666 0x1a0c  UxSms - ok
22:22:45.0706 0x1a0c  [ C8EB4193D33A48A4AD2D5D7CA121CF88, 057AB74992D342839337B9057462517B0FD622D521A160D895220ABCC23DD3BC ] UxTuneUp        C:\windows\System32\uxtuneup.dll
22:22:45.0726 0x1a0c  UxTuneUp - ok
22:22:45.0756 0x1a0c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\windows\system32\lsass.exe
22:22:45.0776 0x1a0c  VaultSvc - ok
22:22:45.0796 0x1a0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
22:22:45.0816 0x1a0c  vdrvroot - ok
22:22:45.0886 0x1a0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
22:22:45.0996 0x1a0c  vds - ok
22:22:46.0046 0x1a0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
22:22:46.0076 0x1a0c  vga - ok
22:22:46.0116 0x1a0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
22:22:46.0206 0x1a0c  VgaSave - ok
22:22:46.0266 0x1a0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
22:22:46.0296 0x1a0c  vhdmp - ok
22:22:46.0336 0x1a0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
22:22:46.0356 0x1a0c  viaide - ok
22:22:46.0386 0x1a0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
22:22:46.0406 0x1a0c  volmgr - ok
22:22:46.0446 0x1a0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
22:22:46.0486 0x1a0c  volmgrx - ok
22:22:46.0516 0x1a0c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
22:22:46.0556 0x1a0c  volsnap - ok
22:22:46.0616 0x1a0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
22:22:46.0646 0x1a0c  vsmraid - ok
22:22:46.0766 0x1a0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
22:22:46.0916 0x1a0c  VSS - ok
22:22:46.0966 0x1a0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
22:22:47.0006 0x1a0c  vwifibus - ok
22:22:47.0046 0x1a0c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
22:22:47.0096 0x1a0c  vwififlt - ok
22:22:47.0136 0x1a0c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
22:22:47.0186 0x1a0c  vwifimp - ok
22:22:47.0246 0x1a0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
22:22:47.0356 0x1a0c  W32Time - ok
22:22:47.0416 0x1a0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
22:22:47.0456 0x1a0c  WacomPen - ok
22:22:47.0516 0x1a0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
22:22:47.0606 0x1a0c  WANARP - ok
22:22:47.0626 0x1a0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
22:22:47.0706 0x1a0c  Wanarpv6 - ok
22:22:47.0796 0x1a0c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
22:22:47.0866 0x1a0c  WatAdminSvc - ok
22:22:47.0996 0x1a0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
22:22:48.0107 0x1a0c  wbengine - ok
22:22:48.0157 0x1a0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
22:22:48.0217 0x1a0c  WbioSrvc - ok
22:22:48.0277 0x1a0c  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\windows\WindowsMobile\wcescomm.dll
22:22:48.0307 0x1a0c  WcesComm - ok
22:22:48.0367 0x1a0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
22:22:48.0427 0x1a0c  wcncsvc - ok
22:22:48.0467 0x1a0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:22:48.0507 0x1a0c  WcsPlugInService - ok
22:22:48.0547 0x1a0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
22:22:48.0577 0x1a0c  Wd - ok
22:22:48.0647 0x1a0c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
22:22:48.0717 0x1a0c  Wdf01000 - ok
22:22:48.0797 0x1a0c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
22:22:48.0827 0x1a0c  WdiServiceHost - ok
22:22:48.0847 0x1a0c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\windows\system32\wdi.dll
22:22:48.0877 0x1a0c  WdiSystemHost - ok
22:22:48.0917 0x1a0c  [ 2A444ACF7DD446505BCC801F8F6AE5FD, A257CBA8D1B96D4E8C2085DB5D28C5D4FFA64767ABA5FE764F1AA2697D0E994B ] wdmirror        C:\windows\system32\DRIVERS\WDMirror.sys
22:22:48.0927 0x1a0c  wdmirror - ok
22:22:48.0977 0x1a0c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
22:22:49.0058 0x1a0c  WebClient - ok
22:22:49.0108 0x1a0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
22:22:49.0208 0x1a0c  Wecsvc - ok
22:22:49.0248 0x1a0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
22:22:49.0328 0x1a0c  wercplsupport - ok
22:22:49.0348 0x1a0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
22:22:49.0448 0x1a0c  WerSvc - ok
22:22:49.0488 0x1a0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
22:22:49.0558 0x1a0c  WfpLwf - ok
22:22:49.0628 0x1a0c  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
22:22:49.0648 0x1a0c  WimFltr - ok
22:22:49.0678 0x1a0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
22:22:49.0698 0x1a0c  WIMMount - ok
22:22:49.0748 0x1a0c  WinDefend - ok
22:22:49.0788 0x1a0c  WinHttpAutoProxySvc - ok
22:22:49.0858 0x1a0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
22:22:49.0938 0x1a0c  Winmgmt - ok
22:22:50.0078 0x1a0c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
22:22:50.0218 0x1a0c  WinRM - ok
22:22:50.0288 0x1a0c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\drivers\WinUsb.sys
22:22:50.0308 0x1a0c  WinUsb - ok
22:22:50.0388 0x1a0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
22:22:50.0458 0x1a0c  Wlansvc - ok
22:22:50.0508 0x1a0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
22:22:50.0538 0x1a0c  WmiAcpi - ok
22:22:50.0598 0x1a0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
22:22:50.0638 0x1a0c  wmiApSrv - ok
22:22:50.0668 0x1a0c  WMPNetworkSvc - ok
22:22:50.0708 0x1a0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
22:22:50.0748 0x1a0c  WPCSvc - ok
22:22:50.0798 0x1a0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
22:22:50.0828 0x1a0c  WPDBusEnum - ok
22:22:50.0868 0x1a0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
22:22:50.0938 0x1a0c  ws2ifsl - ok
22:22:50.0998 0x1a0c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\windows\system32\drivers\VirtualAudio1.sys
22:22:51.0018 0x1a0c  WsAudio_Device(1) - ok
22:22:51.0058 0x1a0c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(2) C:\windows\system32\drivers\VirtualAudio2.sys
22:22:51.0078 0x1a0c  WsAudio_Device(2) - ok
22:22:51.0098 0x1a0c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(3) C:\windows\system32\drivers\VirtualAudio3.sys
22:22:51.0118 0x1a0c  WsAudio_Device(3) - ok
22:22:51.0138 0x1a0c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(4) C:\windows\system32\drivers\VirtualAudio4.sys
22:22:51.0148 0x1a0c  WsAudio_Device(4) - ok
22:22:51.0178 0x1a0c  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(5) C:\windows\system32\drivers\VirtualAudio5.sys
22:22:51.0188 0x1a0c  WsAudio_Device(5) - ok
22:22:51.0238 0x1a0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
22:22:51.0268 0x1a0c  wscsvc - ok
22:22:51.0298 0x1a0c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
22:22:51.0328 0x1a0c  WSDPrintDevice - ok
22:22:51.0348 0x1a0c  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\windows\system32\DRIVERS\WSDScan.sys
22:22:51.0378 0x1a0c  WSDScan - ok
22:22:51.0398 0x1a0c  WSearch - ok
22:22:51.0448 0x1a0c  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
22:22:51.0468 0x1a0c  wsvd - ok
22:22:51.0618 0x1a0c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\windows\system32\wuaueng.dll
22:22:51.0768 0x1a0c  wuauserv - ok
22:22:51.0828 0x1a0c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
22:22:51.0888 0x1a0c  WudfPf - ok
22:22:51.0918 0x1a0c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\drivers\WUDFRd.sys
22:22:51.0948 0x1a0c  WUDFRd - ok
22:22:51.0988 0x1a0c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
22:22:52.0028 0x1a0c  wudfsvc - ok
22:22:52.0088 0x1a0c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
22:22:52.0168 0x1a0c  WwanSvc - ok
22:22:52.0318 0x1a0c  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl
22:22:52.0338 0x1a0c  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:22:52.0368 0x1a0c  ================ Scan global ===============================
22:22:52.0398 0x1a0c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
22:22:52.0438 0x1a0c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:22:52.0468 0x1a0c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
22:22:52.0518 0x1a0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
22:22:52.0558 0x1a0c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
22:22:52.0568 0x1a0c  [ Global ] - ok
22:22:52.0568 0x1a0c  ================ Scan MBR ==================================
22:22:52.0578 0x1a0c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:52.0998 0x1a0c  \Device\Harddisk0\DR0 - ok
22:22:53.0008 0x1a0c  ================ Scan VBR ==================================
22:22:53.0008 0x1a0c  [ C140740B5CAEC5C55629DA8992358D71 ] \Device\Harddisk0\DR0\Partition1
22:22:53.0008 0x1a0c  \Device\Harddisk0\DR0\Partition1 - ok
22:22:53.0018 0x1a0c  [ 9E636BC3B0566C77417399F86794F79C ] \Device\Harddisk0\DR0\Partition2
22:22:53.0018 0x1a0c  \Device\Harddisk0\DR0\Partition2 - ok
22:22:53.0038 0x1a0c  [ E8C175857B525D8E380CE00B9F5E53AD ] \Device\Harddisk0\DR0\Partition3
22:22:53.0038 0x1a0c  \Device\Harddisk0\DR0\Partition3 - ok
22:22:53.0048 0x1a0c  ================ Scan generic autorun ======================
22:22:53.0049 0x1a0c  NvCplDaemon - ok
22:22:53.0149 0x1a0c  [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
22:22:53.0189 0x1a0c  cAudioFilterAgent - ok
22:22:53.0299 0x1a0c  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
22:22:53.0389 0x1a0c  MSC - ok
22:22:53.0479 0x1a0c  [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
22:22:53.0499 0x1a0c  IAStorIcon - ok
22:22:53.0569 0x1a0c  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
22:22:53.0599 0x1a0c  UpdateP2GShortCut - ok
22:22:53.0679 0x1a0c  [ 696A74A2E7AAD166D0A97499A43AD084, A661156C420B3198A82A6A395B986B28E89645CCFEFF4ED68B95EE5FC447E032 ] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
22:22:53.0699 0x1a0c  TrayServer - detected UnsignedFile.Multi.Generic ( 1 )
22:22:53.0699 0x1a0c  Detect skipped due to KSN trusted
22:22:53.0699 0x1a0c  TrayServer - ok
22:22:53.0759 0x1a0c  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:22:53.0779 0x1a0c  APSDaemon - ok
22:22:53.0819 0x1a0c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:22:53.0869 0x1a0c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:22:53.0869 0x1a0c  Detect skipped due to KSN trusted
22:22:53.0869 0x1a0c  SwitchBoard - ok
22:22:53.0919 0x1a0c  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:22:53.0949 0x1a0c  BCSSync - ok
22:22:54.0049 0x1a0c  [ CDFFB0058BA113ED8C6099DE11FAAD49, D258D1F340734113C1E538C32DF15011009C19A9E88E0F471E3D8387D4EA7AEB ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
22:22:54.0114 0x1a0c  CanonQuickMenu - ok
22:22:54.0184 0x1a0c  [ B793DDE01D181ED91F333BF10FE2FC50, F9BA0FD8EC0C0E9D7E5969BC9ED0D0322EDFC8E65B11F642A7118B41F5BF197F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
22:22:54.0214 0x1a0c  IJNetworkScannerSelectorEX - ok
22:22:54.0344 0x1a0c  [ EA0CE8F77F1272A3D97C70BF3CE457F7, 2E9D95CE9103FBD74D3D9671341E1258C41320B6AE1BF996C41D0813BECB84CD ] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
22:22:54.0464 0x1a0c  iSkysoft Helper Compact.exe - detected UnsignedFile.Multi.Generic ( 1 )
22:22:54.0464 0x1a0c  Detect skipped due to KSN trusted
22:22:54.0464 0x1a0c  iSkysoft Helper Compact.exe - ok
22:22:54.0644 0x1a0c  [ A1F127095742B85D34D81ED32DB4E0D6, F949C2281A8F2837D61E961A635058DDC1EAC255F4CA27BED1A8DDA58EBA0513 ] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
22:22:54.0744 0x1a0c  DelaypluginInstall - ok
22:22:54.0824 0x1a0c  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:22:54.0864 0x1a0c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:22:54.0864 0x1a0c  Detect skipped due to KSN trusted
22:22:54.0864 0x1a0c  QuickTime Task - ok
22:22:54.0984 0x1a0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:22:55.0104 0x1a0c  Sidebar - ok
22:22:55.0124 0x1a0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:22:55.0174 0x1a0c  mctadmin - ok
22:22:55.0254 0x1a0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:22:55.0334 0x1a0c  Sidebar - ok
22:22:55.0344 0x1a0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:22:55.0374 0x1a0c  mctadmin - ok
22:22:55.0454 0x1a0c  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
22:22:55.0464 0x1a0c  iCloudServices - ok
22:22:55.0524 0x1a0c  [ 3A9FA910E679385D3F5647B9B8CF5CA2, DE321EB829E461CF91474C942FEDCC6FA0C20D9674067FE21C6F3DF438F61A4B ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
22:22:55.0584 0x1a0c  OfficeSyncProcess - ok
22:22:55.0634 0x1a0c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:22:55.0644 0x1a0c  swg - ok
22:22:55.0664 0x1a0c  [ 105C276BB7B43501225C419B062096D0, F5D35230FC5E116FB04147F216313D2E2542D96E975B19F5FD9F7641CF11271F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
22:22:55.0674 0x1a0c  ApplePhotoStreams - ok
22:22:55.0724 0x1a0c  Skype - ok
22:22:55.0744 0x1a0c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
22:22:55.0744 0x1a0c  Win FW state via NFP2: enabled
22:22:58.0904 0x1a0c  ============================================================
22:22:58.0904 0x1a0c  Scan finished
22:22:58.0904 0x1a0c  ============================================================
22:22:58.0914 0x1a04  Detected object count: 0
22:22:58.0914 0x1a04  Actual detected object count: 0
         
So das waren soweit die logfiles von de beiden Programmen gibt es nun noch etwas zu tun oder ist der Rechner nun komplet bereinigt?
Herzlichen dank für deine schnelle Hilfe


Alt 12.06.2015, 17:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Nee noch nicht

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7 wie kann ich den DHL Trojaner vollständig entfernen

Alt 12.06.2015, 20:27   #7
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Hallo Schrauber,
hier nun der neue logfile:
Code:
ATTFilter
ComboFix 15-06-09.01 - ******* ******* 12.06.2015  20:57:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.1822 [GMT 2:00]
ausgeführt von:: c:\users\******* *******\Videos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\******* *******\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72CF0BD0-D9F6-4670-B9D5-9640CDBAD5FE}.xps
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\s.bat
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-12 bis 2015-06-12  ))))))))))))))))))))))))))))))
.
.
2015-06-12 19:11 . 2015-06-12 19:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-12 16:42 . 2015-06-12 16:42	75888	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6240203-F0F1-46AD-9A5A-3DC23BC52EFC}\offreg.928.dll
2015-06-12 16:33 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6240203-F0F1-46AD-9A5A-3DC23BC52EFC}\mpengine.dll
2015-06-11 06:59 . 2015-06-11 06:59	--------	d-----w-	c:\users\******* *******\AppData\Local\GWX
2015-06-10 21:46 . 2015-03-23 10:40	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB0E4370-D593-47B0-9C0E-86F0CD52860A}\gapaengine.dll
2015-06-10 20:41 . 2015-05-25 18:23	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-06-10 20:36 . 2015-04-29 18:22	14635008	----a-w-	c:\windows\system32\wmp.dll
2015-06-10 20:35 . 2015-04-24 18:17	633856	----a-w-	c:\windows\system32\comctl32.dll
2015-06-10 20:35 . 2015-04-24 17:56	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2015-06-10 20:35 . 2015-05-25 17:08	3206144	----a-w-	c:\windows\system32\win32k.sys
2015-06-10 20:35 . 2015-04-11 03:19	69888	----a-w-	c:\windows\system32\drivers\stream.sys
2015-06-10 18:59 . 2015-06-10 18:59	--------	d-----w-	c:\programdata\Malwarebytes
2015-06-10 18:59 . 2015-06-12 19:13	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-10 18:58 . 2015-06-11 18:46	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 18:57 . 2015-06-10 18:58	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-08 19:54 . 2015-06-08 19:59	--------	d-----w-	C:\FRST
2015-06-04 14:41 . 2015-06-09 16:27	--------	d-----w-	c:\users\******* *******\AppData\Local\CrashDumps
2015-06-03 19:55 . 2015-06-03 19:55	--------	d-----w-	C:\12bf32d59e7e9d01b7adf8
2015-06-03 19:29 . 2015-06-03 19:29	--------	d-----w-	c:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 19:05 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 19:05 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 10:48 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-24 10:46 . 2015-01-29 03:19	2543104	----a-w-	c:\windows\system32\wpdshext.dll
2015-05-24 10:46 . 2015-01-29 03:19	1195008	----a-w-	c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-24 10:46 . 2015-01-29 03:02	2311168	----a-w-	c:\windows\SysWow64\wpdshext.dll
2015-05-24 10:43 . 2015-02-18 07:06	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-24 10:43 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-24 10:43 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-24 10:43 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-24 10:43 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-24 10:43 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-24 10:43 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-24 10:43 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-24 10:43 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-22 17:16 . 2015-05-22 17:16	18652352	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 01:05 . 2011-08-21 09:56	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-06-09 21:39 . 2013-05-22 19:08	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-09 21:39 . 2013-05-22 19:08	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:01 . 2015-06-10 20:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-14 19:25	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 19:25	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 19:25	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 19:25	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 19:25	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 19:25	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 19:25	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 19:25	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 19:25	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 19:25	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 19:25	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 19:25	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 19:25	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 19:25	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 19:25	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 19:25	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 10:40 . 2012-07-04 14:22	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-11 12:16 . 2012-05-11 12:16	171520	----a-w-	c:\program files (x86)\Common Files\dsfOggDemux2.dll
2011-04-18 20:51 . 2011-04-18 20:51	653136	----a-w-	c:\program files (x86)\Common Files\MSVCR90.dll
2011-04-18 20:51 . 2011-04-18 20:51	569680	----a-w-	c:\program files (x86)\Common Files\MSVCP90.dll
2011-01-12 00:00 . 2011-01-12 00:00	30208	----a-w-	c:\program files (x86)\Common Files\wmpinfo.dll
2011-01-12 00:00 . 2011-01-12 00:00	240128	----a-w-	c:\program files (x86)\Common Files\dsfVorbisDecoder.dll
2011-01-12 00:00 . 2011-01-12 00:00	146944	----a-w-	c:\program files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 00:00 . 2011-01-12 00:00	221184	----a-w-	c:\program files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 00:00 . 2011-01-12 00:00	204800	----a-w-	c:\program files (x86)\Common Files\dsfNativeFLACSource.dll
2010-12-16 19:39 . 2010-12-16 19:39	302592	----a-w-	c:\program files (x86)\Common Files\webmmux.dll
2010-12-16 19:39 . 2010-12-16 19:39	701440	----a-w-	c:\program files (x86)\Common Files\vp8encoder.dll
2010-12-16 19:39 . 2010-12-16 19:39	412672	----a-w-	c:\program files (x86)\Common Files\vp8decoder.dll
2010-12-16 19:39 . 2010-12-16 19:39	292352	----a-w-	c:\program files (x86)\Common Files\webmsplit.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-04-11 02:05	513648	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-01-13 16:44	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2013-03-18 14:53	1310480	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-03-18 1310480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-17 39408]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"iSkysoft Helper Compact.exe"="c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-08-05 2014208]
"DelaypluginInstall"="c:\programdata\iSkysoft\Video Converter Ultimate\DelayPluginI.exe" [2014-09-26 1960336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
STRATO HiDrive.lnk - c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe [2011-11-15 463872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\Lenovo\PlayMovie\PMVService.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 4.0 S-Edition\app\oflagent.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"CanonQuickMenu"=c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SMB60StarMoneyRunEntry"="c:\program files (x86)\StarMoney Business 6.0 S-Edition\app\oflagent.exe"
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" /s
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\MsgPlusDriver.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 StarMoney Business 4.0 OnlineUpdate;StarMoney Business 4.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/08/17 08:58];c:\program files (x86)\Lenovo\PlayMovie\000.fcl;c:\program files (x86)\Lenovo\PlayMovie\000.fcl [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 StarMoney Business 6.0 OnlineUpdate;StarMoney Business 6.0 OnlineUpdate;c:\program files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
<NO NAME>	REG_SZ         	
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-09 20:52	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 21:39]
.
2015-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 07:32]
.
2015-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 07:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2015-01-13 13:34	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: NameServer = 8.8.8.8,192.168.0.1
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}\54449434F43574C4F42414C4: DhcpNameServer = 8.8.8.8 192.168.0.1
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}\54449434F435D234849434B4F4: DhcpNameServer = 8.8.4.4 192.168.0.1
TCP: Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}\54449434F435D2F46464943454: NameServer = 8.8.8.8
TCP: Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: NameServer = 8.8.8.8,192.168.0.1
FF - ProfilePath - c:\users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - prefs.js: network.proxy.ftp - 194.110.219.43
FF - prefs.js: network.proxy.ftp_port - 3129
FF - prefs.js: network.proxy.gopher - 194.110.219.43
FF - prefs.js: network.proxy.gopher_port - 3129
FF - prefs.js: network.proxy.http - 194.110.219.43
FF - prefs.js: network.proxy.http_port - 3129
FF - prefs.js: network.proxy.socks - 194.110.219.43
FF - prefs.js: network.proxy.socks_port - 3129
FF - prefs.js: network.proxy.ssl - 194.110.219.43
FF - prefs.js: network.proxy.ssl_port - 3129
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-06-23 13:21; 39ffxtbr@MapsGalaxy_39.com; c:\program files (x86)\MapsGalaxy_39\bar\1.bin
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Lenovo\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-12  21:24:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-12 19:24
.
Vor Suchlauf: 16 Verzeichnis(se), 86.878.728.192 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 91.710.914.560 Bytes frei
.
- - End Of File - - B690ED32239C06C92CA85EBD08268E50
         
Viiieelen Dank ;-)

Alt 13.06.2015, 13:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.06.2015, 17:53   #9
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.06.2015
Suchlauf-Zeit: 16:55:13
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.13.04
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ******* *******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 441198
Verstrichene Zeit: 1 Std, 5 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1460, , [7abe6b4f830743f36c4b2964649df40c]

Module: 1
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [a5936e4c3357ae889934f9c3ec15b749], 

Registrierungsschlüssel: 103
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, , [7abe6b4f830743f36c4b2964649df40c], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a197b703296187afbb05d6cf8d766799], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a197b703296187afbb05d6cf8d766799], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a197b703296187afbb05d6cf8d766799], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [013712a8315941f5e3b5b1f5db28768a], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [013712a8315941f5e3b5b1f5db28768a], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, , [013712a8315941f5e3b5b1f5db28768a], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEE6C358-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEE6C359-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EEE6C35E-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE.1, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar3.SWEETIE, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SWEETIE.1, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar3.SWEETIE.1, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar.1, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\SWEETIE.IEToolbar, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SWEETIE.IEToolbar, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SWEETIE.IEToolbar.1, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SWEETIE.IEToolbar.1, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [c672b6040c7e55e1d374e8c159aa6898], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [60d8d0eab9d1082e66bddb7e40c5ae52], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [1226a911deac0b2b6db6c19891744cb4], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [a791befc31590f274e88c02e748fa957], 
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39, , [c7715466abdf8caa54dda7c74abb5ba5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, , [31076d4d0486b77f2efacd479d67f60a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, , [9e9a942681099e9813bee61ca06414ec], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [1e1a407afa90f1451c2552e0f2125ea2], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [6bcd8634f69433031c074118b2532dd3], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [94a4ac0ef892e05631f2de7bd233ee12], 
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [27117a400c7eab8b14d242f08f75c33d], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [e751d1e99eec92a4716537b749ba17e9], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [d5638535d6b4171f05224cc8b351e21e], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, , [53e59b1fa1e955e1de4805026a9a4ab6], 
PUP.Optional.Feven.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2, , [3dfb01b9028878beb4138a98be46ad53], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.11, , [97a144765832979f5db488aa7e86916f], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, , [b484c9f10f7b1d19960fb9a130d501ff], 
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\DSiteProducts, , [db5dedcd6426d363d60586f4986dee12], 
PUP.Optional.InstallCore.C, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\InstallCore, , [4eeac6f4414984b25a82a2eae91cc838], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MapsGalaxy_39, , [3ff9d4e6fc8e74c27eb42945ee17bc44], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\SweetIM, , [310710aa6426b87e9b35bc46e71d0bf5], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, , [3efab10999f1c2740157b3731be9817f], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{129A5EFE-35E5-4817-9AFB-218B6BAEA4C6}, , [162255650a800333f8f34542c44150b0], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14251522-FF7B-4D3C-AEEE-1850F539AD6D}, , [01374872dfabec4a48a36b1c34d16e92], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AE6C958-D4CB-4AED-B84F-C58834F7729D}, , [f5433b7f6228f1451ad160270104d927], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B02EE58-A5BA-4158-B5BC-B1F6B66681B6}, , [8dab615933572f077477196e7392817f], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BB3AEE7-9A91-4FE9-8C9B-5941799CCE52}, , [1e1af4c62466082e717addaa47beb24e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42C4F537-A8C3-4191-B0C5-97D418BFFA66}, , [f642f9c194f63501a546bfc8af56f40c], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E61523D-AF4B-40D1-AD22-C5C169E7BDB6}, , [a0987c3e6d1dd66007e4a8dfac59d62a], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F5DDEC-6A30-4814-931D-1BE5B99FC835}, , [5bdd12a8266485b18d5e7d0a10f57d83], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{55BBCE5C-6C7D-479A-B931-DB8270269253}, , [d365ebcf0a80201623c7a8df996ca25e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63255EAC-36F8-4C6B-A3D6-198F8B857A32}, , [013708b2a1e939fd40aaaed9b154b749], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F873780-D99B-4B47-AE6D-8B78D1A192F0}, , [a09824962f5b0f275f8c2265f213c33d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A965602-C423-434B-99AA-AA26E876F9D9}, , [9b9d704a5139db5bb5351c6bf70eb050], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E275CC-141F-4BE8-8921-B44F11B02BA4}, , [7cbc05b5117943f35d8dee992dd833cd], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE3EEBB6-4603-4888-A958-5F99A1F5901A}, , [b97f17a32e5ceb4b7873a3e4699cfd03], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B133EEDF-1364-420E-94D0-C5CB499F7A96}, , [9d9b7e3c3b4fe3537f6b276054b16a96], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B446E8F7-AE40-4D2A-B853-CB6529306DD2}, , [1226f3c7eb9fbe783facfb8cec19ac54], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B4780B6C-4213-4FDB-B596-B019942427B4}, , [71c79f1b0e7c082ea249b1d64cb9ea16], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D9C07D-5A5E-4BE3-A089-2858194EB4F4}, , [c1779624800a0d2909e1f19647be6a96], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D4983D71-3F6E-4922-9FA2-AAE6D7E2A23E}, , [1f19cfebbecc59dd2dbdd8af3acb11ef], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6F24F44-AD92-4294-8C83-BDA974D525D0}, , [5ddbefcba0eae353ba31394ef80d12ee], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E845F300-2FE0-4B63-B14B-9CAA54AF6FA3}, , [de5a7a4090fa7cba9a508205b4513ac6], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F315509F-6DDD-4174-8980-91319BF16EB6}, , [78c003b7197157df648762254cb960a0], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SweetIM Bundle by SweetPacks, , [f840c2f83d4de94d8e8348928f74ac54], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EEE6C35A-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EEE6C35F-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}, , [f543ae0c503a0234d4edc0234cb7768a], 

Registrierungswerte: 36
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EEE6C35B-6118-11DC-9C72-001320C79847}, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [3efad2e81f6b5bdb5530baaddd2602fe], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, , [a791befc31590f274e88c02e748fa957]
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [bd7b9b1f69218aac8f6830e2be463dc3]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, , [e751d1e99eec92a4716537b749ba17e9]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, hxxp://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid={62D5D87B-D5AA-11E2-BBC0-C44619C07852}, , [57e16753f8920b2bf109549abb482ed2]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURL, hxxp://cdn.web.sweetim.com/toolbarff/searchplugin/sweetim.ico, , [6ccce7d34842b77f1bdfe20cb44feb15]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [b7819f1b5b2f75c1b245a76b46beea16]
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\quick_start@gmail.com, , [a593fdbd6b1f66d011d6ff335ca851af]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, , [d5638535d6b4171f05224cc8b351e21e]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, SIM, , [b484c9f10f7b1d19960fb9a130d501ff]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{129A5EFE-35E5-4817-9AFB-218B6BAEA4C6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [162255650a800333f8f34542c44150b0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14251522-FF7B-4D3C-AEEE-1850F539AD6D}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [01374872dfabec4a48a36b1c34d16e92]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1AE6C958-D4CB-4AED-B84F-C58834F7729D}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [f5433b7f6228f1451ad160270104d927]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B02EE58-A5BA-4158-B5BC-B1F6B66681B6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [8dab615933572f077477196e7392817f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BB3AEE7-9A91-4FE9-8C9B-5941799CCE52}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [1e1af4c62466082e717addaa47beb24e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42C4F537-A8C3-4191-B0C5-97D418BFFA66}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-codedownloader.exe, , [f642f9c194f63501a546bfc8af56f40c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E61523D-AF4B-40D1-AD22-C5C169E7BDB6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [a0987c3e6d1dd66007e4a8dfac59d62a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54F5DDEC-6A30-4814-931D-1BE5B99FC835}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [5bdd12a8266485b18d5e7d0a10f57d83]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{55BBCE5C-6C7D-479A-B931-DB8270269253}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [d365ebcf0a80201623c7a8df996ca25e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63255EAC-36F8-4C6B-A3D6-198F8B857A32}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-buttonutil.exe, , [013708b2a1e939fd40aaaed9b154b749]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F873780-D99B-4B47-AE6D-8B78D1A192F0}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [a09824962f5b0f275f8c2265f213c33d]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A965602-C423-434B-99AA-AA26E876F9D9}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [9b9d704a5139db5bb5351c6bf70eb050]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E275CC-141F-4BE8-8921-B44F11B02BA4}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [7cbc05b5117943f35d8dee992dd833cd]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE3EEBB6-4603-4888-A958-5F99A1F5901A}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [b97f17a32e5ceb4b7873a3e4699cfd03]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B133EEDF-1364-420E-94D0-C5CB499F7A96}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-buttonutil.exe, , [9d9b7e3c3b4fe3537f6b276054b16a96]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B446E8F7-AE40-4D2A-B853-CB6529306DD2}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [1226f3c7eb9fbe783facfb8cec19ac54]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B4780B6C-4213-4FDB-B596-B019942427B4}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [71c79f1b0e7c082ea249b1d64cb9ea16]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6D9C07D-5A5E-4BE3-A089-2858194EB4F4}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [c1779624800a0d2909e1f19647be6a96]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D4983D71-3F6E-4922-9FA2-AAE6D7E2A23E}|AppName, d65aac7a-2a4c-469e-b060-bafacbc6072c-2.exe-buttonutil.exe, , [1f19cfebbecc59dd2dbdd8af3acb11ef]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6F24F44-AD92-4294-8C83-BDA974D525D0}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [5ddbefcba0eae353ba31394ef80d12ee]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E845F300-2FE0-4B63-B14B-9CAA54AF6FA3}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-buttonutil.exe, , [de5a7a4090fa7cba9a508205b4513ac6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F315509F-6DDD-4174-8980-91319BF16EB6}|AppName, b0bf4c38-fff9-4c56-b085-e96a60dfd644-2.exe-codedownloader.exe, , [78c003b7197157df648762254cb960a0]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, , [d4649a20f3971620d0f98d937a8a6f91]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE, 1, , [f543ae0c503a0234d4edc0234cb7768a]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL, 1, , [f543ae0c503a0234d4edc0234cb7768a]

Registrierungsdaten: 3
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}),,[a19795257b0f0b2be607bc78f511fe02]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188),,[58e096246921c96ded00e054679f7d83]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1398624985&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}),,[6acef3c792f856e0d41965cf4bbb2bd5]

Ordner: 81
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [f2469723e9a175c1de6e437a847f38c8], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [f2469723e9a175c1de6e437a847f38c8], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en-US, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es-419, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pl, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\tr, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\vi, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults\preferences, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.Updater.A, C:\Users\******* *******\AppData\Roaming\DSite\UpdateProc, , [53e55466ef9b2c0a8bdfdbf6bc470df3], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Users\******* *******\AppData\Roaming\SupTab, , [f147e4d60d7d04328e195b768c775da3], 
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller, , [f840c2f83d4de94d8e8348928f74ac54], 
PUP.Optional.NewPlayer.A, C:\Users\******* *******\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, , [d46474467911e6502cf7b92aeb1841bf], 
PUP.Optional.NewPlayer.A, C:\Users\******* *******\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7, , [d46474467911e6502cf7b92aeb1841bf], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange, , [f543ae0c503a0234d4edc0234cb7768a], 

Dateien: 256
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, , [7abe6b4f830743f36c4b2964649df40c], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, , [a5936e4c3357ae889934f9c3ec15b749], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [c96fb6044b3fa6907f67e58bf60db24e], 
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll, , [52e6e6d4444659dd5233fd6a49bab14f], 
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, , [2a0ed8e2f9915bdbc88cf5a37b86e41c], 
PUP.Optional.SupTab.A, C:\Users\******* *******\AppData\Roaming\SupTab\SupTab.dll, , [9c9c09b1800a13233d62b97e37c9d030], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, , [2810a614464485b1deef328a3ec38b75], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, , [073165551e6c2b0b87461e9eff0253ad], 
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, , [55e33b7fa9e1c57106394858639ee21e], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, , [fb3defcb4149dc5af7d6a21a8180a25e], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, , [71c79d1d12785adc08c526963ac7d22e], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, , [e2568f2b5d2d5fd7e8e5a814857c956b], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, , [ea4e9723206a06301ab3625abd442cd4], 
PUP.Optional.BrowseFox, C:\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\ravingreyvenSetup.exe, , [85b34575eb9f63d3ef9b065d8a78718f], 
PUP.Optional.ScramblePacker.A, C:\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\setup.exe, , [4eea7149157552e4d7549a19e120916f], 
PUP.Optional.Conduit.A, C:\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\sp-downloader.exe, , [ea4e5c5eb3d72511333da8acc53c10f0], 
PUP.Optional.SweetIM, C:\Windows\Installer\8d91c6f.msi, , [1523b7036e1cc472b88abdaa9c6a0ff1], 
PUP.Optional.SearchResults.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\Search_Results.xml, , [eb4dcaf0107a79bd243a7a946d97bc44], 
PUP.Optional.QuickStart.A, C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, , [8cacb406fd8d1b1b66637a997d8724dc], 
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, , [092fd3e796f437ffa49f2a08fe062dd3], 
PUP.Optional.Delta.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\searchplugins\delta.xml, , [4aee0eacf793da5cedf661d2af5540c0], 
PUP.Optional.BrowserDefender.A, C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage, , [e94f487207831521f9e573e31beaf709], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [f2469723e9a175c1de6e437a847f38c8], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\27638b112811943e97ec5efb691d6916.toolbar48.xml, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\8d03c0783b1e34c2b403cee25e4f3d73.options_remote44b_no_fb.html, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\ccbd8b558f1d599e360b3dc00c89e1b1.facebook2.png, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\d7663980840977888075cdf06da9e63d.facebook2_hover.png, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.SweetIM.A, C:\Users\******* *******\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\dda5971490977d5465f836a12522f1a1.games3.png, , [e157f2c8464489ad76c7ccf2fa090bf5], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\92.json, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\uninstallDlg.xml, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\UninstallManager.exe, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\bg1.png, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\button1.png, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\checked.png, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\close.png, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\min.png, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\Thumbs.db, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\images\unchecked.png, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-04-27[21-36-46-071].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-04-27[21-37-02-712].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-05[22-06-47-000].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-05[22-12-28-288].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-05[22-12-38-581].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-46-51-130].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-04-388].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-18-513].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-37-725].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.WebsSearches.A, C:\Users\******* *******\AppData\Roaming\webssearches\log\UninstallManager_2014-05-11[22-58-49-078].log, , [dd5b05b5fe8ca3934970ead633d0db25], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome.manifest, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\install.rdf, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\index.html, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\chrome\skin\style.css, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\addonmanager.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\aes.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\config.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\dialogs.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\last_tab.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\misc.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\properties.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\remoterequest.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.FastStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\extensions\faststartff@gmail.com\modules\settings.js, , [3602e3d7fc8e89ad2df623aa8a797789], 
PUP.Optional.Updater.A, C:\Users\******* *******\AppData\Roaming\DSite\UpdateProc\config.dat, , [53e55466ef9b2c0a8bdfdbf6bc470df3], 
PUP.Optional.Updater.A, C:\Users\******* *******\AppData\Roaming\DSite\UpdateProc\TTL.DAT, , [53e55466ef9b2c0a8bdfdbf6bc470df3], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [49efb4064b3fc5715e48577af50e14ec], 
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe, , [f840c2f83d4de94d8e8348928f74ac54], 
PUP.Optional.NewPlayer.A, C:\Users\******* *******\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7\user.config, , [d46474467911e6502cf7b92aeb1841bf], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\onstart.js, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png, , [f543ae0c503a0234d4edc0234cb7768a], 
PUP.Optional.HttpBreaker.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188");), ,[ca6e9723741673c3a1b03b4437cf748c]
PUP.Optional.QuickStart.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), ,[e058f1c986048da92e5d305020e6d12f]
PUP.Optional.CrossRider.A, C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14595745b550aea38e7407b6637b7ea8");), ,[bb7d3a80f29891a50e341c65d72f8d73]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 13/06/2015 um 18:27:28
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ******* ******* - LAPTOP*******
# Gestarted von : C:\Users\******* *******\Videos\Desktop\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\DM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\******* *******\AppData\Local\wwerwerwe
Ordner Gelöscht : C:\Users\******* *******\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\******* *******\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\******* *******\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\invalidprefs.js
Datei Gelöscht : C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : DSite
Task Gelöscht : QtraxPlayer

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SDP
Schlüssel Gelöscht : HKLM\SOFTWARE\5f0dd88b03fef45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\yuna software
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)

[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1422705841&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14595745b550aea38e7407b6637b7ea8");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "webssearches");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._1gMembers_.lastActivePing", "1412449414820");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._1gMembers_.weather.location", "10001");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=A819D084-1321-4E2D-B1E1-BEEC09BE9FF2&n=77fce4a9&p2=^UX^xdm170^YY^es&si=MA_MAPS_FIG_SPA_11");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013062313");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm170^YY^es");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "MA_MAPS_FIG_SPA_11");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "A819D084-1321-4E2D-B1E1-BEEC09BE9FF2");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1399836722148");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", false);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "airberlingermanwingsgaggenau Z?richroutenplanermaxdomeyirumagoogle ?bersetztegoogle ?bersetzteryoutubeRichard Cla[...]
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "10001");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "inboxace@mindspark.com");
[ut2jfejl.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

-\\ Google Chrome v43.0.2357.124

[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=ES&userid=75a24c15-c0a1-4ad5-8f97-6b6c0d8a2a90&sp=caddr&q={searchTerms}&t=a1211
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=463AC446198F75DA
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1434136452&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188&q={searchTerms}
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Extension] : gnbcopcndefcccgdofjadnafjljgofam
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Homepage] : hxxp://www.searchnu.com/410
[C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Startup_URLs] : hxxp://istart.webssearches.com/?type=hppp&ts=1421522003&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188

*************************

AdwCleaner[R0].txt - [16238 Bytes] - [13/06/2015 18:23:24]
AdwCleaner[S0].txt - [15880 Bytes] - [13/06/2015 18:27:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15940  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.4 (06.13.2015:2)
OS: Windows 7 Home Premium x64
Ran by ******* ******* on 13.06.2015 at 18:44:06,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\mozilla firefox\firefox.cfg



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Users\******* *******\appdata\local\com



~~~ FireFox




~~~ Chrome


[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\******* *******\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  booedmolknjekdopkepjjeckmjkdpfgl,
  fjoijdanhaiflhibkljeklcghcmmfffh,
  flpcjncodpafbgdpnkljologafpionhb,
  gnbcopcndefcccgdofjadnafjljgofam
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2015 at 18:49:42,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
so jetzt noch das FRST kommt sobald es durchgelaufen ist

Alt 13.06.2015, 18:03   #10
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ******* ******* (administrator) on LAPTOP******* on 13-06-2015 18:59:57
Running from C:\Users\******* *******\Downloads
Loaded Profiles: ******* ******* (Available Profiles: ******* *******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Expression\Web 4\ExpressionWeb.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-26] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-17] (Google Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-10-03]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk [2013-10-03]
ShortcutTarget: STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-26] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Tcpip\..\Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: [NameServer] 8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: [NameServer] 8.8.8.8,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll [2012-06-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-2361403017-131952453-2753301349-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\admin@proxy-listen.de.xpi [2014-01-20]
FF Extension: Best Proxy Switcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-20]
FF Extension: anonymoX - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\client@anonymox.net.xpi [2014-01-20]
FF Extension: Firebug - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-10-04]

Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://www.searchnu.com/410"
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421522003&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188"
CHR NewTab: Default -> "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-01-08]
CHR Extension: (Gmail) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2011-07-16] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403208 2010-05-10] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [146928 2010-01-21] (CyberLink Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 IviRegMgr; No ImagePath
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\Users\******* *******\Downloads\FRST-OlderVersion
2015-06-13 18:44 - 2015-06-13 18:44 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP*******-Windows-7-Home-Premium-(64-bit).dat
2015-06-13 18:44 - 2015-06-13 18:44 - 00000000 ____D C:\RegBackup
2015-06-13 18:22 - 2015-06-13 18:27 - 00000000 ____D C:\AdwCleaner
2015-06-13 16:52 - 2015-06-13 16:52 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-13 16:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-13 16:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 16:50 - 2015-06-13 16:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\******* *******\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-12 21:33 - 2015-06-13 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 21:24 - 2015-06-12 21:24 - 00035152 _____ C:\ComboFix.txt
2015-06-12 20:54 - 2015-06-12 21:24 - 00000000 ____D C:\Qoobox
2015-06-12 20:54 - 2015-06-12 21:20 - 00000000 ____D C:\windows\erdnt
2015-06-12 20:54 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-12 20:54 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-12 20:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-11 08:59 - 2015-06-11 08:59 - 00000000 ____D C:\Users\******* *******\AppData\Local\GWX
2015-06-10 22:42 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 22:42 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 22:41 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 22:41 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 22:41 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 22:41 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 22:41 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 22:41 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 22:41 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 22:41 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 22:36 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 22:36 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 22:36 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 22:36 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 22:35 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 22:35 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 22:35 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 22:35 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-10 22:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 22:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 22:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 22:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 22:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 22:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 22:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 22:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 22:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 22:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 22:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 22:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 22:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 22:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 22:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 22:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 22:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 22:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 22:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 22:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 22:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 22:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 22:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 22:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 22:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 22:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 22:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 22:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 22:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 22:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 22:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 22:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 22:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 22:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 22:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 22:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 22:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 22:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 20:59 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 20:59 - 2015-06-12 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-10 20:58 - 2015-06-13 18:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 20:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-08 23:00 - 2015-06-08 23:00 - 770331069 _____ C:\windows\MEMORY.DMP
2015-06-08 23:00 - 2015-06-08 23:00 - 00532192 _____ C:\windows\Minidump\060815-20389-01.dmp
2015-06-08 22:00 - 2015-06-08 22:00 - 00380416 _____ C:\Users\******* *******\Downloads\Gmer-19357.exe
2015-06-08 21:56 - 2015-06-08 21:59 - 00052853 _____ C:\Users\******* *******\Downloads\Addition.txt
2015-06-08 21:54 - 2015-06-13 19:00 - 00000000 ____D C:\FRST
2015-06-08 21:54 - 2015-06-13 18:59 - 00029550 _____ C:\Users\******* *******\Downloads\FRST.txt
2015-06-08 21:53 - 2015-06-13 18:59 - 02109952 _____ (Farbar) C:\Users\******* *******\Downloads\FRST64.exe
2015-06-08 21:50 - 2015-06-08 21:50 - 00000000 _____ C:\Users\******* *******\defogger_reenable
2015-06-04 16:41 - 2015-06-09 18:27 - 00000000 ____D C:\Users\******* *******\AppData\Local\CrashDumps
2015-06-03 21:55 - 2015-06-03 21:55 - 00000000 ____D C:\12bf32d59e7e9d01b7adf8
2015-06-03 21:29 - 2015-06-03 21:29 - 00000000 ____D C:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-24 12:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-24 12:50 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-24 12:50 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-24 12:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-24 12:48 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-24 12:46 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-24 12:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-24 12:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-24 12:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-24 12:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-13 18:51 - 2011-07-17 22:33 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-13 18:45 - 2010-08-17 09:59 - 01864346 _____ C:\windows\WindowsUpdate.log
2015-06-13 18:41 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-13 18:41 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-13 18:38 - 2013-05-22 21:08 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 18:33 - 2012-09-13 21:27 - 00000000 ___RD C:\Users\******* *******\Dropbox
2015-06-13 18:33 - 2012-09-13 21:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Dropbox
2015-06-13 18:32 - 2011-08-19 10:08 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Skype
2015-06-13 18:29 - 2014-12-15 22:49 - 00007455 _____ C:\windows\setupact.log
2015-06-13 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-13 18:28 - 2014-12-15 22:48 - 00131908 _____ C:\windows\PFRO.log
2015-06-13 18:07 - 2014-05-16 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 18:06 - 2010-08-17 11:02 - 00000000 ____D C:\windows\PCHEALTH
2015-06-13 16:49 - 2013-04-08 21:57 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 S-Edition
2015-06-12 21:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-12 21:14 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-12 21:12 - 2009-07-14 04:34 - 67108864 _____ C:\windows\system32\config\components.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 23592960 _____ C:\windows\system32\config\SYSTEM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 106692608 _____ C:\windows\system32\config\SOFTWARE.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00524288 _____ C:\windows\system32\config\DEFAULT.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00061440 _____ C:\windows\system32\config\SAM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2015-06-12 02:06 - 2011-07-15 00:08 - 00000000 ____D C:\Users\******* *******\AppData\Local\Adobe
2015-06-11 20:48 - 2015-01-26 21:46 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieBrowserModeList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieUserList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieSiteList
2015-06-11 20:37 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system
2015-06-11 08:59 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 04:44 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 04:00 - 2010-08-17 01:39 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-11 04:00 - 2010-08-17 01:39 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-11 04:00 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-11 03:54 - 2009-07-14 06:45 - 05057440 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:51 - 2014-12-10 19:53 - 00000000 ____D C:\windows\system32\appraiser
2015-06-11 03:51 - 2014-05-11 21:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-11 03:51 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:44 - 2011-07-17 10:22 - 00000000 ____D C:\Users\******* *******\Documents\Outlook-Dateien
2015-06-11 03:30 - 2011-07-14 16:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:23 - 2013-08-15 23:08 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:05 - 2011-08-21 11:56 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 03:02 - 2009-07-14 04:34 - 00000510 _____ C:\windows\win.ini
2015-06-10 20:52 - 2011-07-16 16:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Apple Computer
2015-06-10 20:51 - 2011-10-21 17:06 - 00000000 ____D C:\Users\******* *******\AppData\Local\13EFF61B-C0BE-4E7C-A631-8DB65ADD1790.aplzod
2015-06-09 23:39 - 2013-05-22 21:08 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 23:39 - 2013-05-22 21:08 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 23:39 - 2013-05-22 21:08 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 23:00 - 2012-07-30 11:56 - 00000000 ____D C:\windows\Minidump
2015-06-08 21:50 - 2011-07-14 16:42 - 00000000 ____D C:\Users\******* *******
2015-06-05 10:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-04 16:47 - 2015-01-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\system32\GWX
2015-06-03 22:43 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-03 22:42 - 2012-06-28 17:58 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 22:42 - 2012-06-28 17:53 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 21:40 - 2014-08-28 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-03 21:04 - 2013-03-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 12:46 - 2011-07-17 22:33 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 12:46 - 2011-07-17 22:33 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 12:46 - 2011-07-17 22:33 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-08-02 18:51 - 2013-08-02 18:51 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-02 18:48 - 2015-04-27 20:13 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2011-10-06 22:37 - 2011-10-06 22:38 - 0013003 _____ () C:\Users\******* *******\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-09-18 21:50 - 2013-09-18 23:38 - 145672688 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-18 21:50 - 2013-09-18 23:38 - 0001817 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2013-06-29 18:43 - 2013-06-29 18:43 - 0001456 _____ () C:\Users\******* *******\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-08 21:28 - 2015-02-08 21:28 - 0003560 _____ () C:\Users\******* *******\AppData\Local\recently-used.xbel
2011-07-14 17:34 - 2011-07-14 17:34 - 0000088 _____ () C:\ProgramData\profile.xml

Some files in TEMP:
====================
C:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5bx_bd.dll
C:\Users\******* *******\AppData\Local\Temp\d_8-vj54.dll
C:\Users\******* *******\AppData\Local\Temp\Quarantine.exe
C:\Users\******* *******\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 07:14

==================== End of log ============================
         
So nun ist alles durchgelaufen und hier eingefügt... wie gehts nun weiter??
Liebe Grüße und herzlichen Dank

Alt 14.06.2015, 15:39   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.06.2015, 07:53   #12
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6024ac5024f4394fa53f50f7edbf23dd
# end=init
# utc_time=2015-06-14 06:29:05
# local_time=2015-06-14 08:29:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24323
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6024ac5024f4394fa53f50f7edbf23dd
# end=updated
# utc_time=2015-06-14 06:37:10
# local_time=2015-06-14 08:37:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6024ac5024f4394fa53f50f7edbf23dd
# engine=24323
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 11:10:32
# local_time=2015-06-15 01:10:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 959317 105617054 0 0
# scanned=447586
# found=3
# cleaned=0
# scan_time=16401
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir"
sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******* *******\AppData\Local\wwerwerwe\asdasdasd\protegere.exe.vir"
         
+++


Rest folgt

Alt 15.06.2015, 18:30   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



ich warte dann auf den Rest
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.06.2015, 19:49   #14
Trinitat
 
Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.4003)   
 TuneUp Utilities    
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities    
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.188  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (38.0.5) 
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ******* ******* (administrator) on LAPTOP******* on 15-06-2015 20:41:12
Running from C:\Users\******* *******\Downloads
Loaded Profiles: ******* ******* (Available Profiles: ******* *******)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Expression\Web 4\ExpressionWeb.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\******* *******\Videos\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-26] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-17] (Google Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2014-10-03]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\******* *******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******* *******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk [2013-10-03]
ShortcutTarget: STRATO HiDrive.lnk -> C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\******* *******\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2361403017-131952453-2753301349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2361403017-131952453-2753301349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-09-26] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2361403017-131952453-2753301349-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-19] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-04-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
Tcpip\..\Interfaces\{AF4B7A41-3583-463C-B531-3C89CE481D19}: [NameServer] 8.8.8.8,192.168.0.1
Tcpip\..\Interfaces\{DF2B36DA-9763-40AB-827C-61CD9F3CFD95}: [NameServer] 8.8.8.8,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\windows\system32\npDeployJava1.dll [2012-06-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-2361403017-131952453-2753301349-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\admin@proxy-listen.de.xpi [2014-01-20]
FF Extension: Best Proxy Switcher - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-01-20]
FF Extension: anonymoX - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\client@anonymox.net.xpi [2014-01-20]
FF Extension: Firebug - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\firebug@software.joehewitt.com.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\******* *******\AppData\Roaming\Mozilla\Firefox\Profiles\ut2jfejl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-07-31]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-10-04]

Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://www.searchnu.com/410"
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421522003&from=tugs&uid=WDCXWD6400BEVT-24A0RT0_WD-WX31A40H7188H7188"
CHR NewTab: Default -> "chrome-extension://lddlkbkjpicecdnicegjgfihibacdefe/config/skin/new-tab.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Users\******* *******\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Wallet) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-27]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-01-08]
CHR Extension: (Gmail) - C:\Users\******* *******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 StarMoney Business 4.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 4.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607048 2011-07-16] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403208 2010-05-10] (TuneUp Software)
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [146928 2010-01-21] (CyberLink Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 IviRegMgr; No ImagePath
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 20:27 - 2015-06-14 20:27 - 02870984 _____ (ESET) C:\Users\******* *******\Downloads\esetsmartinstaller_deu.exe
2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\Users\******* *******\Downloads\FRST-OlderVersion
2015-06-13 18:44 - 2015-06-13 18:44 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP*******-Windows-7-Home-Premium-(64-bit).dat
2015-06-13 18:44 - 2015-06-13 18:44 - 00000000 ____D C:\RegBackup
2015-06-13 18:22 - 2015-06-13 18:27 - 00000000 ____D C:\AdwCleaner
2015-06-13 16:52 - 2015-06-13 16:52 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-13 16:52 - 2015-06-13 16:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-13 16:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-13 16:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 16:50 - 2015-06-13 16:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\******* *******\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-12 21:33 - 2015-06-13 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 21:24 - 2015-06-12 21:24 - 00035152 _____ C:\ComboFix.txt
2015-06-12 20:54 - 2015-06-12 21:24 - 00000000 ____D C:\Qoobox
2015-06-12 20:54 - 2015-06-12 21:20 - 00000000 ____D C:\windows\erdnt
2015-06-12 20:54 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-12 20:54 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-12 20:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-12 20:54 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-11 08:59 - 2015-06-11 08:59 - 00000000 ____D C:\Users\******* *******\AppData\Local\GWX
2015-06-10 22:42 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 22:42 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 22:42 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 22:42 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 22:42 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 22:42 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 22:42 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 22:42 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 22:41 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 22:41 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 22:41 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 22:41 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 22:41 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 22:41 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 22:41 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 22:41 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 22:41 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 22:41 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 22:41 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 22:41 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 22:41 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 22:41 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 22:41 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 22:36 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 22:36 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 22:36 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 22:36 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 22:36 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-06-10 22:36 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-06-10 22:36 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-06-10 22:35 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 22:35 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 22:35 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 22:35 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-10 22:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 22:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 22:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 22:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 22:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 22:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 22:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 22:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 22:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 22:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 22:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 22:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 22:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 22:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 22:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 22:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 22:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 22:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 22:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 22:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 22:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 22:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 22:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 22:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 22:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 22:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 22:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 22:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 22:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 22:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 22:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 22:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 22:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 22:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 22:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 22:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 22:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 22:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 22:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 22:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 22:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 22:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 22:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 22:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 22:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 22:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 22:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 22:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 20:59 - 2015-06-13 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 20:59 - 2015-06-12 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-10 20:58 - 2015-06-13 18:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 20:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-08 23:00 - 2015-06-08 23:00 - 770331069 _____ C:\windows\MEMORY.DMP
2015-06-08 23:00 - 2015-06-08 23:00 - 00532192 _____ C:\windows\Minidump\060815-20389-01.dmp
2015-06-08 22:00 - 2015-06-08 22:00 - 00380416 _____ C:\Users\******* *******\Downloads\Gmer-19357.exe
2015-06-08 21:56 - 2015-06-08 21:59 - 00052853 _____ C:\Users\******* *******\Downloads\Addition.txt
2015-06-08 21:54 - 2015-06-15 20:41 - 00030534 _____ C:\Users\******* *******\Downloads\FRST.txt
2015-06-08 21:54 - 2015-06-15 20:41 - 00000000 ____D C:\FRST
2015-06-08 21:53 - 2015-06-13 18:59 - 02109952 _____ (Farbar) C:\Users\******* *******\Downloads\FRST64.exe
2015-06-08 21:50 - 2015-06-08 21:50 - 00000000 _____ C:\Users\******* *******\defogger_reenable
2015-06-04 16:41 - 2015-06-09 18:27 - 00000000 ____D C:\Users\******* *******\AppData\Local\CrashDumps
2015-06-03 21:55 - 2015-06-03 21:55 - 00000000 ____D C:\12bf32d59e7e9d01b7adf8
2015-06-03 21:29 - 2015-06-03 21:29 - 00000000 ____D C:\windows\TempF16AF546-20B3-53CA-3D77-3D0C91573871-Signatures
2015-06-03 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-24 12:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-24 12:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-24 12:50 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-24 12:50 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-24 12:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-24 12:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-24 12:48 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-24 12:46 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-24 12:46 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-24 12:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-24 12:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-24 12:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-24 12:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-24 12:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 20:42 - 2011-08-19 10:08 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Skype
2015-06-15 20:38 - 2013-05-22 21:08 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 20:19 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 20:19 - 2009-07-14 06:45 - 00022464 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 19:53 - 2010-08-17 09:59 - 02030021 _____ C:\windows\WindowsUpdate.log
2015-06-15 19:51 - 2011-07-17 22:33 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 11:52 - 2014-06-01 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-06-15 02:00 - 2011-07-15 00:08 - 00000000 ____D C:\Users\******* *******\AppData\Local\Adobe
2015-06-13 19:33 - 2011-07-17 10:22 - 00000000 ____D C:\Users\******* *******\Documents\Outlook-Dateien
2015-06-13 19:26 - 2011-10-21 17:06 - 00000000 ____D C:\Users\******* *******\AppData\Local\13EFF61B-C0BE-4E7C-A631-8DB65ADD1790.aplzod
2015-06-13 18:33 - 2012-09-13 21:27 - 00000000 ___RD C:\Users\******* *******\Dropbox
2015-06-13 18:33 - 2012-09-13 21:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Dropbox
2015-06-13 18:29 - 2014-12-15 22:49 - 00007455 _____ C:\windows\setupact.log
2015-06-13 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-13 18:28 - 2014-12-15 22:48 - 00131908 _____ C:\windows\PFRO.log
2015-06-13 18:07 - 2014-05-16 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-13 18:07 - 2010-08-17 11:02 - 00000000 ____D C:\windows\PCHEALTH
2015-06-13 16:49 - 2013-04-08 21:57 - 00000000 ____D C:\Program Files (x86)\StarMoney Business 6.0 S-Edition
2015-06-12 21:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-12 21:14 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-06-12 21:12 - 2009-07-14 04:34 - 67108864 _____ C:\windows\system32\config\components.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 23592960 _____ C:\windows\system32\config\SYSTEM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 106692608 _____ C:\windows\system32\config\SOFTWARE.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00524288 _____ C:\windows\system32\config\DEFAULT.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00061440 _____ C:\windows\system32\config\SAM.bak
2015-06-12 21:12 - 2009-07-14 04:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2015-06-11 20:48 - 2015-01-26 21:46 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieBrowserModeList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieUserList
2015-06-11 20:48 - 2014-07-18 17:03 - 00000000 __SHD C:\Users\******* *******\AppData\Local\EmieSiteList
2015-06-11 20:37 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system
2015-06-11 08:59 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-11 04:44 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2015-06-11 04:00 - 2010-08-17 01:39 - 00699682 _____ C:\windows\system32\perfh007.dat
2015-06-11 04:00 - 2010-08-17 01:39 - 00149790 _____ C:\windows\system32\perfc007.dat
2015-06-11 04:00 - 2009-07-14 07:13 - 01620684 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-11 03:54 - 2009-07-14 06:45 - 05057440 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 03:51 - 2014-12-10 19:53 - 00000000 ____D C:\windows\system32\appraiser
2015-06-11 03:51 - 2014-05-11 21:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-11 03:51 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 03:30 - 2011-07-14 16:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:23 - 2013-08-15 23:08 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 03:05 - 2011-08-21 11:56 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 03:02 - 2009-07-14 04:34 - 00000510 _____ C:\windows\win.ini
2015-06-10 20:52 - 2011-07-16 16:22 - 00000000 ____D C:\Users\******* *******\AppData\Roaming\Apple Computer
2015-06-09 23:39 - 2013-05-22 21:08 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 23:39 - 2013-05-22 21:08 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 23:39 - 2013-05-22 21:08 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 23:00 - 2012-07-30 11:56 - 00000000 ____D C:\windows\Minidump
2015-06-08 21:50 - 2011-07-14 16:42 - 00000000 ____D C:\Users\******* *******
2015-06-05 10:58 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-04 16:47 - 2015-01-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-03 22:45 - 2012-05-16 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-03 22:43 - 2015-04-05 20:46 - 00000000 ___SD C:\windows\system32\GWX
2015-06-03 22:43 - 2009-07-29 09:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 22:43 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-03 22:42 - 2012-06-28 17:58 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 22:42 - 2012-06-28 17:53 - 00001912 _____ C:\windows\epplauncher.mif
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 22:41 - 2012-06-28 17:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 21:40 - 2014-08-28 12:57 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-03 21:04 - 2013-03-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 12:46 - 2011-07-17 22:33 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 12:46 - 2011-07-17 22:33 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 12:46 - 2011-07-17 22:33 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-08-02 18:51 - 2013-08-02 18:51 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-02 18:48 - 2015-04-27 20:13 - 0000132 _____ () C:\Users\******* *******\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2011-10-06 22:37 - 2011-10-06 22:38 - 0013003 _____ () C:\Users\******* *******\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-09-18 21:50 - 2013-09-18 23:38 - 145672688 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-18 21:50 - 2013-09-18 23:38 - 0001817 _____ () C:\Users\******* *******\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2013-06-29 18:43 - 2013-06-29 18:43 - 0001456 _____ () C:\Users\******* *******\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-08 21:28 - 2015-02-08 21:28 - 0003560 _____ () C:\Users\******* *******\AppData\Local\recently-used.xbel
2011-07-14 17:34 - 2011-07-14 17:34 - 0000088 _____ () C:\ProgramData\profile.xml

Some files in TEMP:
====================
C:\Users\******* *******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5bx_bd.dll
C:\Users\******* *******\AppData\Local\Temp\d_8-vj54.dll
C:\Users\******* *******\AppData\Local\Temp\Quarantine.exe
C:\Users\******* *******\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 13:44

==================== End of log ============================
         
So nun ist auch das erledigt...
Liebe Grüße
und Danke

Alt 16.06.2015, 16:03   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Standard

Windows 7 wie kann ich den DHL Trojaner vollständig entfernen



Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF NetworkProxy: "ftp", "194.110.219.43"
FF NetworkProxy: "ftp_port", 3129
FF NetworkProxy: "gopher", "194.110.219.43"
FF NetworkProxy: "gopher_port", 3129
FF NetworkProxy: "http", "194.110.219.43"
FF NetworkProxy: "http_port", 3129
FF NetworkProxy: "socks", "194.110.219.43"
FF NetworkProxy: "socks_port", 3129
FF NetworkProxy: "ssl", "194.110.219.43"
FF NetworkProxy: "ssl_port", 3129
FF NetworkProxy: "type", 0
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 wie kann ich den DHL Trojaner vollständig entfernen
adware, booten, browser, converter, cpu, desktop, entfernen, firefox, flash player, helper, homepage, iexplore.exe, installmanager.exe, internet, internet explorer, launch, newtab, programm, rundll, security, server, software, svchost.exe, trojaner, trojaner board, usb, viren, windows, zipdatei




Ähnliche Themen: Windows 7 wie kann ich den DHL Trojaner vollständig entfernen


  1. Trojaner Super Easy Driver Updater bei Windows Vista wie kann ich es entfernen? Geek Uninstaller installiert keine Entfernung möglich
    Log-Analyse und Auswertung - 18.10.2015 (4)
  2. Trojaner Rotbrow.K vollständig entfernen
    Log-Analyse und Auswertung - 10.01.2014 (5)
  3. Trojaner -- TR/Matsnu.G -- in Quarantäne. Was tun um ihn vollständig vom System zu entfernen?
    Log-Analyse und Auswertung - 27.11.2013 (11)
  4. MS-DOS Trojaner vollständig entfernen
    Log-Analyse und Auswertung - 01.10.2013 (15)
  5. GVU Virus/Trojaner vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (11)
  6. fbDownloader vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (10)
  7. fbDownloader vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (19)
  8. BKA/GVU-Virus vollständig entfernen
    Log-Analyse und Auswertung - 04.03.2013 (44)
  9. Trojaner Generic 27.BSNV vollständig entfernen?
    Log-Analyse und Auswertung - 11.04.2012 (3)
  10. Trojaner vollständig entfernen!
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (17)
  11. Windows Diagnostic vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (11)
  12. HDDLOW (hoffentlich) entfernt! wie kann ich prüfen, ob das System nun vollständig sauber ist?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (29)
  13. ICQ-VIRUS-vollständig entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (12)
  14. Wie kann ich den Trojaner "Cyber Security" bei Windows Vista entfernen?
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (4)
  15. Bifrost Virus - Wie kann er vollständig entfernt werden?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2009 (5)
  16. CnsMin - kann nicht vollständig gelöscht werden
    Log-Analyse und Auswertung - 08.02.2009 (0)
  17. Excel Addin Multiprint kann nicht vollständig entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 28.07.2008 (0)

Zum Thema Windows 7 wie kann ich den DHL Trojaner vollständig entfernen - Hallo Team von Trojaner Board, ich habe letze Woche ein mail von DHL bekommen mit einer zipdatei und habe diese entpackt und die pdf Datei angeklickt... ich war so in - Windows 7 wie kann ich den DHL Trojaner vollständig entfernen...
Archiv
Du betrachtest: Windows 7 wie kann ich den DHL Trojaner vollständig entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.