Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2015, 18:34   #1
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Hallo,

ich wollte bei meinem Virenschutz von Avira auf Avast umsteigen. Bei der Installation von Avast kommt allerdings die Meldung, dass der Dienst "Base Filtering Engine" nicht ausgeführt wird. Der Versuch diesen manuell zu starten schlug fehl. Es kommt die Meldung: "Der Dienst Basisfiltermodul auf Lokaler Computer konnte nicht gestartet werden. Fehler 5: Zugriff verweigert."

Zudem lässt sich auch die Windows-Firewall nicht mehr starten. Hier wird folgender Fehler angezeigt: "Fehler 1068: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnten nicht gestartet werden."

Bitte um Hilfe

Alt 16.06.2015, 18:45   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 16.06.2015, 18:59   #3
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SaschaPetsch (administrator) on SASCHA on 16-06-2015 19:49:01
Running from C:\Users\SaschaPetsch\Downloads
Loaded Profiles: SaschaPetsch (Available Profiles: SaschaPetsch & Sascha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files (x86)\pdf24\pdf24.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\pdf24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [GPULoader] => "C:\Program Files (x86)\VLC Player GPU+\GPULog.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\MountPoints2: {5619d18f-b807-11de-82fc-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\MountPoints2: {90136265-cf9e-11df-b483-00262d579566} - E:\pushinst.exe
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\MountPoints2: {c1b682cd-ee33-11de-9f93-00262d579566} - G:\pushinst.exe
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2015-04-19]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2009-12-21]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-12-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
URLSearchHook: HKU\S-1-5-21-468609111-1792752646-2182262598-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-468609111-1792752646-2182262598-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default
FF NetworkProxy: "autoconfig_url", "hxxp://proxypac.tcd.ie/accelerated_pac_base.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-468609111-1792752646-2182262598-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\SASCHA~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SaschaPetsch\AppData\Roaming\mozilla\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Extension: Amazon-Icon - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\amazon-icon@giga.de [2015-04-07]
FF Extension: FireFound - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\firefound@efinke.com [2011-07-27]
FF Extension: Ghostery - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\firefox@ghostery.com [2012-03-30]
FF Extension: Long URL Please - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\longurlplease@darragh.curran [2011-07-27]
FF Extension: OptimizeGoogle - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\optimizegoogle@optimizegoogle.com [2011-07-27]
FF Extension: CookieCuller - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2010-09-30]
FF Extension: WOT - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-03-30]
FF Extension: Redirect Remover - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2010-09-30]
FF Extension: FlashGot - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-09-30]
FF Extension: Adblock Plus - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-30]
FF Extension: DownThemAll! - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-07-27]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-06-16]
FF HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\extensions\faststartff@gmail.com [not found]
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [not found]
FF Extension: No Name - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\extensions\faststartff@gmail.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Adblock Plus) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-04]
CHR Extension: (Google Search) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Google Wallet) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVM IGD CTRL Service; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin) [File not signed]
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-11] () [File not signed]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 19:49 - 2015-06-16 19:49 - 00026231 _____ C:\Users\SaschaPetsch\Downloads\FRST.txt
2015-06-16 19:48 - 2015-06-16 19:48 - 02109952 _____ (Farbar) C:\Users\SaschaPetsch\Downloads\FRST64.exe
2015-06-16 19:48 - 2015-06-16 19:48 - 00000000 _____ C:\Windows\setuperr.log
2015-06-16 19:48 - 2015-06-16 19:48 - 00000000 _____ C:\Windows\setupact.log
2015-06-16 19:11 - 2015-06-16 19:11 - 05481344 _____ (Avast Software s.r.o.) C:\Users\SaschaPetsch\Downloads\avast_free_antivirus_setup.exe
2015-06-16 18:04 - 2015-06-16 18:04 - 00000329 _____ C:\Users\SaschaPetsch\Desktop\HP Druckerdiagnosetools.url
2015-06-16 17:39 - 2015-06-16 18:05 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HpUpdate
2015-06-16 17:37 - 2015-06-16 17:37 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\HpUpdate
2015-06-16 17:35 - 2015-06-16 17:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HP
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Local\HP
2015-06-16 13:19 - 2015-06-16 13:19 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-06-16 13:19 - 2015-06-16 13:19 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Yahoo!
2015-06-16 13:19 - 2015-06-16 13:19 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2015-06-16 13:19 - 2015-06-16 13:19 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-06-16 13:18 - 2015-06-16 13:18 - 00002171 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2015-06-16 13:17 - 2015-06-16 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-16 13:17 - 2015-06-16 13:17 - 00001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-06-16 13:17 - 2015-06-16 13:17 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-06-16 13:13 - 2015-06-16 13:13 - 00000000 ____D C:\Program Files\HP
2015-06-16 12:39 - 2015-06-16 13:02 - 327118024 _____ C:\Users\SaschaPetsch\Downloads\PS_AIO_02_USW_Full_Win_WW_130_140.exe
2015-06-16 12:01 - 2015-06-16 17:38 - 00000000 ____D C:\Program Files (x86)\Hp
2015-06-16 12:01 - 2015-06-16 12:01 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-16 12:00 - 2015-06-16 12:00 - 05197824 _____ C:\Users\SaschaPetsch\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-06-16 11:49 - 2015-06-16 11:49 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\GWX
2015-06-15 17:03 - 2015-06-15 17:04 - 00000000 ____D C:\Users\Sascha\Documents\Fax
2015-06-10 08:19 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:19 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:19 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:19 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:19 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 08:19 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:19 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:19 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 08:19 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 08:19 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 08:19 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:19 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 08:19 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 08:19 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:19 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:19 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:19 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:19 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:19 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:19 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:19 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:19 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 08:19 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:19 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 08:19 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:19 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 08:19 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 08:19 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:19 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 08:19 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:19 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:19 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 08:19 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:19 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:19 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:19 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:19 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:19 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 08:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 08:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 08:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 08:13 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 08:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 08:12 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:12 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 08:12 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 08:12 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 08:12 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:12 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 08:12 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:12 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 08:12 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 08:12 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 08:12 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 08:12 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 11:04 - 2015-06-07 11:04 - 02231296 _____ C:\Users\Sascha\Downloads\adwcleaner_4.206.exe
2015-06-04 10:30 - 2015-06-04 10:30 - 01010176 _____ C:\Users\Sascha\Downloads\MicrosoftFixit50884.msi
2015-06-01 14:38 - 2015-06-01 14:38 - 00000000 ____D C:\Users\Sascha\AppData\Local\GWX
2015-05-22 17:12 - 2015-05-22 17:12 - 00002326 _____ C:\Users\Public\Desktop\Tennis Masters Series 2003.lnk
2015-05-22 17:12 - 2015-05-22 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microids
2015-05-22 17:06 - 2015-05-22 17:06 - 00000000 ____D C:\Program Files (x86)\Microids
2015-05-20 21:39 - 2015-05-20 22:05 - 00047104 _____ C:\Windows\SysWOW64\KMVIDC32.DLL
2015-05-19 23:22 - 2015-05-19 23:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-19 23:20 - 2015-05-19 23:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-19 23:05 - 2015-05-19 23:05 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-05-17 16:29 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 16:29 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 19:49 - 2015-04-19 13:09 - 00000000 ____D C:\FRST
2015-06-16 19:49 - 2012-12-04 10:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 19:17 - 2013-07-02 08:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 18:49 - 2010-07-12 13:12 - 00005407 _____ C:\ProgramData\hpzinstall.log
2015-06-16 18:23 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 18:23 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieUserList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieSiteList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieBrowserModeList
2015-06-16 18:20 - 2014-09-13 15:13 - 01865747 ____N C:\Windows\WindowsUpdate.log
2015-06-16 18:16 - 2009-12-21 13:36 - 00083232 _____ C:\Users\SaschaPetsch\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 18:15 - 2014-02-13 00:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24.job
2015-06-16 18:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 18:15 - 2009-07-14 06:45 - 00338896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 18:10 - 2014-05-01 14:30 - 00000000 ____D C:\Program Files (x86)\KaloMa
2015-06-16 17:32 - 2010-10-06 14:40 - 00083232 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 13:23 - 2010-07-12 13:34 - 00235191 ____N C:\Windows\hpoins21.dat.temp
2015-06-16 13:23 - 2010-07-12 13:27 - 00235191 ____N C:\Windows\hpoins21.dat
2015-06-16 13:18 - 2010-07-12 13:12 - 00000000 ____D C:\ProgramData\HP
2015-06-16 11:51 - 2013-07-14 17:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-16 11:49 - 2009-08-22 07:23 - 00000000 ____D C:\ProgramData\Adobe
2015-06-15 13:03 - 2014-06-28 11:32 - 00000000 ____D C:\Users\Sascha\Desktop\PT
2015-06-13 15:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 12:45 - 2013-01-17 15:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\FRITZ!
2015-06-13 12:45 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-13 12:44 - 2009-10-14 02:43 - 00729266 _____ C:\Windows\system32\perfh007.dat
2015-06-13 12:44 - 2009-10-14 02:43 - 00159262 _____ C:\Windows\system32\perfc007.dat
2015-06-13 12:44 - 2009-07-14 07:13 - 00006264 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-13 12:36 - 2014-12-12 19:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-13 12:36 - 2014-05-06 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-13 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 07:30 - 2009-08-22 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 07:27 - 2013-08-18 07:35 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 07:01 - 2009-12-23 00:41 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 12:21 - 2009-12-21 13:36 - 00000000 ____D C:\Users\SaschaPetsch
2015-06-10 08:49 - 2012-12-04 10:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 08:49 - 2012-05-13 08:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 08:49 - 2011-07-27 12:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 08:20 - 2013-07-02 08:53 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 15:55 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-07 11:08 - 2013-09-26 23:51 - 00000000 ____D C:\AdwCleaner
2015-05-28 09:27 - 2011-07-27 12:37 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-28 09:27 - 2010-10-04 17:11 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-05-23 07:04 - 2015-04-19 09:14 - 00000000 ____D C:\ProgramData\MFAData
2015-05-21 20:48 - 2011-09-22 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 20:36 - 2009-12-23 19:42 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 18:25 - 2015-04-07 18:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 18:25 - 2015-04-07 18:43 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 23:33 - 2009-08-22 07:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-19 23:21 - 2013-12-10 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-19 23:14 - 2015-03-16 15:04 - 00000000 ____D C:\Program Files (x86)\MagicISO
2015-05-19 23:10 - 2009-08-22 07:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-19 23:08 - 2010-10-12 14:41 - 00000000 ____D C:\Users\Sascha\AppData\Local\Adobe
2015-05-19 07:12 - 2014-04-01 07:38 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24
2015-05-19 07:12 - 2013-07-02 08:52 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 21:42 - 2013-03-15 08:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-17 21:42 - 2013-03-15 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 21:39 - 2009-08-22 08:06 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-17 21:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-17 16:28 - 2013-03-15 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2009-08-22 10:43 - 2009-02-10 21:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2004-01-26 18:15 - 2004-01-26 18:15 - 0233472 ____R () C:\Users\SaschaPetsch\AppData\Roaming\MafiaSetup.exe
2009-12-21 16:13 - 2009-12-23 19:09 - 0000166 _____ () C:\Users\SaschaPetsch\AppData\Roaming\wklnhst.dat
2009-10-13 16:55 - 2009-10-13 17:00 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-07-12 13:12 - 2015-06-16 18:49 - 0005407 _____ () C:\ProgramData\hpzinstall.log

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Users\Sascha\AppData\Local\4ca5590b
C:\Users\Sascha\AppData\Local\4ca5590b\@

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 12:57

==================== End of log ============================
         
--- --- ---


Addition
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by SaschaPetsch at 2015-06-16 19:50:19
Running from C:\Users\SaschaPetsch\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-468609111-1792752646-2182262598-500 - Administrator - Disabled)
Gast (S-1-5-21-468609111-1792752646-2182262598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-468609111-1792752646-2182262598-1002 - Limited - Enabled)
Sascha (S-1-5-21-468609111-1792752646-2182262598-1003 - Limited - Enabled) => C:\Users\Sascha
SaschaPetsch (S-1-5-21-468609111-1792752646-2182262598-1000 - Administrator - Enabled) => C:\Users\SaschaPetsch

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.6821 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.6821 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.5.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
ATI AVIVO64 Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - )
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - )
AVM FRITZ!DSL (HKLM-x32\...\FRITZ!DSL) (Version:  - )
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Flatcast Viewer Plugin 5.3.0.784 (HKLM-x32\...\Flatcast Viewer 5.3_is1) (Version:  - 1 mal 1 Software GmbH)
Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gothic III Demo (HKLM-x32\...\{9F1941D2-45A2-4CA6-8041-EA2B10CD2ECD}) (Version: 1.00.0000 - JoWooD Productions Software AG)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version:  - )
GPU Monitor (HKLM-x32\...\VLC Player GPU+11.041.44) (Version: 11.041.44 - GPU Usage) <==== ATTENTION
Half-Life (HKLM-x32\...\Half-Life) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 20 (HKLM\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version:  - Frank Böpple)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 7.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 7.0.1 (x86 de)) (Version: 7.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF24 Creator 5.6.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
pdfsam (HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\pdfsam) (Version: 2.1.0 - )
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM 1.1.1 (HKLM-x32\...\ScummVM_is1) (Version:  - )
Settlers 2 GOLD (HKLM-x32\...\GOGPACKSETTLERS2GOLD_is1) (Version: 2.0.0.14 - GOG.com)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra-Dienstprogramme (HKLM-x32\...\Sierra-Dienstprogramme) (Version:  - )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
STDU Viewer version 1.6.350.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.6.350.0 - STDUtility)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Tennis Masters Series 2003 (HKLM-x32\...\{C31C79CA-EA60-4F9F-8FFB-749D778C134F}) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{ED636101-1959-4360-8BF7-209436E7DEE4}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WordToPDF 2.9 (HKLM-x32\...\WordToPDF_is1) (Version: 2.9 - Mario Noack)
Worms2 (HKLM-x32\...\Worms2) (Version:  - )
XnView 2.03 (HKLM-x32\...\XnView_is1) (Version: 2.03 - Gougelet Pierre-e)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-06-2015 19:00:21 Windows-Sicherung
16-06-2015 12:01:11 Installed HP Support Solutions Framework
16-06-2015 17:35:31 Installed HP Update.
16-06-2015 18:03:46 Installed Network64

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C8778A8-AEF1-4F57-9339-80DA44F7C571} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: {277648A5-470D-4EBB-A2F8-B95E5AD79F27} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {39C83F40-E908-4DD6-8F90-DF667769BF3B} - System32\Tasks\{EEF03C83-6C51-47C9-95C5-09B665163CB8} => pcalua.exe -a C:\Windows\IsUn0407.exe -c -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
Task: {47CEB736-A119-48F4-A692-CFA365A83BCE} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: {5425D54A-5AD2-4355-892D-9994D1F89734} - System32\Tasks\{98C24F23-0E26-40E8-A28B-3D3C81FAA929} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {5CE1485F-2065-4C6F-98A6-6A3C3620878F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {5F564367-8FC5-4A5C-B4EF-E7843FCDB3D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {6A624C03-8A1C-4EDF-BF80-12B7EA7DB62F} - System32\Tasks\{FB327205-8969-48AF-8DC3-1E830DFB9853} => pcalua.exe -a C:\Users\SaschaPetsch\AppData\Local\Temp\Temp1_Vscan8_7[1].zip\SetupVSE.Exe
Task: {895E2202-11E6-4FA6-AD62-7D3A5E2E155B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {9814C9E2-0F90-4A48-ADC4-2AE38B0DF06A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)
Task: {9981084D-1CC6-423C-9F5A-6BB5D9FD4E3B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {A01C12AC-86DF-4D8B-89F0-EB3B8CCCB19C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {A442A92C-4556-4880-B2A4-ACF1918A1FF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {AFFCC3AB-F097-45A9-8BAA-CBF29FDB2E9D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-468609111-1792752646-2182262598-1000
Task: {BF751241-EA82-471D-A8F1-588B3BAB3B4B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {E001D5F8-0A6B-43BC-A534-D6AB97586B92} - System32\Tasks\{21EE11A4-658F-4C43-A177-0A00379C9345} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179/de/exitsurvey
Task: {E06F01E1-9B98-411F-9171-67EFE610B7E3} - System32\Tasks\{90F9E631-C4CE-4085-8041-9CAB8BC2CA55} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.259&amp;LastError=407
Task: {F084530B-8278-49C3-BE83-1DB0509EB4DF} - System32\Tasks\{A962EE55-4518-4B3A-ABFC-E1176FF45473} => pcalua.exe -a D:\setup.exe -d D:\
Task: {FB1B1F42-E18C-4D28-ABD7-25D1A6F81CED} - System32\Tasks\Opera scheduled Autoupdate 1424030055 => C:\Program Files (x86)\Opera\launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2010-03-11 11:48 - 2005-03-12 04:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2009-10-13 16:54 - 2008-07-29 19:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files (x86)\CCleaner\lang\lang-1031.dll
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-10-13 16:53 - 2009-10-13 16:53 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-06-10 08:20 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-10 08:20 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-10 08:20 - 2015-06-05 20:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5A48B92-8A06-46CC-AB98-D30EDF70F628}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{D8AABB03-CA8D-478A-9763-5281D43A0491}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{709F98C6-1B56-469C-AA7C-7E33F537B2FB}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{0DB6F52F-2488-4615-B42D-CC238964C6BE}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{958F1BBC-60DD-40B6-8FEA-6FEB092471C3}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{6CE1FEFF-C865-4240-AA02-DA15D367E508}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{44FDB140-CB75-40C8-B9B4-4A5C1D4BCCE1}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{828E38CA-08AE-4162-AAF3-02BF4102C383}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{C9A3A395-2488-41D5-9620-65D84DFCCEC4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{353BC482-CDEF-4759-924A-61A3B81B8861}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C876BD82-4588-4B75-9A4A-2493AC7CF0F8}] => (Allow) svchost.exe
FirewallRules: [{87FD9F31-49E2-46AE-AB5C-7B708C9E8268}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{870458ED-C214-4A69-A036-173E5E558343}] => (Allow) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{C26C242F-B383-41BE-A6D8-96137A9CFAD8}] => (Allow) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{C19335F6-4741-443B-B6D0-3B6334EDFC6E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{AFDD8ABC-F77D-4804-BCBA-9CB3E1C55CE8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{9D4460A3-23B2-4071-A976-C139D6810E88}] => (Allow) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [{5DF7E511-87D6-484F-81DA-F4F6D47D8B79}] => (Allow) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
FirewallRules: [TCP Query User{B31A1E4F-6142-4C81-9722-C882285E7D68}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{25E29639-5729-444A-BF84-DA464A4E804D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{38D60B53-9FE3-460B-897D-BB5D82F782FD}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D3BA44B7-44FB-4080-84D7-702AE426096F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2015 06:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WLanGUI.exe, Version: 1.0.4.11, Zeitstempel: 0x49f577db
Name des fehlerhaften Moduls: WLanGUI.exe, Version: 1.0.4.11, Zeitstempel: 0x49f577db
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00067333
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xWLanGUI.exe0
Pfad der fehlerhaften Anwendung: WLanGUI.exe1
Pfad des fehlerhaften Moduls: WLanGUI.exe2
Berichtskennung: WLanGUI.exe3

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/16/2015 11:52:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/16/2015 07:28:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%5

Error: (06/16/2015 07:28:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:28:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Firewall" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%5

Error: (06/16/2015 07:28:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:27:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:26:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:24:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:23:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:17:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/16/2015 07:14:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Basisfiltermodul" wurde mit folgendem Fehler beendet: 
%%5


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 4090.93 MB
Available physical RAM: 1825.29 MB
Total Pagefile: 8180.06 MB
Available Pagefile: 5179.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:170.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (PS_AIO_02_Networ) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS
Drive f: (Lexar) (Removable) (Total:7.45 GB) (Free:2.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D33AD33A)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of log ============================
         
--- --- ---
__________________

Alt 17.06.2015, 16:08   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    GPU Monitor


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.06.2015, 18:51   #5
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Logfile Malwarebytes Anti-Rootkit

Code:
ATTFilter
 Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.17.04
  rootkit: v2015.06.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
SaschaPetsch :: SASCHA [administrator]

17.06.2015 18:57:47
mbar-log-2015-06-17 (18-57-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 424724
Time elapsed: 30 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Logfile TDSS Killer

Code:
ATTFilter
 19:41:58.0089 0x0db4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:42:03.0592 0x0db4  ============================================================
19:42:03.0593 0x0db4  Current date / time: 2015/06/17 19:42:03.0592
19:42:03.0593 0x0db4  SystemInfo:
19:42:03.0593 0x0db4  
19:42:03.0593 0x0db4  OS Version: 6.1.7601 ServicePack: 1.0
19:42:03.0593 0x0db4  Product type: Workstation
19:42:03.0594 0x0db4  ComputerName: SASCHA
19:42:03.0594 0x0db4  UserName: SaschaPetsch
19:42:03.0594 0x0db4  Windows directory: C:\Windows
19:42:03.0594 0x0db4  System windows directory: C:\Windows
19:42:03.0594 0x0db4  Running under WOW64
19:42:03.0594 0x0db4  Processor architecture: Intel x64
19:42:03.0594 0x0db4  Number of processors: 2
19:42:03.0594 0x0db4  Page size: 0x1000
19:42:03.0594 0x0db4  Boot type: Normal boot
19:42:03.0594 0x0db4  ============================================================
19:42:03.0912 0x0db4  KLMD registered as C:\Windows\system32\drivers\81341135.sys
19:42:04.0283 0x0db4  System UUID: {8B04FD12-8E1E-9F92-715D-85E6816CD043}
19:42:04.0978 0x0db4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:42:05.0013 0x0db4  Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 ( 7.47 Gb ), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:42:05.0017 0x0db4  ============================================================
19:42:05.0017 0x0db4  \Device\Harddisk0\DR0:
19:42:05.0017 0x0db4  MBR partitions:
19:42:05.0018 0x0db4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
19:42:05.0018 0x0db4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
19:42:05.0018 0x0db4  \Device\Harddisk1\DR1:
19:42:05.0018 0x0db4  MBR partitions:
19:42:05.0018 0x0db4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x50, BlocksNum 0xEEFFB0
19:42:05.0018 0x0db4  ============================================================
19:42:05.0089 0x0db4  C: <-> \Device\Harddisk0\DR0\Partition2
19:42:05.0091 0x0db4  ============================================================
19:42:05.0091 0x0db4  Initialize success
19:42:05.0091 0x0db4  ============================================================
19:43:39.0472 0x0d9c  ============================================================
19:43:39.0472 0x0d9c  Scan started
19:43:39.0473 0x0d9c  Mode: Manual; SigCheck; TDLFS; 
19:43:39.0473 0x0d9c  ============================================================
19:43:39.0473 0x0d9c  KSN ping started
19:43:53.0111 0x0d9c  KSN ping finished: true
19:43:54.0101 0x0d9c  ================ Scan system memory ========================
19:43:54.0101 0x0d9c  System memory - ok
19:43:54.0102 0x0d9c  ================ Scan services =============================
19:43:54.0287 0x0d9c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:43:54.0565 0x0d9c  1394ohci - ok
19:43:54.0619 0x0d9c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:43:54.0670 0x0d9c  ACPI - ok
19:43:54.0706 0x0d9c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:43:54.0828 0x0d9c  AcpiPmi - ok
19:43:54.0981 0x0d9c  [ 929593D76589294BA3F74540298D1B3E, 3D1C1772579141BD1040363BD65F2A2D78BF42EC85AE96317AE397E3D5267145 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:43:55.0017 0x0d9c  AdobeARMservice - ok
19:43:55.0181 0x0d9c  [ 7C58046ACEAF10525077BD586A740E9F, E26D446EDB158A9EDA7FC7E1DA650FA8896748B7DEB9FDBF5BD4352ACF01B721 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:43:55.0250 0x0d9c  AdobeFlashPlayerUpdateSvc - ok
19:43:55.0333 0x0d9c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:43:55.0396 0x0d9c  adp94xx - ok
19:43:55.0443 0x0d9c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:43:55.0492 0x0d9c  adpahci - ok
19:43:55.0517 0x0d9c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:43:55.0550 0x0d9c  adpu320 - ok
19:43:55.0587 0x0d9c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:43:55.0697 0x0d9c  AeLookupSvc - ok
19:43:55.0746 0x0d9c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:43:55.0873 0x0d9c  AFD - ok
19:43:55.0961 0x0d9c  [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
19:43:56.0047 0x0d9c  AgereModemAudio - ok
19:43:56.0121 0x0d9c  [ AF4748EF93416159459769A24A0053AF, AE1C4E67E7555066436112C5A090DC5B49B264E3BA3ECF4CE2F1E9B799089B7D ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:43:56.0230 0x0d9c  AgereSoftModem - ok
19:43:56.0271 0x0d9c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:43:56.0300 0x0d9c  agp440 - ok
19:43:56.0354 0x0d9c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:43:56.0449 0x0d9c  ALG - ok
19:43:56.0491 0x0d9c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:43:56.0519 0x0d9c  aliide - ok
19:43:56.0581 0x0d9c  [ D0D8877969011D1B0ED9C3C55A9A9108, DFF41D12EA353DFACDF5C1C227D2D44D659EB8C484829651C90F8684CE2B9E49 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:43:56.0697 0x0d9c  AMD External Events Utility - ok
19:43:56.0730 0x0d9c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:43:56.0757 0x0d9c  amdide - ok
19:43:56.0804 0x0d9c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:43:56.0898 0x0d9c  AmdK8 - ok
19:43:56.0914 0x0d9c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:43:56.0986 0x0d9c  AmdPPM - ok
19:43:57.0034 0x0d9c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:43:57.0076 0x0d9c  amdsata - ok
19:43:57.0113 0x0d9c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:43:57.0145 0x0d9c  amdsbs - ok
19:43:57.0185 0x0d9c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:43:57.0226 0x0d9c  amdxata - ok
19:43:57.0266 0x0d9c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
19:43:57.0307 0x0d9c  AppID - ok
19:43:57.0328 0x0d9c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:43:57.0377 0x0d9c  AppIDSvc - ok
19:43:57.0433 0x0d9c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:43:57.0511 0x0d9c  Appinfo - ok
19:43:57.0588 0x0d9c  AppObserver - ok
19:43:57.0633 0x0d9c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:43:57.0677 0x0d9c  arc - ok
19:43:57.0700 0x0d9c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:43:57.0731 0x0d9c  arcsas - ok
19:43:57.0852 0x0d9c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:43:57.0893 0x0d9c  aspnet_state - ok
19:43:57.0924 0x0d9c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:58.0100 0x0d9c  AsyncMac - ok
19:43:58.0161 0x0d9c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:43:58.0199 0x0d9c  atapi - ok
19:43:58.0284 0x0d9c  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:43:58.0475 0x0d9c  athr - ok
19:43:58.0747 0x0d9c  [ C5758BF1DFD762A5B17041FF061B7750, BA732E670536C73523DA0880485E5028C682FBEAF048F564EB626DA61364CAAD ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:43:59.0096 0x0d9c  atikmdag - ok
19:43:59.0206 0x0d9c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:43:59.0299 0x0d9c  AudioEndpointBuilder - ok
19:43:59.0322 0x0d9c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:43:59.0368 0x0d9c  AudioSrv - ok
19:43:59.0426 0x0d9c  [ 8DFA2EC772F97ED02B384DB88641B367, 0EE176D4DCD005E541A6E66C1C33FE7DB11CEA92BEC03017FC3544BF4E4458A7 ] AVM IGD CTRL Service C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
19:43:59.0454 0x0d9c  AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic ( 1 )
19:44:01.0995 0x0d9c  Detect skipped due to KSN trusted
19:44:01.0996 0x0d9c  AVM IGD CTRL Service - ok
19:44:02.0087 0x0d9c  [ 9BD46C1D2F33A890B7226EDF543F18AA, 9AD05E61F501D2D89554AA5A6BFF1F272FE6B0DED4E43FC8F621F0AF30C859B1 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
19:44:02.0132 0x0d9c  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
19:44:05.0091 0x0d9c  Detect skipped due to KSN trusted
19:44:05.0092 0x0d9c  AVM WLAN Connection Service - ok
19:44:05.0153 0x0d9c  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
19:44:05.0227 0x0d9c  avmeject - ok
19:44:05.0292 0x0d9c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:44:05.0394 0x0d9c  AxInstSV - ok
19:44:05.0459 0x0d9c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:44:05.0564 0x0d9c  b06bdrv - ok
19:44:05.0609 0x0d9c  [ 93AF5CCCE5145AA3C2F0A41E7F65149A, CAFC796517F256A51965EE9D615E0E8B5C79CE1E77C48667C3E4C929074D4F01 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:05.0655 0x0d9c  b57nd60a - ok
19:44:05.0746 0x0d9c  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
19:44:05.0909 0x0d9c  BCM43XX - ok
19:44:05.0959 0x0d9c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:44:06.0020 0x0d9c  BDESVC - ok
19:44:06.0046 0x0d9c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:44:06.0138 0x0d9c  Beep - ok
19:44:06.0278 0x0d9c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:44:06.0378 0x0d9c  BFE - ok
19:44:06.0427 0x0d9c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:44:06.0650 0x0d9c  BITS - ok
19:44:06.0687 0x0d9c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:44:06.0766 0x0d9c  blbdrive - ok
19:44:06.0804 0x0d9c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:44:06.0879 0x0d9c  bowser - ok
19:44:06.0904 0x0d9c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:44:06.0944 0x0d9c  BrFiltLo - ok
19:44:06.0959 0x0d9c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:44:07.0034 0x0d9c  BrFiltUp - ok
19:44:07.0061 0x0d9c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:44:07.0139 0x0d9c  Browser - ok
19:44:07.0177 0x0d9c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:44:07.0240 0x0d9c  Brserid - ok
19:44:07.0268 0x0d9c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:07.0337 0x0d9c  BrSerWdm - ok
19:44:07.0366 0x0d9c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:07.0418 0x0d9c  BrUsbMdm - ok
19:44:07.0447 0x0d9c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:07.0486 0x0d9c  BrUsbSer - ok
19:44:07.0519 0x0d9c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:44:07.0575 0x0d9c  BTHMODEM - ok
19:44:07.0623 0x0d9c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:44:07.0687 0x0d9c  bthserv - ok
19:44:07.0733 0x0d9c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:44:07.0803 0x0d9c  cdfs - ok
19:44:07.0848 0x0d9c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:44:07.0895 0x0d9c  cdrom - ok
19:44:07.0941 0x0d9c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:44:08.0015 0x0d9c  CertPropSvc - ok
19:44:08.0047 0x0d9c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:44:08.0096 0x0d9c  circlass - ok
19:44:08.0155 0x0d9c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
19:44:08.0220 0x0d9c  CLFS - ok
19:44:08.0315 0x0d9c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:08.0357 0x0d9c  clr_optimization_v2.0.50727_32 - ok
19:44:08.0392 0x0d9c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:08.0422 0x0d9c  clr_optimization_v2.0.50727_64 - ok
19:44:08.0535 0x0d9c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:08.0576 0x0d9c  clr_optimization_v4.0.30319_32 - ok
19:44:08.0598 0x0d9c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:08.0630 0x0d9c  clr_optimization_v4.0.30319_64 - ok
19:44:08.0683 0x0d9c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:08.0745 0x0d9c  CmBatt - ok
19:44:08.0785 0x0d9c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:44:08.0812 0x0d9c  cmdide - ok
19:44:08.0874 0x0d9c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
19:44:08.0952 0x0d9c  CNG - ok
19:44:08.0983 0x0d9c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:44:09.0010 0x0d9c  Compbatt - ok
19:44:09.0065 0x0d9c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:44:09.0155 0x0d9c  CompositeBus - ok
19:44:09.0174 0x0d9c  COMSysApp - ok
19:44:09.0198 0x0d9c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:44:09.0226 0x0d9c  crcdisk - ok
19:44:09.0274 0x0d9c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:44:09.0385 0x0d9c  CryptSvc - ok
19:44:09.0433 0x0d9c  [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
19:44:09.0467 0x0d9c  CVirtA - ok
19:44:09.0577 0x0d9c  [ 66257CB4E4FB69887CDDC71663741435, A072C2868EC3CB773F1C512C9E07D152920794969E302199E8265CFFFD3EFC2D ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:44:09.0683 0x0d9c  CVPND - ok
19:44:09.0735 0x0d9c  [ CC8E52DAA9826064BA464DBE531F2BB5, 28150B5DDB4DB42839EBB4F3672EB575373046B1676938111904290DFF6DEC8E ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
19:44:09.0769 0x0d9c  CVPNDRVA - ok
19:44:09.0836 0x0d9c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:44:09.0907 0x0d9c  DcomLaunch - ok
19:44:09.0954 0x0d9c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:44:10.0051 0x0d9c  defragsvc - ok
19:44:10.0155 0x0d9c  [ 1523251B9D8A5D84DE0CD23418847824, CD085656BE7827CE4D0C9FE7EDD61A4245AC90B26DC73A271B3977423F54353E ] de_serv         C:\Program Files (x86)\Common Files\AVM\de_serv.exe
19:44:10.0223 0x0d9c  de_serv - detected UnsignedFile.Multi.Generic ( 1 )
19:44:12.0746 0x0d9c  Detect skipped due to KSN trusted
19:44:12.0746 0x0d9c  de_serv - ok
19:44:12.0802 0x0d9c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:44:12.0874 0x0d9c  DfsC - ok
19:44:12.0917 0x0d9c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:44:13.0009 0x0d9c  Dhcp - ok
19:44:13.0121 0x0d9c  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
19:44:13.0220 0x0d9c  DiagTrack - ok
19:44:13.0254 0x0d9c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:44:13.0325 0x0d9c  discache - ok
19:44:13.0360 0x0d9c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:44:13.0389 0x0d9c  Disk - ok
19:44:13.0503 0x0d9c  [ D5BCB77BE83CF99F508943945D46343D, 00C5624CE970A05075A19168643BF6E8FA60C764333ECEC088D7FFCA10547833 ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
19:44:13.0537 0x0d9c  DKbFltr - ok
19:44:13.0584 0x0d9c  [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
19:44:13.0630 0x0d9c  DNE - ok
19:44:13.0687 0x0d9c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:44:13.0738 0x0d9c  Dnscache - ok
19:44:13.0784 0x0d9c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:44:13.0893 0x0d9c  dot3svc - ok
19:44:13.0951 0x0d9c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:44:14.0046 0x0d9c  DPS - ok
19:44:14.0108 0x0d9c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:44:14.0152 0x0d9c  drmkaud - ok
19:44:14.0222 0x0d9c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:44:14.0305 0x0d9c  DXGKrnl - ok
19:44:14.0358 0x0d9c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:44:14.0447 0x0d9c  EapHost - ok
19:44:14.0634 0x0d9c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:44:14.0860 0x0d9c  ebdrv - ok
19:44:14.0917 0x0d9c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\Windows\System32\lsass.exe
19:44:14.0996 0x0d9c  EFS - ok
19:44:15.0088 0x0d9c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:44:15.0222 0x0d9c  ehRecvr - ok
19:44:15.0262 0x0d9c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:44:15.0320 0x0d9c  ehSched - ok
19:44:15.0369 0x0d9c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:44:15.0431 0x0d9c  elxstor - ok
19:44:15.0495 0x0d9c  [ 6106653B08F4F72EEAA7F099E7C408A4, 96B77284744F8761C4F2558388E0AEE2140618B484FF53FA8B222B340D2A9C84 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
19:44:15.0544 0x0d9c  epmntdrv - detected UnsignedFile.Multi.Generic ( 1 )
19:44:18.0068 0x0d9c  Detect skipped due to KSN trusted
19:44:18.0068 0x0d9c  epmntdrv - ok
19:44:18.0231 0x0d9c  [ 7C35C6865957289D9EFE6CC73F4AB2E1, 2A57CC80CA39A6664DC271F0F159C649CB3EBA210DA4AFE20A7B6EF939ACDE8F ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:44:18.0310 0x0d9c  ePowerSvc - ok
19:44:18.0332 0x0d9c  epp64 - ok
19:44:18.0362 0x0d9c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:44:18.0435 0x0d9c  ErrDev - ok
19:44:18.0545 0x0d9c  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
19:44:18.0591 0x0d9c  EsgScanner - ok
19:44:18.0697 0x0d9c  [ 0D14D1074EA0EA01446481CD3F6F4BCC, 29A0B005994B10D5F9FA771268CB67DBABC88C9F341248C32DF4C3CAA25A782B ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
19:44:18.0737 0x0d9c  ESProtectionDriver - ok
19:44:18.0812 0x0d9c  [ 991C04A31777ED77CB92A4F96F14C2E2, 6CC2A311D8E67032D0847D70B20DCA87B52B2B7FB3C380B3A5AB6C233E955DD2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
19:44:18.0849 0x0d9c  EuGdiDrv - detected UnsignedFile.Multi.Generic ( 1 )
19:44:21.0377 0x0d9c  Detect skipped due to KSN trusted
19:44:21.0377 0x0d9c  EuGdiDrv - ok
19:44:21.0451 0x0d9c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:44:21.0569 0x0d9c  EventSystem - ok
19:44:21.0590 0x0d9c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:44:21.0670 0x0d9c  exfat - ok
19:44:21.0707 0x0d9c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:44:21.0783 0x0d9c  fastfat - ok
19:44:21.0852 0x0d9c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:44:21.0984 0x0d9c  Fax - ok
19:44:22.0007 0x0d9c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:44:22.0054 0x0d9c  fdc - ok
19:44:22.0084 0x0d9c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:44:22.0137 0x0d9c  fdPHost - ok
19:44:22.0153 0x0d9c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:44:22.0232 0x0d9c  FDResPub - ok
19:44:22.0276 0x0d9c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:44:22.0308 0x0d9c  FileInfo - ok
19:44:22.0326 0x0d9c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:44:22.0395 0x0d9c  Filetrace - ok
19:44:22.0421 0x0d9c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:22.0451 0x0d9c  flpydisk - ok
19:44:22.0491 0x0d9c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:44:22.0541 0x0d9c  FltMgr - ok
19:44:22.0628 0x0d9c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
19:44:22.0746 0x0d9c  FontCache - ok
19:44:22.0800 0x0d9c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:22.0826 0x0d9c  FontCache3.0.0.0 - ok
19:44:22.0845 0x0d9c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:44:22.0875 0x0d9c  FsDepends - ok
19:44:22.0906 0x0d9c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:44:22.0934 0x0d9c  Fs_Rec - ok
19:44:22.0995 0x0d9c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:44:23.0061 0x0d9c  fvevol - ok
19:44:23.0134 0x0d9c  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
19:44:23.0230 0x0d9c  FWLANUSB - ok
19:44:23.0260 0x0d9c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:44:23.0289 0x0d9c  gagp30kx - ok
19:44:23.0358 0x0d9c  [ 60F5579B6B33F509C52200207F79B795, 1AB99528EF65799CBA7BCF43A654698ABE37A6DB8EB9BE2AC6ED7758AF795327 ] glhfm           C:\Windows\system32\drivers\emviol.sys
19:44:23.0417 0x0d9c  glhfm - ok
19:44:23.0492 0x0d9c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:44:23.0616 0x0d9c  gpsvc - ok
19:44:23.0746 0x0d9c  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
19:44:23.0826 0x0d9c  Greg_Service - ok
19:44:23.0946 0x0d9c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:23.0985 0x0d9c  gupdate - ok
19:44:24.0016 0x0d9c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:24.0042 0x0d9c  gupdatem - ok
19:44:24.0072 0x0d9c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:44:24.0157 0x0d9c  hcw85cir - ok
19:44:24.0208 0x0d9c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:24.0295 0x0d9c  HdAudAddService - ok
19:44:24.0342 0x0d9c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:44:24.0404 0x0d9c  HDAudBus - ok
19:44:24.0423 0x0d9c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:44:24.0460 0x0d9c  HidBatt - ok
19:44:24.0481 0x0d9c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:44:24.0530 0x0d9c  HidBth - ok
19:44:24.0559 0x0d9c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:44:24.0642 0x0d9c  HidIr - ok
19:44:24.0671 0x0d9c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:44:24.0732 0x0d9c  hidserv - ok
19:44:24.0802 0x0d9c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:44:24.0875 0x0d9c  HidUsb - ok
19:44:24.0912 0x0d9c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:44:24.0989 0x0d9c  hkmsvc - ok
19:44:25.0034 0x0d9c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:25.0096 0x0d9c  HomeGroupListener - ok
19:44:25.0118 0x0d9c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:25.0162 0x0d9c  HomeGroupProvider - ok
19:44:25.0418 0x0d9c  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:44:25.0462 0x0d9c  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
19:44:27.0979 0x0d9c  Detect skipped due to KSN trusted
19:44:27.0980 0x0d9c  hpqcxs08 - ok
19:44:27.0995 0x0d9c  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:44:28.0038 0x0d9c  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
19:44:30.0555 0x0d9c  Detect skipped due to KSN trusted
19:44:30.0555 0x0d9c  hpqddsvc - ok
19:44:30.0615 0x0d9c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:44:30.0652 0x0d9c  HpSAMD - ok
19:44:30.0764 0x0d9c  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:44:30.0845 0x0d9c  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
19:44:33.0351 0x0d9c  Detect skipped due to KSN trusted
19:44:33.0352 0x0d9c  HPSLPSVC - ok
19:44:33.0486 0x0d9c  [ 1878A79551F2EDAE7EBD110AAE6D33AD, 1F409360B44AEB3A6023E953EAB350FFB3EB8322F589E2422AB312288B33A2DA ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
19:44:33.0525 0x0d9c  HPSupportSolutionsFrameworkService - ok
19:44:33.0613 0x0d9c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:44:33.0734 0x0d9c  HTTP - ok
19:44:33.0764 0x0d9c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:44:33.0792 0x0d9c  hwpolicy - ok
19:44:33.0851 0x0d9c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:44:33.0893 0x0d9c  i8042prt - ok
19:44:33.0949 0x0d9c  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:44:34.0014 0x0d9c  IAANTMON - ok
19:44:34.0043 0x0d9c  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:44:34.0076 0x0d9c  iaStor - ok
19:44:34.0124 0x0d9c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:44:34.0175 0x0d9c  iaStorV - ok
19:44:34.0266 0x0d9c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:34.0330 0x0d9c  idsvc - ok
19:44:34.0374 0x0d9c  IEEtwCollectorService - ok
19:44:34.0629 0x0d9c  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:44:35.0021 0x0d9c  igfx - ok
19:44:35.0133 0x0d9c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:44:35.0176 0x0d9c  iirsp - ok
19:44:35.0296 0x0d9c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:44:35.0443 0x0d9c  IKEEXT - ok
19:44:35.0607 0x0d9c  [ 9AA6A93852E36FE76C3F7FC2904F3B01, F4E8E7FB956B59B450F1D830597EA0FBE8F99526EB0EAA886FA21761514C9B05 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:44:35.0741 0x0d9c  IntcAzAudAddService - ok
19:44:35.0787 0x0d9c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:44:35.0814 0x0d9c  intelide - ok
19:44:35.0859 0x0d9c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:44:35.0921 0x0d9c  intelppm - ok
19:44:35.0959 0x0d9c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:44:36.0016 0x0d9c  IPBusEnum - ok
19:44:36.0047 0x0d9c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:36.0100 0x0d9c  IpFilterDriver - ok
19:44:36.0146 0x0d9c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:44:36.0194 0x0d9c  IPMIDRV - ok
19:44:36.0256 0x0d9c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:44:36.0333 0x0d9c  IPNAT - ok
19:44:36.0374 0x0d9c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:44:36.0474 0x0d9c  IRENUM - ok
19:44:36.0496 0x0d9c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:44:36.0525 0x0d9c  isapnp - ok
19:44:36.0580 0x0d9c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:44:36.0645 0x0d9c  iScsiPrt - ok
19:44:36.0693 0x0d9c  [ 249EE2D26CB1530F3BEDE0AC8B9E3099, 6EBF72DCCDC1EFCD9FE712B895D61359F46C2AF41F1EC47A3C486E79AA1BC026 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:44:36.0738 0x0d9c  k57nd60a - ok
19:44:36.0775 0x0d9c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:44:36.0804 0x0d9c  kbdclass - ok
19:44:36.0845 0x0d9c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:44:36.0914 0x0d9c  kbdhid - ok
19:44:36.0939 0x0d9c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\Windows\system32\lsass.exe
19:44:36.0969 0x0d9c  KeyIso - ok
19:44:37.0001 0x0d9c  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:44:37.0031 0x0d9c  KSecDD - ok
19:44:37.0052 0x0d9c  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:44:37.0085 0x0d9c  KSecPkg - ok
19:44:37.0125 0x0d9c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:44:37.0193 0x0d9c  ksthunk - ok
19:44:37.0248 0x0d9c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:44:37.0351 0x0d9c  KtmRm - ok
19:44:37.0393 0x0d9c  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
19:44:37.0446 0x0d9c  L1E - ok
19:44:37.0507 0x0d9c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:44:37.0621 0x0d9c  LanmanServer - ok
19:44:37.0658 0x0d9c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:37.0724 0x0d9c  LanmanWorkstation - ok
19:44:37.0782 0x0d9c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:44:37.0836 0x0d9c  lltdio - ok
19:44:37.0882 0x0d9c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:44:37.0973 0x0d9c  lltdsvc - ok
19:44:38.0001 0x0d9c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:44:38.0077 0x0d9c  lmhosts - ok
19:44:38.0123 0x0d9c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:44:38.0154 0x0d9c  LSI_FC - ok
19:44:38.0171 0x0d9c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:44:38.0204 0x0d9c  LSI_SAS - ok
19:44:38.0224 0x0d9c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:44:38.0255 0x0d9c  LSI_SAS2 - ok
19:44:38.0290 0x0d9c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:44:38.0322 0x0d9c  LSI_SCSI - ok
19:44:38.0357 0x0d9c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:44:38.0446 0x0d9c  luafv - ok
19:44:38.0554 0x0d9c  [ D1A1B58EA0D689E0D39805782122AEA3, A746270129EA073C0E3D801334F10E14F19A06C5C7F891294692B18120D3CA33 ] MbaeSvc         C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
19:44:38.0616 0x0d9c  MbaeSvc - ok
19:44:38.0659 0x0d9c  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:44:38.0685 0x0d9c  MBAMProtector - ok
19:44:38.0778 0x0d9c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
19:44:38.0857 0x0d9c  MBAMService - ok
19:44:38.0882 0x0d9c  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
19:44:38.0910 0x0d9c  MBAMWebAccessControl - ok
19:44:38.0969 0x0d9c  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
19:44:39.0005 0x0d9c  mcdbus - ok
19:44:39.0055 0x0d9c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:44:39.0089 0x0d9c  Mcx2Svc - ok
19:44:39.0129 0x0d9c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:44:39.0159 0x0d9c  megasas - ok
19:44:39.0192 0x0d9c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:44:39.0241 0x0d9c  MegaSR - ok
19:44:39.0274 0x0d9c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:44:39.0348 0x0d9c  MMCSS - ok
19:44:39.0380 0x0d9c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:44:39.0434 0x0d9c  Modem - ok
19:44:39.0462 0x0d9c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:44:39.0508 0x0d9c  monitor - ok
19:44:39.0557 0x0d9c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:44:39.0586 0x0d9c  mouclass - ok
19:44:39.0604 0x0d9c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:44:39.0651 0x0d9c  mouhid - ok
19:44:39.0691 0x0d9c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:44:39.0721 0x0d9c  mountmgr - ok
19:44:39.0798 0x0d9c  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:39.0837 0x0d9c  MozillaMaintenance - ok
19:44:39.0899 0x0d9c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:44:39.0946 0x0d9c  mpio - ok
19:44:39.0981 0x0d9c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:44:40.0038 0x0d9c  mpsdrv - ok
19:44:40.0148 0x0d9c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:44:40.0303 0x0d9c  MpsSvc - ok
19:44:40.0366 0x0d9c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:44:40.0446 0x0d9c  MRxDAV - ok
19:44:40.0476 0x0d9c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:40.0553 0x0d9c  mrxsmb - ok
19:44:40.0593 0x0d9c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:40.0644 0x0d9c  mrxsmb10 - ok
19:44:40.0660 0x0d9c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:40.0693 0x0d9c  mrxsmb20 - ok
19:44:40.0726 0x0d9c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:44:40.0753 0x0d9c  msahci - ok
19:44:40.0787 0x0d9c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:44:40.0818 0x0d9c  msdsm - ok
19:44:40.0854 0x0d9c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:44:40.0913 0x0d9c  MSDTC - ok
19:44:40.0983 0x0d9c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:44:41.0045 0x0d9c  Msfs - ok
19:44:41.0078 0x0d9c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:44:41.0146 0x0d9c  mshidkmdf - ok
19:44:41.0180 0x0d9c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:44:41.0207 0x0d9c  msisadrv - ok
19:44:41.0245 0x0d9c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:44:41.0303 0x0d9c  MSiSCSI - ok
19:44:41.0312 0x0d9c  msiserver - ok
19:44:41.0345 0x0d9c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:44:41.0413 0x0d9c  MSKSSRV - ok
19:44:41.0430 0x0d9c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:41.0484 0x0d9c  MSPCLOCK - ok
19:44:41.0503 0x0d9c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:44:41.0579 0x0d9c  MSPQM - ok
19:44:41.0636 0x0d9c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:44:41.0694 0x0d9c  MsRPC - ok
19:44:41.0746 0x0d9c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:44:41.0783 0x0d9c  mssmbios - ok
19:44:41.0804 0x0d9c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:44:41.0864 0x0d9c  MSTEE - ok
19:44:41.0887 0x0d9c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:44:41.0928 0x0d9c  MTConfig - ok
19:44:41.0954 0x0d9c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:44:41.0983 0x0d9c  Mup - ok
19:44:42.0029 0x0d9c  [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:44:42.0054 0x0d9c  mwlPSDFilter - ok
19:44:42.0066 0x0d9c  [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:44:42.0091 0x0d9c  mwlPSDNServ - ok
19:44:42.0113 0x0d9c  [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:44:42.0138 0x0d9c  mwlPSDVDisk - ok
19:44:42.0207 0x0d9c  [ 0F5FAAC852DB4C340B7A2F187E3358B8, 859A077C03AA244918F3E7BF7A63BD422C1C085EEDEE2C25FE4BC068E5D72484 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
19:44:42.0253 0x0d9c  MWLService - ok
19:44:42.0331 0x0d9c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:44:42.0462 0x0d9c  napagent - ok
19:44:42.0527 0x0d9c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:44:42.0624 0x0d9c  NativeWifiP - ok
19:44:42.0709 0x0d9c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:44:42.0794 0x0d9c  NDIS - ok
19:44:42.0834 0x0d9c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:42.0905 0x0d9c  NdisCap - ok
19:44:42.0939 0x0d9c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:43.0011 0x0d9c  NdisTapi - ok
19:44:43.0076 0x0d9c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:43.0145 0x0d9c  Ndisuio - ok
19:44:43.0184 0x0d9c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:43.0269 0x0d9c  NdisWan - ok
19:44:43.0295 0x0d9c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:44:43.0389 0x0d9c  NDProxy - ok
19:44:43.0481 0x0d9c  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:44:43.0514 0x0d9c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:44:46.0019 0x0d9c  Detect skipped due to KSN trusted
19:44:46.0019 0x0d9c  Net Driver HPZ12 - ok
19:44:46.0074 0x0d9c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:44:46.0130 0x0d9c  NetBIOS - ok
19:44:46.0180 0x0d9c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:44:46.0292 0x0d9c  NetBT - ok
19:44:46.0316 0x0d9c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\Windows\system32\lsass.exe
19:44:46.0347 0x0d9c  Netlogon - ok
19:44:46.0395 0x0d9c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:44:46.0499 0x0d9c  Netman - ok
19:44:46.0574 0x0d9c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:46.0615 0x0d9c  NetMsmqActivator - ok
19:44:46.0639 0x0d9c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:46.0672 0x0d9c  NetPipeActivator - ok
19:44:46.0694 0x0d9c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:44:46.0778 0x0d9c  netprofm - ok
19:44:46.0802 0x0d9c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:46.0836 0x0d9c  NetTcpActivator - ok
19:44:46.0849 0x0d9c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:46.0886 0x0d9c  NetTcpPortSharing - ok
19:44:46.0922 0x0d9c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:44:46.0953 0x0d9c  nfrd960 - ok
19:44:47.0068 0x0d9c  [ 2FF6B48563AAFC12BB8CE2B4E4D7C65F, AAA77EBD643D4EE7EF40E9388CC6F8EA9AC19E491DDE64A8D8B0CAD666B21C94 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
19:44:47.0102 0x0d9c  NitroReaderDriverReadSpool3 - ok
19:44:47.0156 0x0d9c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:44:47.0250 0x0d9c  NlaSvc - ok
19:44:47.0276 0x0d9c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:44:47.0358 0x0d9c  Npfs - ok
19:44:47.0397 0x0d9c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:44:47.0469 0x0d9c  nsi - ok
19:44:47.0517 0x0d9c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:44:47.0591 0x0d9c  nsiproxy - ok
19:44:47.0700 0x0d9c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:44:47.0825 0x0d9c  Ntfs - ok
19:44:47.0912 0x0d9c  [ 70E3EB0CEF795D348F05E5A9B115F491, F62FF02A34416E027BDE57DD54C436CE29CB83758B9DAB24BD6E042BB6A335B8 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
19:44:47.0951 0x0d9c  NTI IScheduleSvc - ok
19:44:48.0006 0x0d9c  [ FD324CCE1D4D5BB5AF65F8E55B462C7E, 901287499F33EFD3B1EE6CBDAD4E4DD342DC62FCDCCEF5375CB9D7B0673EE1E6 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:44:48.0043 0x0d9c  NTIBackupSvc - ok
19:44:48.0087 0x0d9c  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:44:48.0112 0x0d9c  NTIDrvr - ok
19:44:48.0184 0x0d9c  [ 3F6268A2EC33CD38CF75C880AF8DED42, 6CA4A527878042C3BB40A7C0F4F9434827C7E60F989EB7C39BBAD0F270404EEE ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:44:48.0230 0x0d9c  NTISchedulerSvc - ok
19:44:48.0265 0x0d9c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:44:48.0361 0x0d9c  Null - ok
19:44:48.0406 0x0d9c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:44:48.0437 0x0d9c  nvraid - ok
19:44:48.0494 0x0d9c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:44:48.0535 0x0d9c  nvstor - ok
19:44:48.0580 0x0d9c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:44:48.0620 0x0d9c  nv_agp - ok
19:44:48.0751 0x0d9c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:44:48.0825 0x0d9c  odserv - ok
19:44:48.0874 0x0d9c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:44:48.0917 0x0d9c  ohci1394 - ok
19:44:48.0969 0x0d9c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:44:48.0997 0x0d9c  ose - ok
19:44:49.0036 0x0d9c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:44:49.0098 0x0d9c  p2pimsvc - ok
19:44:49.0128 0x0d9c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:44:49.0206 0x0d9c  p2psvc - ok
19:44:49.0255 0x0d9c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:44:49.0288 0x0d9c  Parport - ok
19:44:49.0317 0x0d9c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:44:49.0347 0x0d9c  partmgr - ok
19:44:49.0392 0x0d9c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:44:49.0487 0x0d9c  PcaSvc - ok
19:44:49.0521 0x0d9c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:44:49.0554 0x0d9c  pci - ok
19:44:49.0590 0x0d9c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:44:49.0618 0x0d9c  pciide - ok
19:44:49.0642 0x0d9c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:44:49.0676 0x0d9c  pcmcia - ok
19:44:49.0694 0x0d9c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:44:49.0722 0x0d9c  pcw - ok
19:44:49.0782 0x0d9c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:44:49.0869 0x0d9c  PEAUTH - ok
19:44:49.0968 0x0d9c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:44:50.0027 0x0d9c  PerfHost - ok
19:44:50.0149 0x0d9c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:44:50.0265 0x0d9c  pla - ok
19:44:50.0339 0x0d9c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:44:50.0415 0x0d9c  PlugPlay - ok
19:44:50.0464 0x0d9c  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:44:50.0485 0x0d9c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:44:53.0018 0x0d9c  Detect skipped due to KSN trusted
19:44:53.0018 0x0d9c  Pml Driver HPZ12 - ok
19:44:53.0058 0x0d9c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:44:53.0141 0x0d9c  PNRPAutoReg - ok
19:44:53.0181 0x0d9c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:44:53.0219 0x0d9c  PNRPsvc - ok
19:44:53.0280 0x0d9c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:44:53.0388 0x0d9c  PolicyAgent - ok
19:44:53.0435 0x0d9c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:44:53.0496 0x0d9c  Power - ok
19:44:53.0552 0x0d9c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:44:53.0624 0x0d9c  PptpMiniport - ok
19:44:53.0658 0x0d9c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:44:53.0706 0x0d9c  Processor - ok
19:44:53.0751 0x0d9c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:44:53.0817 0x0d9c  ProfSvc - ok
19:44:53.0839 0x0d9c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:53.0869 0x0d9c  ProtectedStorage - ok
19:44:53.0915 0x0d9c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:44:53.0971 0x0d9c  Psched - ok
19:44:54.0030 0x0d9c  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
19:44:54.0060 0x0d9c  pwdrvio - ok
19:44:54.0104 0x0d9c  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
19:44:54.0131 0x0d9c  pwdspio - ok
19:44:54.0247 0x0d9c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:44:54.0399 0x0d9c  ql2300 - ok
19:44:54.0442 0x0d9c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:44:54.0474 0x0d9c  ql40xx - ok
19:44:54.0517 0x0d9c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:44:54.0563 0x0d9c  QWAVE - ok
19:44:54.0587 0x0d9c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:44:54.0636 0x0d9c  QWAVEdrv - ok
19:44:54.0666 0x0d9c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:44:54.0736 0x0d9c  RasAcd - ok
19:44:54.0786 0x0d9c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:54.0866 0x0d9c  RasAgileVpn - ok
19:44:54.0903 0x0d9c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:44:55.0008 0x0d9c  RasAuto - ok
19:44:55.0042 0x0d9c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:55.0111 0x0d9c  Rasl2tp - ok
19:44:55.0160 0x0d9c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:44:55.0250 0x0d9c  RasMan - ok
19:44:55.0284 0x0d9c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:55.0381 0x0d9c  RasPppoe - ok
19:44:55.0401 0x0d9c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:44:55.0483 0x0d9c  RasSstp - ok
19:44:55.0533 0x0d9c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:44:55.0616 0x0d9c  rdbss - ok
19:44:55.0654 0x0d9c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:44:55.0703 0x0d9c  rdpbus - ok
19:44:55.0741 0x0d9c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:55.0807 0x0d9c  RDPCDD - ok
19:44:55.0853 0x0d9c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:44:55.0924 0x0d9c  RDPENCDD - ok
19:44:55.0971 0x0d9c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:44:56.0037 0x0d9c  RDPREFMP - ok
19:44:56.0141 0x0d9c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:44:56.0202 0x0d9c  RdpVideoMiniport - ok
19:44:56.0253 0x0d9c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:44:56.0351 0x0d9c  RDPWD - ok
19:44:56.0398 0x0d9c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:44:56.0431 0x0d9c  rdyboost - ok
19:44:56.0464 0x0d9c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:44:56.0521 0x0d9c  RemoteAccess - ok
19:44:56.0559 0x0d9c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:44:56.0641 0x0d9c  RemoteRegistry - ok
19:44:56.0670 0x0d9c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:44:56.0726 0x0d9c  RpcEptMapper - ok
19:44:56.0768 0x0d9c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:44:56.0811 0x0d9c  RpcLocator - ok
19:44:56.0860 0x0d9c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:44:56.0926 0x0d9c  RpcSs - ok
19:44:56.0963 0x0d9c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:44:57.0040 0x0d9c  rspndr - ok
19:44:57.0095 0x0d9c  [ 2DB8116D52B19216812C4E6D5D837810, 00A524FF80DE69B6B6CA767C90723E833891C006AB43E65A1F6F14C38B8F2427 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
19:44:57.0174 0x0d9c  RSUSBSTOR - ok
19:44:57.0206 0x0d9c  RtsUIR - ok
19:44:57.0238 0x0d9c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\Windows\system32\lsass.exe
19:44:57.0270 0x0d9c  SamSs - ok
19:44:57.0311 0x0d9c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:44:57.0341 0x0d9c  sbp2port - ok
19:44:57.0377 0x0d9c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:44:57.0451 0x0d9c  SCardSvr - ok
19:44:57.0496 0x0d9c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:44:57.0578 0x0d9c  scfilter - ok
19:44:57.0674 0x0d9c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:44:57.0797 0x0d9c  Schedule - ok
19:44:57.0840 0x0d9c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:44:57.0893 0x0d9c  SCPolicySvc - ok
19:44:57.0932 0x0d9c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:44:57.0984 0x0d9c  SDRSVC - ok
19:44:58.0023 0x0d9c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:44:58.0127 0x0d9c  secdrv - ok
19:44:58.0155 0x0d9c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:44:58.0219 0x0d9c  seclogon - ok
19:44:58.0249 0x0d9c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:44:58.0305 0x0d9c  SENS - ok
19:44:58.0325 0x0d9c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:44:58.0396 0x0d9c  SensrSvc - ok
19:44:58.0433 0x0d9c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:44:58.0463 0x0d9c  Serenum - ok
19:44:58.0497 0x0d9c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:44:58.0539 0x0d9c  Serial - ok
19:44:58.0576 0x0d9c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:44:58.0627 0x0d9c  sermouse - ok
19:44:58.0702 0x0d9c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:44:58.0776 0x0d9c  SessionEnv - ok
19:44:58.0824 0x0d9c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:44:58.0866 0x0d9c  sffdisk - ok
19:44:58.0893 0x0d9c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:44:58.0922 0x0d9c  sffp_mmc - ok
19:44:58.0947 0x0d9c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:44:58.0979 0x0d9c  sffp_sd - ok
19:44:59.0008 0x0d9c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:44:59.0050 0x0d9c  sfloppy - ok
19:44:59.0121 0x0d9c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:44:59.0226 0x0d9c  SharedAccess - ok
19:44:59.0271 0x0d9c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:59.0379 0x0d9c  ShellHWDetection - ok
19:44:59.0407 0x0d9c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:44:59.0435 0x0d9c  SiSRaid2 - ok
19:44:59.0473 0x0d9c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:44:59.0502 0x0d9c  SiSRaid4 - ok
19:44:59.0533 0x0d9c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:44:59.0595 0x0d9c  Smb - ok
19:44:59.0662 0x0d9c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:44:59.0710 0x0d9c  SNMPTRAP - ok
19:44:59.0748 0x0d9c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:44:59.0775 0x0d9c  spldr - ok
19:44:59.0830 0x0d9c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:44:59.0930 0x0d9c  Spooler - ok
19:45:00.0087 0x0d9c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:45:00.0300 0x0d9c  sppsvc - ok
19:45:00.0354 0x0d9c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:45:00.0423 0x0d9c  sppuinotify - ok
19:45:00.0538 0x0d9c  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\system32\Drivers\sptd.sys
19:45:00.0539 0x0d9c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
19:45:00.0542 0x0d9c  sptd - detected LockedFile.Multi.Generic ( 1 )
19:45:06.0137 0x0d9c  Detect skipped due to KSN trusted
19:45:06.0137 0x0d9c  sptd - ok
19:45:06.0207 0x0d9c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:45:06.0327 0x0d9c  srv - ok
19:45:06.0369 0x0d9c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:45:06.0452 0x0d9c  srv2 - ok
19:45:06.0496 0x0d9c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:45:06.0540 0x0d9c  srvnet - ok
19:45:06.0585 0x0d9c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:45:06.0646 0x0d9c  SSDPSRV - ok
19:45:06.0666 0x0d9c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:45:06.0735 0x0d9c  SstpSvc - ok
19:45:06.0782 0x0d9c  Steam Client Service - ok
19:45:06.0819 0x0d9c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:45:06.0847 0x0d9c  stexstor - ok
19:45:06.0903 0x0d9c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:45:06.0987 0x0d9c  stisvc - ok
19:45:07.0028 0x0d9c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:45:07.0056 0x0d9c  swenum - ok
19:45:07.0105 0x0d9c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:45:07.0209 0x0d9c  swprv - ok
19:45:07.0249 0x0d9c  [ BCF305959B53B200CEB2AD25AD22F8A7, 74F71313A87C1FDDE2B373EA8D30346D47669CAA7CCE83AB6F8452C268F65787 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:45:07.0281 0x0d9c  SynTP - ok
19:45:07.0380 0x0d9c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:45:07.0534 0x0d9c  SysMain - ok
19:45:07.0572 0x0d9c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:45:07.0612 0x0d9c  TabletInputService - ok
19:45:07.0663 0x0d9c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:45:07.0771 0x0d9c  TapiSrv - ok
19:45:07.0808 0x0d9c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:45:07.0864 0x0d9c  TBS - ok
19:45:07.0982 0x0d9c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:45:08.0107 0x0d9c  Tcpip - ok
19:45:08.0181 0x0d9c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:45:08.0257 0x0d9c  TCPIP6 - ok
19:45:08.0316 0x0d9c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:45:08.0393 0x0d9c  tcpipreg - ok
19:45:08.0442 0x0d9c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:45:08.0482 0x0d9c  TDPIPE - ok
19:45:08.0516 0x0d9c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:45:08.0561 0x0d9c  TDTCP - ok
19:45:08.0606 0x0d9c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:45:08.0663 0x0d9c  tdx - ok
19:45:08.0708 0x0d9c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:45:08.0748 0x0d9c  TermDD - ok
19:45:08.0830 0x0d9c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:45:08.0949 0x0d9c  TermService - ok
19:45:08.0973 0x0d9c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:45:09.0011 0x0d9c  Themes - ok
19:45:09.0061 0x0d9c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:45:09.0116 0x0d9c  THREADORDER - ok
19:45:09.0142 0x0d9c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:45:09.0201 0x0d9c  TrkWks - ok
19:45:09.0268 0x0d9c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:09.0360 0x0d9c  TrustedInstaller - ok
19:45:09.0409 0x0d9c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:09.0439 0x0d9c  tssecsrv - ok
19:45:09.0479 0x0d9c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:45:09.0551 0x0d9c  TsUsbFlt - ok
19:45:09.0591 0x0d9c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:45:09.0656 0x0d9c  tunnel - ok
19:45:09.0698 0x0d9c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:45:09.0739 0x0d9c  uagp35 - ok
19:45:09.0770 0x0d9c  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:45:09.0794 0x0d9c  UBHelper - ok
19:45:09.0826 0x0d9c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:45:09.0912 0x0d9c  udfs - ok
19:45:09.0971 0x0d9c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:45:10.0004 0x0d9c  UI0Detect - ok
19:45:10.0034 0x0d9c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:45:10.0062 0x0d9c  uliagpkx - ok
19:45:10.0098 0x0d9c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:45:10.0185 0x0d9c  umbus - ok
19:45:10.0239 0x0d9c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:45:10.0279 0x0d9c  UmPass - ok
19:45:10.0417 0x0d9c  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:45:10.0479 0x0d9c  Updater Service - ok
19:45:10.0532 0x0d9c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:45:10.0633 0x0d9c  upnphost - ok
19:45:10.0669 0x0d9c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:10.0758 0x0d9c  usbccgp - ok
19:45:10.0771 0x0d9c  USBCCID - ok
19:45:10.0817 0x0d9c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:45:10.0863 0x0d9c  usbcir - ok
19:45:10.0884 0x0d9c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:45:10.0927 0x0d9c  usbehci - ok
19:45:10.0975 0x0d9c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:45:11.0024 0x0d9c  usbhub - ok
19:45:11.0078 0x0d9c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:45:11.0127 0x0d9c  usbohci - ok
19:45:11.0180 0x0d9c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:45:11.0218 0x0d9c  usbprint - ok
19:45:11.0254 0x0d9c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
19:45:11.0325 0x0d9c  usbscan - ok
19:45:11.0368 0x0d9c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:11.0448 0x0d9c  USBSTOR - ok
19:45:11.0481 0x0d9c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:45:11.0510 0x0d9c  usbuhci - ok
19:45:11.0548 0x0d9c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:45:11.0631 0x0d9c  usbvideo - ok
19:45:11.0681 0x0d9c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:45:11.0765 0x0d9c  UxSms - ok
19:45:11.0804 0x0d9c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\Windows\system32\lsass.exe
19:45:11.0834 0x0d9c  VaultSvc - ok
19:45:11.0882 0x0d9c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:45:11.0910 0x0d9c  vdrvroot - ok
19:45:11.0966 0x0d9c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:45:12.0052 0x0d9c  vds - ok
19:45:12.0085 0x0d9c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:12.0119 0x0d9c  vga - ok
19:45:12.0147 0x0d9c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:45:12.0200 0x0d9c  VgaSave - ok
19:45:12.0256 0x0d9c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:45:12.0311 0x0d9c  vhdmp - ok
19:45:12.0365 0x0d9c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:45:12.0405 0x0d9c  viaide - ok
19:45:12.0446 0x0d9c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:45:12.0475 0x0d9c  volmgr - ok
19:45:12.0521 0x0d9c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:45:12.0570 0x0d9c  volmgrx - ok
19:45:12.0598 0x0d9c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:45:12.0634 0x0d9c  volsnap - ok
19:45:12.0676 0x0d9c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:45:12.0708 0x0d9c  vsmraid - ok
19:45:12.0800 0x0d9c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:45:12.0941 0x0d9c  VSS - ok
19:45:12.0972 0x0d9c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:13.0004 0x0d9c  vwifibus - ok
19:45:13.0028 0x0d9c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:45:13.0063 0x0d9c  vwififlt - ok
19:45:13.0112 0x0d9c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:45:13.0199 0x0d9c  W32Time - ok
19:45:13.0254 0x0d9c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:45:13.0284 0x0d9c  WacomPen - ok
19:45:13.0381 0x0d9c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:45:13.0435 0x0d9c  WANARP - ok
19:45:13.0458 0x0d9c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:45:13.0511 0x0d9c  Wanarpv6 - ok
19:45:13.0624 0x0d9c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:45:13.0778 0x0d9c  wbengine - ok
19:45:13.0820 0x0d9c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:45:13.0883 0x0d9c  WbioSrvc - ok
19:45:13.0948 0x0d9c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:45:14.0016 0x0d9c  wcncsvc - ok
19:45:14.0037 0x0d9c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:14.0094 0x0d9c  WcsPlugInService - ok
19:45:14.0124 0x0d9c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:45:14.0152 0x0d9c  Wd - ok
19:45:14.0231 0x0d9c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:45:14.0311 0x0d9c  Wdf01000 - ok
19:45:14.0372 0x0d9c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:45:14.0454 0x0d9c  WdiServiceHost - ok
19:45:14.0470 0x0d9c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:45:14.0503 0x0d9c  WdiSystemHost - ok
19:45:14.0582 0x0d9c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:45:14.0685 0x0d9c  WebClient - ok
19:45:14.0737 0x0d9c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:45:14.0822 0x0d9c  Wecsvc - ok
19:45:14.0858 0x0d9c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:45:14.0916 0x0d9c  wercplsupport - ok
19:45:14.0951 0x0d9c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:45:15.0008 0x0d9c  WerSvc - ok
19:45:15.0059 0x0d9c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:15.0112 0x0d9c  WfpLwf - ok
19:45:15.0145 0x0d9c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:45:15.0173 0x0d9c  WIMMount - ok
19:45:15.0238 0x0d9c  WinHttpAutoProxySvc - ok
19:45:15.0324 0x0d9c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:45:15.0420 0x0d9c  Winmgmt - ok
19:45:15.0536 0x0d9c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
19:45:15.0654 0x0d9c  WinRM - ok
19:45:15.0760 0x0d9c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
19:45:15.0803 0x0d9c  WinUsb - ok
19:45:15.0879 0x0d9c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:45:15.0981 0x0d9c  Wlansvc - ok
19:45:16.0043 0x0d9c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:45:16.0117 0x0d9c  WmiAcpi - ok
19:45:16.0184 0x0d9c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:45:16.0243 0x0d9c  wmiApSrv - ok
19:45:16.0307 0x0d9c  WMPNetworkSvc - ok
19:45:16.0355 0x0d9c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:45:16.0448 0x0d9c  WPCSvc - ok
19:45:16.0491 0x0d9c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:45:16.0545 0x0d9c  WPDBusEnum - ok
19:45:16.0574 0x0d9c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:45:16.0642 0x0d9c  ws2ifsl - ok
19:45:16.0706 0x0d9c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:45:16.0777 0x0d9c  wscsvc - ok
19:45:16.0791 0x0d9c  WSearch - ok
19:45:16.0951 0x0d9c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:45:17.0164 0x0d9c  wuauserv - ok
19:45:17.0207 0x0d9c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:45:17.0287 0x0d9c  WudfPf - ok
19:45:17.0337 0x0d9c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
19:45:17.0391 0x0d9c  WUDFRd - ok
19:45:17.0430 0x0d9c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:45:17.0482 0x0d9c  wudfsvc - ok
19:45:17.0542 0x0d9c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:45:17.0603 0x0d9c  WwanSvc - ok
19:45:17.0640 0x0d9c  ZAPrivacyService - ok
19:45:17.0745 0x0d9c  ================ Scan global ===============================
19:45:17.0779 0x0d9c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:45:17.0822 0x0d9c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
19:45:17.0857 0x0d9c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
19:45:17.0888 0x0d9c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:45:17.0939 0x0d9c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
19:45:17.0972 0x0d9c  [ Global ] - ok
19:45:17.0973 0x0d9c  ================ Scan MBR ==================================
19:45:17.0993 0x0d9c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:45:18.0373 0x0d9c  \Device\Harddisk0\DR0 - ok
19:45:18.0380 0x0d9c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:45:18.0472 0x0d9c  \Device\Harddisk1\DR1 - ok
19:45:18.0473 0x0d9c  ================ Scan VBR ==================================
19:45:18.0477 0x0d9c  [ 8B0D31AA39380AF8334BDBB7E1ECE41A ] \Device\Harddisk0\DR0\Partition1
19:45:18.0503 0x0d9c  \Device\Harddisk0\DR0\Partition1 - ok
19:45:18.0508 0x0d9c  [ 555CDFD19D850D24AC8CE07AE25D2916 ] \Device\Harddisk0\DR0\Partition2
19:45:18.0511 0x0d9c  \Device\Harddisk0\DR0\Partition2 - ok
19:45:18.0518 0x0d9c  [ C333808073EC96A8BB1C0D3693A037FF ] \Device\Harddisk1\DR1\Partition1
19:45:18.0520 0x0d9c  \Device\Harddisk1\DR1\Partition1 - ok
19:45:18.0521 0x0d9c  ================ Scan generic autorun ======================
19:45:18.0571 0x0d9c  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
19:45:18.0621 0x0d9c  IAAnotif - ok
19:45:18.0697 0x0d9c  [ EAEB34D06AC35097031B0F11595012D7, 5203574367A8FCD9F708CC02A868991D40E4508EE39E6D662F65AD65E9B7E3A0 ] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
19:45:18.0757 0x0d9c  mwlDaemon - ok
19:45:19.0076 0x0d9c  [ 901A91A3527F4F5212CF6B03C21DAD82, 246BF06652DEA48DCC486496587E08FCA3F45A0EDEFFAE13251514CE6C46ED4B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:45:19.0439 0x0d9c  RtHDVCpl - ok
19:45:19.0458 0x0d9c  SynTPEnh - ok
19:45:19.0527 0x0d9c  [ 2F2DF068BED6E62E4C007DF7446B4F19, 96FE78E2B8BD067B7378ECDF1E74939C71EFFBF09B2C184361650DBF4ED0FCC3 ] C:\Windows\PLFSetI.exe
19:45:19.0562 0x0d9c  PLFSetI - detected UnsignedFile.Multi.Generic ( 1 )
19:45:22.0061 0x0d9c  Detect skipped due to KSN trusted
19:45:22.0061 0x0d9c  PLFSetI - ok
19:45:22.0163 0x0d9c  [ 0C4F4CFFA3A613D175BB25728514C0C4, 6CE71BF4CDD6F954AABDACD716A7716D28E737D328C88AE53C5501D8BD5191F6 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
19:45:22.0240 0x0d9c  Acer ePower Management - ok
19:45:22.0333 0x0d9c  [ 4EDB929F6875F60B95FD475016FF2228, 7680B45925664799EF854999CFE66F194DE7D7237EE1C9F29F7AB0EE227C201A ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
19:45:22.0391 0x0d9c  BackupManagerTray - ok
19:45:22.0451 0x0d9c  [ EF533F9D1E4F51C783D4349A7C3F518F, 5A4B84CFC96F13AF4B5EC1F693152A37DA37FC08150EE37913EC5D6EEEFD490E ] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
19:45:22.0508 0x0d9c  EgisTecLiveUpdate - ok
19:45:22.0585 0x0d9c  [ CABF1DF6108BDE0EA1FDFAA67FA02760, 2CEB8E3C2A222C7542B5108DE8280956A12496497FA65709E3830AF8B8141DD5 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:45:22.0598 0x0d9c  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
19:45:25.0099 0x0d9c  Detect skipped due to KSN trusted
19:45:25.0099 0x0d9c  StartCCC - ok
19:45:25.0210 0x0d9c  [ C7A9C4FDCEA704A34A5997FE0A8A0A38, 3303348ACE125E7BBBD74FE76596C3C7019F9B2C92538D6B7C1F03D91FED1564 ] C:\Program Files (x86)\Launch Manager\LManager.exe
19:45:25.0297 0x0d9c  LManager - ok
19:45:25.0328 0x0d9c  [ 00892B52634940C19ED46FC6CDA52FF1, 6ACDC0F973E720D0E8C8F932C96242D26D43C2F2209B1A8D50434DDE94B358A6 ] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
19:45:25.0356 0x0d9c  ArcadeDeluxeAgent - ok
19:45:25.0387 0x0d9c  [ 96CA717D3295B88EEF14CFEE0636F1CD, 2BF75209ED28D545F3B37FC810869AD3CF63C719E2ACF33A23DCCEF16B66E280 ] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
19:45:25.0415 0x0d9c  PlayMovie - ok
19:45:25.0477 0x0d9c  [ 2819C34E9764437E9496E8B3B16C9547, 5BD387CA0621FEC5A44176207587EB4FC4046A5127E11541280E6ACA7374880B ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
19:45:25.0536 0x0d9c  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
19:45:28.0057 0x0d9c  Detect skipped due to KSN trusted
19:45:28.0057 0x0d9c  FreePDF Assistant - ok
19:45:28.0195 0x0d9c  [ 851383DAEF93961E9868A1474AFFEEBD, 6262E7FF3D356FA4FC9523D941A0D9B09E7450AA466EA6063A0C264F1B99F1AE ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
19:45:28.0305 0x0d9c  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
19:45:30.0831 0x0d9c  Detect skipped due to KSN trusted
19:45:30.0831 0x0d9c  AVMWlanClient - ok
19:45:30.0891 0x0d9c  [ 626EF794DC2BB9F791CC18543DE8D890, 7D197BB48BF8B4FDF3E6D571046F18115034D885F2BB918CC70976C306B1323D ] C:\Program Files (x86)\pdf24\pdf24.exe
19:45:30.0922 0x0d9c  PDFPrint - ok
19:45:30.0985 0x0d9c  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:45:31.0029 0x0d9c  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
19:45:33.0529 0x0d9c  Detect skipped due to KSN trusted
19:45:33.0529 0x0d9c  QuickTime Task - ok
19:45:33.0708 0x0d9c  [ 511094F4CA43ED5D98B6BCFA7EE01554, 308DA64308F50B9D3230D97216F3893577F04EFDC007338248242AE548290FDC ] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
19:45:33.0853 0x0d9c  EaseUS EPM tray - detected UnsignedFile.Multi.Generic ( 1 )
19:45:36.0376 0x0d9c  Detect skipped due to KSN trusted
19:45:36.0376 0x0d9c  EaseUS EPM tray - ok
19:45:36.0642 0x0d9c  [ 72860972F8196EBB3C896F53D2B95470, 95C046A66DD0089377867F073CADCE585B7C69CA23E724DCAD9D896BF01E023D ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
19:45:36.0658 0x0d9c  hpqSRMon - detected UnsignedFile.Multi.Generic ( 1 )
19:45:39.0190 0x0d9c  Detect skipped due to KSN trusted
19:45:39.0190 0x0d9c  hpqSRMon - ok
19:45:39.0295 0x0d9c  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
19:45:39.0338 0x0d9c  HP Software Update - ok
19:45:39.0430 0x0d9c  [ B83BD7A2C8C2C03D06859C9C46358DE7, AF98857469943E6DF8B47B079D72D41F3BE89C2444B25EE80EE4536A80058CD6 ] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe
19:45:39.0467 0x0d9c   Malwarebytes Anti-Malware  (cleanup) - ok
19:45:39.0471 0x0d9c  GrpConv - ok
19:45:39.0580 0x0d9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:39.0735 0x0d9c  Sidebar - ok
19:45:39.0775 0x0d9c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:39.0824 0x0d9c  mctadmin - ok
19:45:39.0860 0x0d9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:39.0918 0x0d9c  Sidebar - ok
19:45:39.0927 0x0d9c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:39.0964 0x0d9c  mctadmin - ok
19:45:40.0315 0x0d9c  [ 09266319529C342813EA013E24200568, DEC1DCC14CD08304CF502FE4AD5CC188982705BF7D642A8E0EA239F6CB0CE57D ] C:\Program Files (x86)\CCleaner\CCleaner64.exe
19:45:40.0548 0x0d9c  CCleaner Monitoring - ok
19:45:40.0631 0x0d9c  Ittep - ok
19:45:40.0632 0x0d9c  RGSC - ok
19:45:40.0956 0x0d9c  [ 09266319529C342813EA013E24200568, DEC1DCC14CD08304CF502FE4AD5CC188982705BF7D642A8E0EA239F6CB0CE57D ] C:\Program Files (x86)\CCleaner\CCleaner64.exe
19:45:41.0187 0x0d9c  CCleaner Monitoring - ok
19:45:41.0208 0x0d9c  Waiting for KSN requests completion. In queue: 8
19:45:42.0208 0x0d9c  Waiting for KSN requests completion. In queue: 8
19:45:43.0208 0x0d9c  Waiting for KSN requests completion. In queue: 8
19:45:44.0208 0x0d9c  Waiting for KSN requests completion. In queue: 8
19:45:45.0428 0x0d9c  Win FW state via NFP2: enabled
19:45:47.0942 0x0d9c  ============================================================
19:45:47.0942 0x0d9c  Scan finished
19:45:47.0942 0x0d9c  ============================================================
19:45:47.0963 0x0fa8  Detected object count: 0
19:45:47.0964 0x0fa8  Actual detected object count: 0
         


Alt 18.06.2015, 13:33   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten

Alt 18.06.2015, 14:28   #7
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Combofix Logfile:
Code:
ATTFilter
ComboFix 15-06-18.01 - SaschaPetsch 18.06.2015  15:03:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2092 [GMT 2:00]
ausgeführt von:: c:\users\SaschaPetsch\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\gema
c:\users\Sascha\AppData\Roaming\gema
c:\users\Sascha\AppData\Roaming\Ulfool
c:\users\Sascha\AppData\Roaming\Ulfool\aptyi.evp
c:\users\SaschaPetsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Browser Good_iels
c:\users\SaschaPetsch\AppData\Roaming\.#
c:\users\SaschaPetsch\AppData\Roaming\.#\MBX@B48@2A2770.###
c:\users\SaschaPetsch\AppData\Roaming\.#\MBX@B48@2A27A0.###
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Oleaut32.1
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-18 bis 2015-06-18  ))))))))))))))))))))))))))))))
.
.
2015-06-18 13:15 . 2015-06-18 13:15	--------	d-----w-	c:\users\Sascha\AppData\Local\temp
2015-06-18 13:15 . 2015-06-18 13:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-06-17 16:57 . 2015-06-17 17:38	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-17 16:44 . 2015-06-18 11:37	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-06-17 10:38 . 2015-06-17 10:38	--------	d-----w-	C:\RegBackup
2015-06-17 06:57 . 2015-06-17 06:57	--------	d-----w-	c:\users\SaschaPetsch\AppData\Roaming\Oracle
2015-06-17 06:54 . 2015-06-17 06:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-06-17 06:54 . 2015-06-17 06:52	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-17 06:52 . 2015-06-17 06:52	--------	d-----w-	c:\program files (x86)\Java
2015-06-17 06:16 . 2015-06-18 11:29	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-06-17 06:16 . 2015-06-17 06:30	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2015-06-17 06:16 . 2015-06-17 06:30	283248	----a-w-	c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2015-06-17 06:16 . 2015-06-17 06:30	376944	----a-w-	c:\program files (x86)\Mozilla Firefox\firefox.exe
2015-06-17 06:16 . 2015-06-17 06:30	330864	----a-w-	c:\program files (x86)\Mozilla Firefox\freebl3.dll
2015-06-17 06:16 . 2015-06-17 06:30	185432	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2015-06-17 06:16 . 2015-06-17 06:30	148080	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2015-06-17 06:16 . 2015-06-17 06:30	105072	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2015-06-17 05:15 . 2015-06-18 12:57	--------	d-----w-	c:\programdata\Malwarebytes Anti-Exploit
2015-06-17 05:15 . 2015-06-17 05:15	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Exploit
2015-06-17 05:06 . 2015-06-17 05:06	--------	d-----w-	c:\programdata\Emsisoft
2015-06-16 15:39 . 2015-06-16 16:05	--------	d-----w-	c:\users\Sascha\AppData\Roaming\HpUpdate
2015-06-16 15:37 . 2015-06-17 07:55	--------	d-----w-	c:\users\SaschaPetsch\AppData\Roaming\HpUpdate
2015-06-16 15:35 . 2015-06-16 15:35	--------	d-----w-	c:\windows\Hewlett-Packard
2015-06-16 15:32 . 2015-06-16 15:32	--------	d-----w-	c:\users\Sascha\AppData\Local\HP
2015-06-16 15:32 . 2015-06-16 15:32	--------	d-----w-	c:\users\Sascha\AppData\Roaming\HP
2015-06-16 11:19 . 2015-06-16 11:19	--------	d-----w-	c:\users\SaschaPetsch\AppData\Roaming\Yahoo!
2015-06-16 11:19 . 2015-06-16 19:15	--------	d-----w-	c:\program files (x86)\Yahoo!
2015-06-16 11:17 . 2015-06-16 11:17	--------	d-----w-	c:\programdata\HP Product Assistant
2015-06-16 11:17 . 2015-06-16 11:17	--------	d-----w-	c:\windows\SysWow64\spool
2015-06-16 11:15 . 2015-06-16 11:15	--------	d-----w-	c:\program files (x86)\Common Files\HP
2015-06-16 11:15 . 2015-06-16 11:15	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2015-06-16 11:13 . 2015-06-16 11:13	--------	d-----w-	c:\program files\HP
2015-06-16 10:01 . 2015-06-16 19:18	--------	d-----w-	c:\program files (x86)\Hp
2015-06-16 10:01 . 2015-06-16 10:01	--------	d-----w-	c:\program files (x86)\Hewlett-Packard
2015-06-16 09:49 . 2015-06-16 09:49	--------	d-----w-	c:\users\SaschaPetsch\AppData\Local\GWX
2015-06-10 06:18 . 2015-05-25 17:08	3206144	----a-w-	c:\windows\system32\win32k.sys
2015-06-10 06:13 . 2015-05-25 18:19	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-06-10 06:13 . 2015-05-25 18:19	728576	----a-w-	c:\windows\system32\kerberos.dll
2015-06-10 06:13 . 2015-05-25 18:19	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-06-10 06:13 . 2015-05-25 18:01	551424	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-06-10 06:13 . 2015-05-25 18:19	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-06-10 06:13 . 2015-05-25 18:19	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-06-01 12:38 . 2015-06-01 12:38	--------	d-----w-	c:\users\Sascha\AppData\Local\GWX
2015-05-22 15:06 . 2015-05-22 15:06	--------	d-----w-	c:\program files (x86)\Microids
2015-05-20 19:39 . 2015-05-20 20:05	47104	----a-w-	c:\windows\SysWow64\KMVIDC32.DLL
2015-05-19 21:05 . 2015-05-19 21:05	--------	d-----w-	c:\users\Sascha\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-18 12:54 . 2014-07-29 06:14	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-17 16:55 . 2014-07-29 06:13	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-17 06:42 . 2012-05-13 06:29	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-17 06:42 . 2011-07-27 10:54	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-12 05:01 . 2009-12-22 22:41	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 06:12	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-15 18:48 . 2015-05-15 18:48	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-05-01 13:17 . 2015-05-17 14:29	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-17 14:29	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 09:32	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 09:32	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 09:32	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-04-19 06:44 . 2015-04-19 06:44	442264	----a-w-	c:\windows\system32\drivers\dlaizdau.sys
2015-04-18 03:10 . 2015-05-13 09:33	460800	----a-w-	c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 09:33	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-04-14 07:37 . 2014-07-29 06:13	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2010-10-04 17:41	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 09:32	328704	----a-w-	c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 09:32	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 09:32	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 09:32	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2015-04-07 18:21 . 2013-04-23 11:42	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2015-04-07 18:21 . 2013-04-23 11:42	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2015-04-07 18:21 . 2013-04-23 11:42	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2015-03-25 03:24 . 2015-04-15 06:06	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 06:06	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 06:06	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 06:06	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 06:06	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 06:06	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 06:06	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 06:06	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 06:06	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 06:06	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 06:06	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 06:06	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 06:06	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 06:06	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 06:06	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 06:06	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"PDFPrint"="c:\program files (x86)\pdf24\pdf24.exe" [2013-06-10 162856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe" [2014-03-06 2086568]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
c:\users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\program files (x86)\FRITZ!DSL\StCenter.exe [2009-12-21 679936]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 AppObserver;Application creation observer;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 06:19	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04 06:42]
.
2015-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 06:52]
.
2015-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 06:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\SASCHA~1\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2015-06-16 13:19; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2015-06-17 08:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: !HIDDEN! 2015-06-16 13:19; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-5513-1208-7298-9440 - c:\program files (x86)\JDownloader\JDUninstall.exe
AddRemove-foxtab - c:\program files (x86)\Foxtab\1.8.12.0\uninstall.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-468609111-1792752646-2182262598-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:77,38,27,5b,ba,fb,e9,41,76,c6,d1,be,cd,bc,02,4e,c4,b9,50,30,da,
   7d,04,7f,39,1b,53,db,3f,f9,02,b4,5d,83,f0,12,f0,a8,33,a2,ca,ae,65,74,f6,db,\
"rkeysecu"=hex:51,43,8a,cc,73,28,3d,d4,36,8b,50,27,e1,e7,64,ac
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-18  15:25:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-18 13:25
.
Vor Suchlauf: 12 Verzeichnis(se), 186.692.141.056 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 187.402.014.720 Bytes frei
.
- - End Of File - - AB65896F6ABBE9A5CCFE1A5D9AB7B4C8
         
--- --- ---
5C616939100B85E558DA92B899A0FC36
[/CODE]

Alt 19.06.2015, 07:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.06.2015, 08:57   #9
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Hi,

sowohl das Basisfiltermodul als auch die Firewall lassen sich wieder starten. Super! Vielen Dank schonmal

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.06.2015
Suchlauf-Zeit: 08:41:02
Logdatei: mbam1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.19.01
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: SaschaPetsch

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 437662
Verstrichene Zeit: 32 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 19/06/2015 um 09:24:06
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : SaschaPetsch - SASCHA
# Gestarted von : C:\Users\SaschaPetsch\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


-\\ Google Chrome v43.0.2357.124


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [868 Bytes] - [19/06/2015 09:19:28]
AdwCleaner[S0].txt - [789 Bytes] - [19/06/2015 09:24:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [847  Bytes] ##########
         
--- --- ---
[/CODE]


Code:
ATTFilter
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.2 (06.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by SaschaPetsch on 19.06.2015 at  9:31:19,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\SaschaPetsch\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\SaschaPetsch\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\SaschaPetsch\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\SaschaPetsch\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2015 at  9:38:19,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SaschaPetsch (administrator) on SASCHA on 19-06-2015 09:43:06
Running from C:\Users\SaschaPetsch\Downloads
Loaded Profiles: SaschaPetsch (Available Profiles: SaschaPetsch & Sascha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\pdf24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2015-04-19]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2009-12-21]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-12-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-468609111-1792752646-2182262598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-17] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-17] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-468609111-1792752646-2182262598-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default
FF NetworkProxy: "autoconfig_url", "hxxp://proxypac.tcd.ie/accelerated_pac_base.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-468609111-1792752646-2182262598-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\SASCHA~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SaschaPetsch\AppData\Roaming\mozilla\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Extension: Ghostery - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\firefox@ghostery.com [2015-06-17]
FF Extension: OptimizeGoogle - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\optimizegoogle@optimizegoogle.com [2011-07-27]
FF Extension: WOT - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-17]
FF Extension: Long URL Please - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\longurlplease@darragh.curran.xpi [2015-06-17]
FF Extension: FlashGot - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-09-30]
FF Extension: NoScript - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-17]
FF Extension: CookieCuller - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2015-06-17]
FF Extension: Adblock Plus - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-30]
FF Extension: DownThemAll! - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-07-27]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-06-16]
FF HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Adblock Plus) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-18]
CHR Extension: (Google Search) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Ghostery) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-18]
CHR Extension: (Google Wallet) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
R2 AVM IGD CTRL Service; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) [File not signed]
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin) [File not signed]
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-15] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-11] () [File not signed]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 09:43 - 2015-06-19 09:43 - 00022658 _____ C:\Users\SaschaPetsch\Downloads\FRST.txt
2015-06-19 09:42 - 2015-06-19 09:42 - 02109952 _____ (Farbar) C:\Users\SaschaPetsch\Downloads\FRST64.exe
2015-06-19 09:38 - 2015-06-19 09:38 - 00001215 _____ C:\Users\SaschaPetsch\Desktop\JRT.txt
2015-06-19 09:30 - 2015-06-19 09:30 - 02950477 _____ (Thisisu) C:\Users\SaschaPetsch\Downloads\JRT.exe
2015-06-19 09:18 - 2015-06-19 09:18 - 02231296 _____ C:\Users\SaschaPetsch\Downloads\AdwCleaner_4.206.exe
2015-06-19 07:06 - 2015-06-19 07:06 - 00000747 _____ C:\Users\SaschaPetsch\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-19 07:05 - 2015-06-19 07:08 - 00000000 ____D C:\EEK
2015-06-19 06:59 - 2015-06-19 07:05 - 158699384 _____ C:\Users\SaschaPetsch\Downloads\EmsisoftEmergencyKit.exe
2015-06-18 15:30 - 2015-06-19 09:43 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-06-18 15:30 - 2015-06-18 15:30 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-06-18 15:30 - 2015-06-18 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-06-18 15:30 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-18 15:25 - 2015-06-18 15:25 - 00029217 _____ C:\ComboFix.txt
2015-06-18 15:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-18 15:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-18 15:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-18 14:58 - 2015-06-18 15:25 - 00000000 ____D C:\Qoobox
2015-06-18 14:57 - 2015-06-18 15:23 - 00000000 ____D C:\Windows\erdnt
2015-06-18 13:34 - 2015-06-18 20:36 - 00114688 _____ C:\Users\SaschaPetsch\AppData\Local\Temp$$_temp.mdb
2015-06-18 13:34 - 2015-06-18 20:34 - 00000064 _____ C:\Users\SaschaPetsch\AppData\Local\Temp$$_temp.ldb
2015-06-18 13:27 - 2015-06-18 13:27 - 00001155 _____ C:\Users\SaschaPetsch\Desktop\kalo.klf
2015-06-17 18:57 - 2015-06-17 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-17 18:44 - 2015-06-18 13:37 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-17 13:24 - 2015-06-17 13:25 - 02870984 _____ (ESET) C:\Users\SaschaPetsch\Downloads\esetsmartinstaller_deu.exe
2015-06-17 12:38 - 2015-06-17 12:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SASCHA-Windows-7-Home-Premium-(64-bit).dat
2015-06-17 12:38 - 2015-06-17 12:38 - 00000000 ____D C:\RegBackup
2015-06-17 08:57 - 2015-06-17 08:57 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Oracle
2015-06-17 08:54 - 2015-06-17 08:52 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-17 08:52 - 2015-06-17 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-17 08:25 - 2015-06-19 09:25 - 00009780 _____ C:\Windows\PFRO.log
2015-06-17 08:16 - 2015-06-18 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-17 08:16 - 2015-06-17 08:16 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-17 07:41 - 2015-06-17 07:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-17 07:40 - 2015-06-17 07:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-17 07:40 - 2015-06-17 07:40 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-17 07:15 - 2015-06-19 09:31 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-17 07:15 - 2015-06-17 07:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-17 07:15 - 2015-06-17 07:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-17 07:06 - 2015-06-17 07:06 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-17 06:51 - 2015-06-17 06:54 - 165906080 _____ (Emsisoft Ltd. ) C:\Users\SaschaPetsch\Downloads\EmsisoftAntiMalwareSetup.exe
2015-06-16 19:50 - 2015-06-16 19:51 - 00040969 _____ C:\Users\SaschaPetsch\Downloads\Addition.txt
2015-06-16 19:48 - 2015-06-19 09:25 - 00000504 _____ C:\Windows\setupact.log
2015-06-16 19:48 - 2015-06-16 19:48 - 00000000 _____ C:\Windows\setuperr.log
2015-06-16 17:39 - 2015-06-16 18:05 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HpUpdate
2015-06-16 17:37 - 2015-06-17 09:55 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\HpUpdate
2015-06-16 17:35 - 2015-06-16 17:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HP
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Local\HP
2015-06-16 13:19 - 2015-06-16 21:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-06-16 13:19 - 2015-06-16 13:19 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-06-16 13:19 - 2015-06-16 13:19 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Yahoo!
2015-06-16 13:18 - 2015-06-16 13:18 - 00002171 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2015-06-16 13:17 - 2015-06-16 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-16 13:17 - 2015-06-16 13:17 - 00001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-06-16 13:17 - 2015-06-16 13:17 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-06-16 13:13 - 2015-06-16 13:13 - 00000000 ____D C:\Program Files\HP
2015-06-16 12:01 - 2015-06-16 21:18 - 00000000 ____D C:\Program Files (x86)\Hp
2015-06-16 12:01 - 2015-06-16 12:01 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-16 11:49 - 2015-06-16 11:49 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\GWX
2015-06-15 17:03 - 2015-06-15 17:04 - 00000000 ____D C:\Users\Sascha\Documents\Fax
2015-06-10 08:19 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:19 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:19 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:19 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:19 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 08:19 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:19 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:19 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 08:19 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 08:19 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 08:19 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:19 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 08:19 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 08:19 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:19 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:19 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:19 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:19 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:19 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:19 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:19 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:19 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 08:19 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:19 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 08:19 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:19 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 08:19 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 08:19 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:19 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 08:19 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:19 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:19 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 08:19 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:19 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:19 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:19 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:19 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:19 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 08:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 08:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 08:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 08:13 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 08:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 08:12 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:12 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 08:12 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 08:12 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 08:12 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:12 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 08:12 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:12 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 08:12 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 08:12 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 08:12 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 08:12 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 11:04 - 2015-06-07 11:04 - 02231296 _____ C:\Users\Sascha\Downloads\adwcleaner_4.206.exe
2015-06-04 10:30 - 2015-06-04 10:30 - 01010176 _____ C:\Users\Sascha\Downloads\MicrosoftFixit50884.msi
2015-06-01 14:38 - 2015-06-01 14:38 - 00000000 ____D C:\Users\Sascha\AppData\Local\GWX
2015-05-22 17:12 - 2015-05-22 17:12 - 00002326 _____ C:\Users\Public\Desktop\Tennis Masters Series 2003.lnk
2015-05-22 17:12 - 2015-05-22 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microids
2015-05-22 17:06 - 2015-05-22 17:06 - 00000000 ____D C:\Program Files (x86)\Microids
2015-05-20 21:39 - 2015-05-20 22:05 - 00047104 _____ C:\Windows\SysWOW64\KMVIDC32.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 09:43 - 2015-04-19 13:09 - 00000000 ____D C:\FRST
2015-06-19 09:41 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 09:41 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 09:32 - 2014-09-13 15:13 - 02090004 _____ C:\Windows\WindowsUpdate.log
2015-06-19 09:26 - 2014-02-13 00:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24.job
2015-06-19 09:25 - 2015-04-19 09:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-19 09:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 09:24 - 2013-09-26 23:51 - 00000000 ____D C:\AdwCleaner
2015-06-19 09:17 - 2013-07-02 08:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 08:49 - 2012-12-04 10:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-19 08:40 - 2014-07-29 08:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 19:27 - 2014-05-01 14:30 - 00000000 ____D C:\Program Files (x86)\KaloMa
2015-06-18 15:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-18 15:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-18 13:30 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-18 13:29 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Performance
2015-06-17 18:55 - 2014-07-29 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 09:59 - 2010-07-12 13:12 - 00007061 _____ C:\ProgramData\hpzinstall.log
2015-06-17 08:55 - 2013-12-11 12:27 - 00000000 ____D C:\ProgramData\Oracle
2015-06-17 08:53 - 2013-12-10 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-17 08:43 - 2014-11-22 14:25 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\Adobe
2015-06-17 08:42 - 2012-12-04 10:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-17 08:42 - 2012-05-13 08:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-17 08:42 - 2011-07-27 12:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 08:32 - 2009-12-23 19:30 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\Mozilla
2015-06-17 08:30 - 2009-12-23 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-17 07:46 - 2009-12-21 14:10 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Adobe
2015-06-17 07:39 - 2009-08-22 07:23 - 00000000 ____D C:\ProgramData\Adobe
2015-06-17 07:39 - 2009-08-22 07:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-16 21:17 - 2015-03-11 08:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieUserList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieSiteList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieBrowserModeList
2015-06-16 18:16 - 2009-12-21 13:36 - 00083232 _____ C:\Users\SaschaPetsch\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 18:15 - 2009-07-14 06:45 - 00338896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 17:32 - 2010-10-06 14:40 - 00083232 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 13:23 - 2010-07-12 13:34 - 00235191 ____N C:\Windows\hpoins21.dat.temp
2015-06-16 13:23 - 2010-07-12 13:27 - 00235191 ____N C:\Windows\hpoins21.dat
2015-06-16 13:18 - 2010-07-12 13:12 - 00000000 ____D C:\ProgramData\HP
2015-06-15 13:03 - 2014-06-28 11:32 - 00000000 ____D C:\Users\Sascha\Desktop\PT
2015-06-13 15:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 12:45 - 2013-01-17 15:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\FRITZ!
2015-06-13 12:44 - 2009-10-14 02:43 - 00729266 _____ C:\Windows\system32\perfh007.dat
2015-06-13 12:44 - 2009-10-14 02:43 - 00159262 _____ C:\Windows\system32\perfc007.dat
2015-06-13 12:44 - 2009-07-14 07:13 - 00006264 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-13 12:36 - 2014-12-12 19:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-13 12:36 - 2014-05-06 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-13 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 07:30 - 2009-08-22 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 07:27 - 2013-08-18 07:35 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 07:01 - 2009-12-23 00:41 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 12:21 - 2009-12-21 13:36 - 00000000 ____D C:\Users\SaschaPetsch
2015-06-10 08:20 - 2013-07-02 08:53 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 15:55 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-28 09:27 - 2011-07-27 12:37 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-28 09:27 - 2010-10-04 17:11 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-05-23 07:04 - 2015-04-19 09:14 - 00000000 ____D C:\ProgramData\MFAData
2015-05-21 20:48 - 2011-09-22 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 20:36 - 2009-12-23 19:42 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 18:25 - 2015-04-07 18:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 18:25 - 2015-04-07 18:43 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2004-01-26 18:15 - 2004-01-26 18:15 - 0233472 ____R () C:\Users\SaschaPetsch\AppData\Roaming\MafiaSetup.exe
2009-12-21 16:13 - 2009-12-23 19:09 - 0000166 _____ () C:\Users\SaschaPetsch\AppData\Roaming\wklnhst.dat
2015-06-18 13:34 - 2015-06-18 20:34 - 0000064 _____ () C:\Users\SaschaPetsch\AppData\Local\Temp$$_temp.ldb
2015-06-18 13:34 - 2015-06-18 20:36 - 0114688 _____ () C:\Users\SaschaPetsch\AppData\Local\Temp$$_temp.mdb
2009-10-13 16:55 - 2009-10-13 17:00 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-07-12 13:12 - 2015-06-17 09:59 - 0007061 _____ () C:\ProgramData\hpzinstall.log

ZeroAccess:
C:\Users\Sascha\AppData\Local\4ca5590b
C:\Users\Sascha\AppData\Local\4ca5590b\@

Some files in TEMP:
====================
C:\Users\SaschaPetsch\AppData\Local\Temp\Quarantine.exe
C:\Users\SaschaPetsch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 12:57

==================== End of log ============================
         
--- --- ---

Alt 20.06.2015, 07:02   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.06.2015, 11:04   #11
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Hi,

ESET hat 6 Infektionen gefunden.

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# end=init
# utc_time=2015-06-19 08:00:45
# local_time=2015-06-19 10:00:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24401
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# end=updated
# utc_time=2015-06-19 08:04:09
# local_time=2015-06-19 10:04:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# engine=24401
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-19 11:13:46
# local_time=2015-06-19 01:13:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60743277 186342276 0 0
# scanned=226721
# found=9
# cleaned=0
# scan_time=11376
sh=BA8F31B91FB98E7B5729E1CD116E1570B1677F92 ft=1 fh=e0f206a588330d87 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\SaschaPetsch\Downloads\Setup (1).exe"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\roboot64.exe"
sh=B0F6E710AFC2330DAD651B1244F2B26539293CCA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\f5f0ed3.msi"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe"
sh=C58A1B1408B8E80092FB3E2D8BAFC470C7D0E82A ft=1 fh=74112e0692858a7c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe"
sh=6B64533C8C3ECC36AB7A468C331370CC75F9F35B ft=1 fh=547f8914c5e0165c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# end=init
# utc_time=2015-06-20 06:34:09
# local_time=2015-06-20 08:34:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24416
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# end=updated
# utc_time=2015-06-20 06:35:40
# local_time=2015-06-20 08:35:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# engine=24416
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-20 09:33:40
# local_time=2015-06-20 11:33:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60823671 186422670 0 0
# scanned=242804
# found=6
# cleaned=0
# scan_time=10680
sh=BA8F31B91FB98E7B5729E1CD116E1570B1677F92 ft=1 fh=e0f206a588330d87 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\SaschaPetsch\Downloads\Setup (1).exe"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\roboot64.exe"
sh=B0F6E710AFC2330DAD651B1244F2B26539293CCA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\f5f0ed3.msi"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe"
sh=C58A1B1408B8E80092FB3E2D8BAFC470C7D0E82A ft=1 fh=74112e0692858a7c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe"
sh=6B64533C8C3ECC36AB7A468C331370CC75F9F35B ft=1 fh=547f8914c5e0165c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe"
         

Code:
ATTFilter
   Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 18.0.0.160  
 Mozilla Firefox (38.0.5) 
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2start.exe   
 EMSISOFT Anti-Malware a2guard.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SaschaPetsch (administrator) on SASCHA on 20-06-2015 11:59:08
Running from C:\Users\SaschaPetsch\Downloads
Loaded Profiles: SaschaPetsch (Available Profiles: SaschaPetsch & Sascha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\pdf24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2015-04-19]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2009-12-21]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-12-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-468609111-1792752646-2182262598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-17] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-17] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-468609111-1792752646-2182262598-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default
FF NetworkProxy: "autoconfig_url", "hxxp://proxypac.tcd.ie/accelerated_pac_base.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-468609111-1792752646-2182262598-1000: @www.flatcast.com/FlatViewer 5.2 -> C:\Users\SASCHA~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SaschaPetsch\AppData\Roaming\mozilla\plugins\NpFv530.dll [2011-09-23] (1 mal 1 Software GmbH)
FF Extension: Ghostery - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\firefox@ghostery.com [2015-06-17]
FF Extension: OptimizeGoogle - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\optimizegoogle@optimizegoogle.com [2011-07-27]
FF Extension: WOT - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-17]
FF Extension: Long URL Please - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\longurlplease@darragh.curran.xpi [2015-06-17]
FF Extension: FlashGot - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-09-30]
FF Extension: NoScript - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-17]
FF Extension: CookieCuller - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2015-06-17]
FF Extension: Adblock Plus - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-30]
FF Extension: DownThemAll! - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-07-27]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-06-16]
FF HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Profile: C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Adblock Plus) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-18]
CHR Extension: (Google Search) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Ghostery) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-18]
CHR Extension: (Google Wallet) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
R2 AVM IGD CTRL Service; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) [File not signed]
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin) [File not signed]
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-15] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-11] () [File not signed]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 11:59 - 2015-06-20 11:59 - 00022942 _____ C:\Users\SaschaPetsch\Downloads\FRST.txt
2015-06-20 11:58 - 2015-06-20 11:58 - 02109952 _____ (Farbar) C:\Users\SaschaPetsch\Downloads\FRST64.exe
2015-06-20 11:41 - 2015-06-20 11:41 - 00852639 _____ C:\Users\SaschaPetsch\Downloads\SecurityCheck.exe
2015-06-20 08:33 - 2015-06-20 08:33 - 02870984 _____ (ESET) C:\Users\SaschaPetsch\Downloads\esetsmartinstaller_deu.exe
2015-06-19 10:00 - 2015-06-19 10:00 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-19 09:38 - 2015-06-19 09:38 - 00001215 _____ C:\Users\SaschaPetsch\Desktop\JRT.txt
2015-06-19 07:06 - 2015-06-19 07:06 - 00000747 _____ C:\Users\SaschaPetsch\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-19 07:05 - 2015-06-19 07:08 - 00000000 ____D C:\EEK
2015-06-19 06:59 - 2015-06-19 07:05 - 158699384 _____ C:\Users\SaschaPetsch\Downloads\EmsisoftEmergencyKit.exe
2015-06-18 15:30 - 2015-06-20 11:55 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-06-18 15:30 - 2015-06-18 15:30 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-06-18 15:30 - 2015-06-18 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-06-18 15:30 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-18 15:25 - 2015-06-18 15:25 - 00029217 _____ C:\ComboFix.txt
2015-06-18 15:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-18 15:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-18 15:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-18 14:58 - 2015-06-18 15:25 - 00000000 ____D C:\Qoobox
2015-06-18 14:57 - 2015-06-18 15:23 - 00000000 ____D C:\Windows\erdnt
2015-06-18 13:27 - 2015-06-18 13:27 - 00001155 _____ C:\Users\SaschaPetsch\Desktop\kalo.klf
2015-06-17 18:57 - 2015-06-17 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-17 18:44 - 2015-06-18 13:37 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-17 12:38 - 2015-06-17 12:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SASCHA-Windows-7-Home-Premium-(64-bit).dat
2015-06-17 12:38 - 2015-06-17 12:38 - 00000000 ____D C:\RegBackup
2015-06-17 08:57 - 2015-06-17 08:57 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Oracle
2015-06-17 08:54 - 2015-06-17 08:52 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-17 08:52 - 2015-06-17 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-17 08:25 - 2015-06-19 09:25 - 00009780 _____ C:\Windows\PFRO.log
2015-06-17 08:16 - 2015-06-18 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-17 08:16 - 2015-06-17 08:16 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-17 07:41 - 2015-06-17 07:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-17 07:40 - 2015-06-17 07:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-17 07:40 - 2015-06-17 07:40 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-17 07:15 - 2015-06-19 09:31 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-17 07:15 - 2015-06-17 07:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-17 07:15 - 2015-06-17 07:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-17 07:06 - 2015-06-17 07:06 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-17 06:51 - 2015-06-17 06:54 - 165906080 _____ (Emsisoft Ltd. ) C:\Users\SaschaPetsch\Downloads\EmsisoftAntiMalwareSetup.exe
2015-06-16 19:48 - 2015-06-19 09:25 - 00000504 _____ C:\Windows\setupact.log
2015-06-16 19:48 - 2015-06-16 19:48 - 00000000 _____ C:\Windows\setuperr.log
2015-06-16 17:39 - 2015-06-16 18:05 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HpUpdate
2015-06-16 17:37 - 2015-06-17 09:55 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\HpUpdate
2015-06-16 17:35 - 2015-06-16 17:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HP
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Local\HP
2015-06-16 13:19 - 2015-06-16 21:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-06-16 13:19 - 2015-06-16 13:19 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-06-16 13:19 - 2015-06-16 13:19 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Yahoo!
2015-06-16 13:18 - 2015-06-16 13:18 - 00002171 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2015-06-16 13:17 - 2015-06-16 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-16 13:17 - 2015-06-16 13:17 - 00001361 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-06-16 13:17 - 2015-06-16 13:17 - 00001355 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-06-16 13:13 - 2015-06-16 13:13 - 00000000 ____D C:\Program Files\HP
2015-06-16 12:01 - 2015-06-16 21:18 - 00000000 ____D C:\Program Files (x86)\Hp
2015-06-16 12:01 - 2015-06-16 12:01 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-16 11:49 - 2015-06-16 11:49 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\GWX
2015-06-15 17:03 - 2015-06-15 17:04 - 00000000 ____D C:\Users\Sascha\Documents\Fax
2015-06-10 08:19 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:19 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:19 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:19 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:19 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 08:19 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:19 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:19 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 08:19 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 08:19 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 08:19 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:19 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 08:19 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 08:19 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:19 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:19 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:19 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:19 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:19 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:19 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:19 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:19 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 08:19 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:19 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 08:19 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:19 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 08:19 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 08:19 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:19 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 08:19 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:19 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:19 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 08:19 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:19 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:19 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:19 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:19 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:19 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 08:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 08:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 08:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 08:13 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 08:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 08:12 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:12 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 08:12 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 08:12 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 08:12 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:12 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 08:12 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:12 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 08:12 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 08:12 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 08:12 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 08:12 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 11:04 - 2015-06-07 11:04 - 02231296 _____ C:\Users\Sascha\Downloads\adwcleaner_4.206.exe
2015-06-04 10:30 - 2015-06-04 10:30 - 01010176 _____ C:\Users\Sascha\Downloads\MicrosoftFixit50884.msi
2015-06-01 14:38 - 2015-06-01 14:38 - 00000000 ____D C:\Users\Sascha\AppData\Local\GWX
2015-05-22 17:12 - 2015-05-22 17:12 - 00002326 _____ C:\Users\Public\Desktop\Tennis Masters Series 2003.lnk
2015-05-22 17:12 - 2015-05-22 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microids
2015-05-22 17:06 - 2015-05-22 17:06 - 00000000 ____D C:\Program Files (x86)\Microids

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 11:59 - 2015-04-19 13:09 - 00000000 ____D C:\FRST
2015-06-20 11:49 - 2012-12-04 10:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-20 11:29 - 2014-09-13 15:13 - 01092208 _____ C:\Windows\WindowsUpdate.log
2015-06-20 11:17 - 2013-07-02 08:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 08:31 - 2009-10-14 02:43 - 00744058 _____ C:\Windows\system32\perfh007.dat
2015-06-20 08:31 - 2009-10-14 02:43 - 00163998 _____ C:\Windows\system32\perfc007.dat
2015-06-20 08:31 - 2009-07-14 07:13 - 00006264 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-20 07:17 - 2014-02-13 00:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24.job
2015-06-19 22:19 - 2014-05-01 14:30 - 00000000 ____D C:\Program Files (x86)\KaloMa
2015-06-19 15:50 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 15:50 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 09:49 - 2014-07-29 08:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 09:25 - 2015-04-19 09:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-19 09:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 15:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-18 15:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-18 13:30 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-18 13:29 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Performance
2015-06-17 18:55 - 2014-07-29 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 09:59 - 2010-07-12 13:12 - 00007061 _____ C:\ProgramData\hpzinstall.log
2015-06-17 08:55 - 2013-12-11 12:27 - 00000000 ____D C:\ProgramData\Oracle
2015-06-17 08:53 - 2013-12-10 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-17 08:43 - 2014-11-22 14:25 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\Adobe
2015-06-17 08:42 - 2012-12-04 10:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-17 08:42 - 2012-05-13 08:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-17 08:42 - 2011-07-27 12:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 08:32 - 2009-12-23 19:30 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\Mozilla
2015-06-17 08:30 - 2009-12-23 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-17 07:46 - 2009-12-21 14:10 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Adobe
2015-06-17 07:39 - 2009-08-22 07:23 - 00000000 ____D C:\ProgramData\Adobe
2015-06-17 07:39 - 2009-08-22 07:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-16 21:17 - 2015-03-11 08:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieUserList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieSiteList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieBrowserModeList
2015-06-16 18:16 - 2009-12-21 13:36 - 00083232 _____ C:\Users\SaschaPetsch\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 18:15 - 2009-07-14 06:45 - 00338896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 17:32 - 2010-10-06 14:40 - 00083232 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 13:23 - 2010-07-12 13:34 - 00235191 ____N C:\Windows\hpoins21.dat.temp
2015-06-16 13:23 - 2010-07-12 13:27 - 00235191 ____N C:\Windows\hpoins21.dat
2015-06-16 13:18 - 2010-07-12 13:12 - 00000000 ____D C:\ProgramData\HP
2015-06-15 13:03 - 2014-06-28 11:32 - 00000000 ____D C:\Users\Sascha\Desktop\PT
2015-06-13 15:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 12:45 - 2013-01-17 15:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\FRITZ!
2015-06-13 12:36 - 2014-12-12 19:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-13 12:36 - 2014-05-06 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-13 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 07:30 - 2009-08-22 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 07:27 - 2013-08-18 07:35 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 07:01 - 2009-12-23 00:41 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 12:21 - 2009-12-21 13:36 - 00000000 ____D C:\Users\SaschaPetsch
2015-06-10 08:20 - 2013-07-02 08:53 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 15:55 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-28 09:27 - 2011-07-27 12:37 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-28 09:27 - 2010-10-04 17:11 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-05-23 07:04 - 2015-04-19 09:14 - 00000000 ____D C:\ProgramData\MFAData
2015-05-21 20:48 - 2011-09-22 13:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 20:36 - 2009-12-23 19:42 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 18:25 - 2015-04-07 18:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 18:25 - 2015-04-07 18:43 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2004-01-26 18:15 - 2004-01-26 18:15 - 0233472 ____R () C:\Users\SaschaPetsch\AppData\Roaming\MafiaSetup.exe
2009-12-21 16:13 - 2009-12-23 19:09 - 0000166 _____ () C:\Users\SaschaPetsch\AppData\Roaming\wklnhst.dat
2009-10-13 16:55 - 2009-10-13 17:00 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-07-12 13:12 - 2015-06-17 09:59 - 0007061 _____ () C:\ProgramData\hpzinstall.log

ZeroAccess:
C:\Users\Sascha\AppData\Local\4ca5590b
C:\Users\Sascha\AppData\Local\4ca5590b\@

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 12:57

==================== End of log ============================
         
--- --- ---

Alt 21.06.2015, 08:24   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\System Volume Information\SystemRestore\FRStaging\Users\SaschaPetsch\Downloads\Setup (1).exe

C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\roboot64.exe

C:\Windows\Installer\f5f0ed3.msi

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "hxxp://proxypac.tcd.ie/accelerated_pac_base.pac"
FF NetworkProxy: "type", 2
ZeroAccess:
C:\Users\Sascha\AppData\Local\4ca5590b
C:\Users\Sascha\AppData\Local\4ca5590b\@
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.06.2015, 11:50   #13
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Hi,

ich lasse jetzt nochmal ESET drüberlaufen.


Code:
ATTFilter
 Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by SaschaPetsch at 2015-06-21 09:31:48 Run:1
Running from C:\Users\SaschaPetsch\Downloads
Loaded Profiles: SaschaPetsch (Available Profiles: SaschaPetsch & Sascha)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\System Volume Information\SystemRestore\FRStaging\Users\SaschaPetsch\Downloads\Setup (1).exe

C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\roboot64.exe

C:\Windows\Installer\f5f0ed3.msi

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "hxxp://proxypac.tcd.ie/accelerated_pac_base.pac"
FF NetworkProxy: "type", 2
ZeroAccess:
C:\Users\Sascha\AppData\Local\4ca5590b
C:\Users\Sascha\AppData\Local\4ca5590b\@
Emptytemp:
         
*****************

C:\System Volume Information\SystemRestore\FRStaging\Users\SaschaPetsch\Downloads\Setup (1).exe => moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\roboot64.exe => moved successfully.
C:\Windows\Installer\f5f0ed3.msi => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0 => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0 => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe => moved successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-468609111-1792752646-2182262598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Users\Sascha\AppData\Local\4ca5590b => moved successfully.
"C:\Users\Sascha\AppData\Local\4ca5590b\@" => File/Folder not found.
EmptyTemp: => 531 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 09:33:24 ====
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SaschaPetsch (administrator) on SASCHA on 21-06-2015 09:48:56
Running from C:\Users\SaschaPetsch\Downloads
Loaded Profiles: SaschaPetsch (Available Profiles: SaschaPetsch & Sascha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files (x86)\pdf24\pdf24.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-19] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\pdf24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ACER.SCR [438272 2009-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2015-04-19]
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2009-12-21]
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)
Startup: C:\Users\SaschaPetsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-12-21]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-08-07] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-468609111-1792752646-2182262598-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-17] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-468609111-1792752646-2182262598-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-17] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-29] (Apple Inc.)
FF Extension: Ghostery - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\firefox@ghostery.com [2015-06-17]
FF Extension: OptimizeGoogle - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\optimizegoogle@optimizegoogle.com [2011-07-27]
FF Extension: WOT - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-17]
FF Extension: Long URL Please - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\longurlplease@darragh.curran.xpi [2015-06-17]
FF Extension: FlashGot - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-09-30]
FF Extension: NoScript - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-17]
FF Extension: CookieCuller - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2015-06-17]
FF Extension: Adblock Plus - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-30]
FF Extension: DownThemAll! - C:\Users\SaschaPetsch\AppData\Roaming\Mozilla\Firefox\Profiles\867i8no6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-07-27]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi

Chrome: 
=======
CHR Profile: C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16]
CHR Extension: (YouTube) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16]
CHR Extension: (Adblock Plus) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-18]
CHR Extension: (Google Search) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-18]
CHR Extension: (Ghostery) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-06-18]
CHR Extension: (Google Wallet) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Users\SaschaPetsch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
R2 AVM IGD CTRL Service; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [81920 2005-11-21] (AVM Berlin) [File not signed]
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [356352 2006-12-28] (AVM Berlin) [File not signed]
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2006-12-28] (AVM Berlin)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-15] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2006-12-28] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-11] () [File not signed]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 09:48 - 2015-06-21 09:49 - 00021717 _____ C:\Users\SaschaPetsch\Downloads\FRST.txt
2015-06-21 09:46 - 2015-06-21 09:46 - 02870984 _____ (ESET) C:\Users\SaschaPetsch\Downloads\esetsmartinstaller_deu.exe
2015-06-21 09:29 - 2015-06-21 09:30 - 02109952 _____ (Farbar) C:\Users\SaschaPetsch\Downloads\FRST64.exe
2015-06-20 14:50 - 2015-06-21 09:35 - 00000336 _____ C:\Windows\setupact.log
2015-06-20 14:50 - 2015-06-20 14:50 - 00000000 _____ C:\Windows\setuperr.log
2015-06-20 14:49 - 2015-06-20 15:23 - 00001188 _____ C:\Windows\PFRO.log
2015-06-20 14:17 - 2015-06-20 14:18 - 00001594 _____ C:\Windows\VPNUnInstall.MIF
2015-06-20 14:13 - 2015-06-20 14:13 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\HP
2015-06-20 14:12 - 2015-06-20 14:12 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\HP
2015-06-19 07:05 - 2015-06-19 07:08 - 00000000 ____D C:\EEK
2015-06-18 15:30 - 2015-06-21 09:48 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-06-18 15:30 - 2015-06-18 15:30 - 00001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-06-18 15:30 - 2015-06-18 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-06-18 15:30 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-18 15:25 - 2015-06-18 15:25 - 00029217 _____ C:\ComboFix.txt
2015-06-18 15:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-18 15:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-18 15:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-18 15:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-18 14:58 - 2015-06-18 15:25 - 00000000 ____D C:\Qoobox
2015-06-18 14:57 - 2015-06-18 15:23 - 00000000 ____D C:\Windows\erdnt
2015-06-18 13:27 - 2015-06-18 13:27 - 00001155 _____ C:\Users\SaschaPetsch\Desktop\kalo.klf
2015-06-17 18:57 - 2015-06-17 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-17 18:44 - 2015-06-18 13:37 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-17 12:38 - 2015-06-17 12:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SASCHA-Windows-7-Home-Premium-(64-bit).dat
2015-06-17 12:38 - 2015-06-17 12:38 - 00000000 ____D C:\RegBackup
2015-06-17 08:57 - 2015-06-17 08:57 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Oracle
2015-06-17 08:54 - 2015-06-17 08:52 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-17 08:52 - 2015-06-17 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-17 08:16 - 2015-06-18 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-17 08:16 - 2015-06-17 08:16 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-17 07:41 - 2015-06-17 07:41 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-17 07:40 - 2015-06-17 07:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-17 07:40 - 2015-06-17 07:40 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-17 07:15 - 2015-06-21 08:42 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-17 07:15 - 2015-06-17 07:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-17 07:15 - 2015-06-17 07:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-17 07:06 - 2015-06-17 07:06 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-16 17:39 - 2015-06-16 18:05 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HpUpdate
2015-06-16 17:37 - 2015-06-17 09:55 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\HpUpdate
2015-06-16 17:35 - 2015-06-16 17:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\HP
2015-06-16 17:32 - 2015-06-16 17:32 - 00000000 ____D C:\Users\Sascha\AppData\Local\HP
2015-06-16 13:19 - 2015-06-16 21:15 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-06-16 13:19 - 2015-06-16 13:19 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Yahoo!
2015-06-16 13:17 - 2015-06-16 13:17 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-06-16 13:13 - 2015-06-16 13:13 - 00000000 ____D C:\Program Files\HP
2015-06-16 12:01 - 2015-06-16 21:18 - 00000000 ____D C:\Program Files (x86)\Hp
2015-06-16 11:49 - 2015-06-16 11:49 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\GWX
2015-06-15 17:03 - 2015-06-15 17:04 - 00000000 ____D C:\Users\Sascha\Documents\Fax
2015-06-10 08:19 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:19 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:19 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:19 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:19 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 08:19 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 08:19 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:19 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:19 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 08:19 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 08:19 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:19 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 08:19 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:19 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 08:19 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 08:19 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:19 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:19 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:19 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:19 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:19 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:19 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:19 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:19 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:19 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 08:19 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:19 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:19 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 08:19 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 08:19 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:19 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 08:19 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:19 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:19 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 08:19 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 08:19 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:19 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 08:19 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 08:19 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:19 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:19 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 08:19 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:19 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:19 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 08:19 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:19 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:19 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:19 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 08:18 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 08:18 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 08:18 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 08:18 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 08:18 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 08:18 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:18 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 08:18 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 08:18 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 08:13 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 08:13 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 08:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 08:12 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 08:12 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 08:12 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 08:12 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 08:12 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 08:12 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 08:12 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 08:12 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 08:12 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 08:12 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 08:12 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 08:12 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 08:12 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 08:12 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:12 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 08:12 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 08:12 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 08:12 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 08:12 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 08:12 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 08:12 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 11:04 - 2015-06-07 11:04 - 02231296 _____ C:\Users\Sascha\Downloads\adwcleaner_4.206.exe
2015-06-04 10:30 - 2015-06-04 10:30 - 01010176 _____ C:\Users\Sascha\Downloads\MicrosoftFixit50884.msi
2015-06-01 14:38 - 2015-06-01 14:38 - 00000000 ____D C:\Users\Sascha\AppData\Local\GWX
2015-05-22 17:12 - 2015-05-22 17:12 - 00002326 _____ C:\Users\Public\Desktop\Tennis Masters Series 2003.lnk
2015-05-22 17:12 - 2015-05-22 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microids
2015-05-22 17:06 - 2015-05-22 17:06 - 00000000 ____D C:\Program Files (x86)\Microids

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 09:49 - 2015-04-19 13:09 - 00000000 ____D C:\FRST
2015-06-21 09:49 - 2012-12-04 10:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-21 09:44 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-21 09:44 - 2009-07-14 06:45 - 00025616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-21 09:42 - 2014-07-29 08:14 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 09:41 - 2014-09-13 15:13 - 01189277 _____ C:\Windows\WindowsUpdate.log
2015-06-21 09:35 - 2015-02-16 09:50 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-21 09:35 - 2014-02-13 00:50 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2844c60b4e24.job
2015-06-21 09:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-21 09:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-06-21 09:17 - 2013-07-02 08:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 19:58 - 2012-12-04 10:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-20 15:49 - 2010-10-06 14:40 - 00082848 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-20 15:49 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-20 15:48 - 2013-01-17 15:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\FRITZ!
2015-06-20 15:47 - 2010-07-12 13:12 - 00015161 _____ C:\ProgramData\hpzinstall.log
2015-06-20 15:24 - 2009-12-21 13:36 - 00082848 _____ C:\Users\SaschaPetsch\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-20 15:23 - 2009-07-14 06:45 - 00338104 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-20 15:13 - 2010-07-12 13:12 - 00000000 ____D C:\ProgramData\HP
2015-06-20 14:26 - 2013-05-29 22:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-20 08:31 - 2009-10-14 02:43 - 00744058 _____ C:\Windows\system32\perfh007.dat
2015-06-20 08:31 - 2009-10-14 02:43 - 00163998 _____ C:\Windows\system32\perfc007.dat
2015-06-20 08:31 - 2009-07-14 07:13 - 00006264 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-19 22:19 - 2014-05-01 14:30 - 00000000 ____D C:\Program Files (x86)\KaloMa
2015-06-19 09:25 - 2015-04-19 09:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-18 15:25 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-18 15:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-18 13:29 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Performance
2015-06-17 18:55 - 2014-07-29 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 08:55 - 2013-12-11 12:27 - 00000000 ____D C:\ProgramData\Oracle
2015-06-17 08:53 - 2013-12-10 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-17 08:43 - 2014-11-22 14:25 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\Adobe
2015-06-17 08:42 - 2012-05-13 08:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-17 08:42 - 2011-07-27 12:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 08:32 - 2009-12-23 19:30 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Local\Mozilla
2015-06-17 08:30 - 2009-12-23 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-17 07:46 - 2009-12-21 14:10 - 00000000 ____D C:\Users\SaschaPetsch\AppData\Roaming\Adobe
2015-06-17 07:39 - 2009-08-22 07:23 - 00000000 ____D C:\ProgramData\Adobe
2015-06-17 07:39 - 2009-08-22 07:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-16 21:17 - 2015-03-11 08:33 - 00000000 ____D C:\Program Files (x86)\ANSTOSS 3
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieUserList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieSiteList
2015-06-16 18:22 - 2015-02-15 22:02 - 00000000 __SHD C:\Users\SaschaPetsch\AppData\Local\EmieBrowserModeList
2015-06-16 13:23 - 2010-07-12 13:34 - 00235191 ____N C:\Windows\hpoins21.dat.temp
2015-06-15 13:03 - 2014-06-28 11:32 - 00000000 ____D C:\Users\Sascha\Desktop\PT
2015-06-13 15:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 12:36 - 2014-12-12 19:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-13 12:36 - 2014-05-06 09:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-13 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 07:30 - 2009-08-22 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 07:27 - 2013-08-18 07:35 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 07:01 - 2009-12-23 00:41 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 12:21 - 2009-12-21 13:36 - 00000000 ____D C:\Users\SaschaPetsch
2015-06-10 08:20 - 2013-07-02 08:53 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-07 15:55 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-28 09:27 - 2011-07-27 12:37 - 00001021 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-05-28 09:27 - 2010-10-04 17:11 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-05-23 07:04 - 2015-04-19 09:14 - 00000000 ____D C:\ProgramData\MFAData

==================== Files in the root of some directories =======

2004-01-26 18:15 - 2004-01-26 18:15 - 0233472 ____R () C:\Users\SaschaPetsch\AppData\Roaming\MafiaSetup.exe
2009-12-21 16:13 - 2009-12-23 19:09 - 0000166 _____ () C:\Users\SaschaPetsch\AppData\Roaming\wklnhst.dat
2009-10-13 16:55 - 2009-10-13 17:00 - 0007832 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-07-12 13:12 - 2015-06-20 15:47 - 0015161 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 12:57

==================== End of log ============================
         
--- --- ---

ESET-Scan ist gerade fertig geworden. Es wurden leider immer noch 5 Infizierungen gefunden
Wie soll ich nun weiter vorgehen?

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# end=init
# utc_time=2015-06-21 08:11:59
# local_time=2015-06-21 10:11:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24425
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# end=updated
# utc_time=2015-06-21 08:28:29
# local_time=2015-06-21 10:28:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e88a6cd021d644419ad145bf41471dad
# engine=24425
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-21 10:42:09
# local_time=2015-06-21 12:42:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60914180 186513179 0 0
# scanned=231925
# found=5
# cleaned=0
# scan_time=8019
sh=BA8F31B91FB98E7B5729E1CD116E1570B1677F92 ft=1 fh=e0f206a588330d87 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Users\SaschaPetsch\Downloads\Setup (1).exe.xBAD"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Windows\System32\roboot64.exe.xBAD"
sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe.xBAD"
sh=C58A1B1408B8E80092FB3E2D8BAFC470C7D0E82A ft=1 fh=74112e0692858a7c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe.xBAD"
sh=6B64533C8C3ECC36AB7A468C331370CC75F9F35B ft=1 fh=547f8914c5e0165c vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe.xBAD"
         

Alt 22.06.2015, 06:20   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Die sind schon in Quarantäne. Sonst noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2015, 18:26   #15
Görtler
 
Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Standard

Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten



Hi,

nein alles klar soweit. Das System läuft wieder einwandfrei. Dann bleibt mir nur nochmals Danke zu sagen für die schnelle und kompetente Hilfe

Antwort

Themen zu Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten
angezeigt, ausgeführt, avast, avira, basisfiltermodul, computer, deaktiviert, dienst, engine, fehler, firewall, folge, folgender, gestartet, installation, konnte, manuell, meldung, nicht mehr, schutz, starte, starten, virenschutz, windows, windows 7, zugriff



Ähnliche Themen: Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten


  1. Windows Firewall lässt sich nicht starten Fehler 0x8007042c
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (21)
  2. Windows 8.1: PC hängt sich auf und ADwareCleaner lässt sich nicht starten
    Log-Analyse und Auswertung - 20.06.2015 (4)
  3. Windows7 taskmgr lässt sich nicht starten, Avira Echtzeitscanner lässt sich nicht aktivieren, USB wird nicht angenommen, ohne Meldung,
    Log-Analyse und Auswertung - 01.06.2015 (15)
  4. Firewall lässt sich nicht mehr starten Fehlercode 0x8007042c
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (12)
  5. Firewall lässt sich nicht mehr starten
    Alles rund um Windows - 30.03.2015 (15)
  6. Sicherheitscenter ist deaktiviert und lässt sich auch nicht starten win7 ultimate 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.12.2014 (10)
  7. Firewall lässt sich nicht mehr starten Fehlercode 0x8007042c
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (11)
  8. Firewall lässt sich nicht mehr starten Fehlercode 0x8007042c
    Antiviren-, Firewall- und andere Schutzprogramme - 09.12.2014 (19)
  9. Windows Firewall lässt sich nicht starten/öffnen/ausführen
    Log-Analyse und Auswertung - 13.02.2014 (21)
  10. Virenprogramm ist Deaktiviert und lässt sich nicht starten!
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (1)
  11. Langsames Hochfahren, Windows Firewall lässt sich nicht starten!
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (7)
  12. Win7 Firewall lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (24)
  13. windows 7 lässt sich nicht von cd starten
    Alles rund um Windows - 05.10.2012 (4)
  14. Firewall lässt sich nicht starten, System32 und csrssdaten verändert
    Plagegeister aller Art und deren Bekämpfung - 18.07.2011 (5)
  15. Windows lässt sich nicht starten
    Alles rund um Windows - 02.12.2010 (2)
  16. Firewall lässt sich nicht starten nach dem Fund von TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 26.09.2010 (1)
  17. Firewall lässt sich nicht mehr starten - ist mein System infiziert?
    Log-Analyse und Auswertung - 24.08.2010 (11)

Zum Thema Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten - Hallo, ich wollte bei meinem Virenschutz von Avira auf Avast umsteigen. Bei der Installation von Avast kommt allerdings die Meldung, dass der Dienst "Base Filtering Engine" nicht ausgeführt wird. Der - Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten...
Archiv
Du betrachtest: Windows 7 Firewall ist deaktiviert und lässt sich nicht starten & Basisfiltermodul lässt sich nicht starten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.