Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.06.2015, 16:23   #1
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Guten Tag.

Ich habe den Verdacht auf einen Trojaner:

1.)
Der abgesicherte Modus geht nicht per F8, es kommt kein Menü.
(Mit Gewalt, per MSCONFIG, läuft er aber einwandfrei,)

2.)
AVAST:
Scan: "Die Prüfung konnte nicht gestartet werden. In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar."
Der permanente Schutz-Modus läßt sich nicht aktivieren: "Der Avast-Hintergrundservice läuft nicht",

3.)
WIN-Update:
Die beiden Updates kb2862330 und kb2862335 werden nicht installiert.
Erst heißt es "Erfolgreich", nach dem Boot werden aber beide "rückabgewickelt", es folgt noch ein Boot, im Update-Protokoll heißt es dann: "fehlgeschlagen".

4.)
Secunia PSI sagt, die c:\Windows\System32\MSXML4.DLL sei nicht aktuell.
Beim Update von der MS-Seite aus ändert sich nichts.
Es bleibt bei Version 4.30.21117.0 vom 08.11.2012, 11:29 Uhr, 1.402.312 Byte Länge.
Das WWW verrät, daß die DLL üblicherweise eine Länge von 1348432 Bytes (72% aller Vorkommen), 1245696 Bytes oder 1275392 Bytes oder 1286152 Bytes hat.
Ich habe daraufhin sämtliche MSXML4*.* aus c:\Windows\System32 umbenannt und verschoben.
Dadurch ändert sich aber überhaupt nichts.

5.)
Der Patch für >4GB RAM (bis 64GB) unter WIN7 / 32Bit funtioniert nicht mehr


Die Windows Systemstartreparatur findet nichts,


Ich habe als Admin laufen lassen:

Eset
Adwcleaner
Avira antivir
Bit defender
Eset
Junkwaren removal tool
Secunia PSI (alles aktuell außer Photoshop)
MBam
Sophos
Stinger
Tdskiller

Überhaupt keine Funde.


Emsisoft hatte 2 Funde, ich habe beide gelöscht, aber keinerlei Resuiltat:
1.)
Value: HKEY_USERS\S-1-5-21-582265673-3528206955-3743167496-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Gefunden: Setting.DisableTaskMgr (A)
2.)
Value: HKEY_USERS\S-1-5-21-582265673-3528206955-3743167496-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)



Ich habe immer nur WIN-Defender, WIN-Firewall und Avira Antivir gleichzeitig laufen.
(Die anderen installierten Viren-Programme dienten nur zum Scannen...)


Ich möchten nun gerne wissen, ob mein PC verseucht ist, oder sauber.

Dafür benötige ich aber Unterstützung.

Dank im voraus
&
Schöne Grüße
Rabanus

Alt 23.06.2015, 16:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 23.06.2015, 17:31   #3
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Hallo, Schrauber,

vielen Dank für die rasche Mail.

Anbei FRST.TXT und ADDITION.TXT.

Ich hoffe, ich habe das richtig gemacht, mit dem Einfügen unten.

Schöne Grüße
Rabanus
-------------------------------------------------


FRST.TXT:
[CODE]

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by HEY (administrator) on HASI on 23-06-2015 18:14:17
Running from F:\
Loaded Profiles: HEY (Available Profiles: HEY & TECHNO)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Safer-Networking Ltd.) D:\vscan\Spybot - Search & Destroy\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe
(r2 studios) D:\tools\Startup Delayer\Startup Launcher GUI.exe
(Safer-Networking Ltd.) D:\vscan\Spybot - Search & Destroy\SDUpdSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Safer-Networking Ltd.) D:\vscan\Spybot - Search & Destroy\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Ghisler Software GmbH) D:\PROGRAM\wincmd TOTAL\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [StartupDelayer] => D:\tools\Startup Delayer\Startup Launcher GUI.exe [147456 2009-03-08] (r2 studios)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\MountPoints2: {240fa1d1-c1d5-11e4-a6be-60eb69953d0f} - G:\AutoRun.exe
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\MountPoints2: {8bd97504-c7f5-11e4-ab5b-001e101fbedd} - G:\AutoRun.exe
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\MountPoints2: {cb1fefa6-aae2-11e4-9498-60eb69953d0f} - G:\AutoRun.exe
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\MountPoints2: {cb1fefb4-aae2-11e4-9498-60eb69953d0f} - G:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/www/S8.HTM
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-582265673-3528206955-3743167496-1000 -> {4C3AD88C-7275-436A-BABC-C03BA99F5F7C} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler: javascript - No CLSID Value - 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70

FireFox:
========
FF ProfilePath: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default
FF DefaultSearchEngine: Google 
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Englische Ergebnisse
FF Homepage: file:///D:/www/S8.HTM
FF NetworkProxy: "autoconfig_url", "hxxp://127.0.0.1:9151/"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9150
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-20] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\ebay-deutschland.xml [2014-04-09]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\google-.xml [2013-08-20]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\google-maps.xml [2013-10-01]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\suche--wikipedia.xml [2013-08-20]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\wiktionary.xml [2012-01-22]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\youtube-videosuche.xml [2014-11-24]
FF Extension: Avira Browser Safety - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-12-07]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-18]
FF Extension: anonymoX - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\client@anonymox.net.xpi [2015-02-04]
FF Extension: CookieKeeper - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\cookiekeeper@cookiekeeper.mozdev.org.xpi [2014-03-02]
FF Extension: Cookies Export/import - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\CookiesIE@yahoo.com.xpi [2014-11-18]
FF Extension: Copy Urls Expert - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-11-18]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-12-07]
FF Extension: Ghostery - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\firefox@ghostery.com.xpi [2015-01-03]
FF Extension: History Export - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\histexp@cycledlm.gmail.com.xpi [2014-11-18]
FF Extension: Lightbeam - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-11-18]
FF Extension: keyconfig - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\keyconfig@dorando.xpi [2014-03-05]
FF Extension: Deutsch (DE) Language Pack - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-04-02]
FF Extension: Reload Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\reloadplus@blackwind.xpi [2014-11-18]
FF Extension: Status-4-Evar - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\status4evar@caligonstudios.com.xpi [2012-12-07]
FF Extension: PDF Viewer - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\uriloader@pdf.js.xpi [2014-11-18]
FF Extension: Image Zoom - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-17]
FF Extension: Unhide Passwords - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2012-12-07]
FF Extension: Cookie Monster - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2012-12-07]
FF Extension: oldbar - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2014-11-18]
FF Extension: Compact Menu 2 - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}.xpi [2012-12-07]
FF Extension: NoScript - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-07]
FF Extension: ReloadEvery - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012-12-07]
FF Extension: Active Stop Button - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb}.xpi [2015-03-12]
FF Extension: Password Exporter - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-11-18]
FF Extension: Video DownloadHelper - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: SelectionSK - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{D0BF6ED6-4A0E-489d-B207-556474500B4E}.xpi [2013-08-24]
FF Extension: Adblock Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Tiny Menu - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2015-01-13]
FF Extension: BetterPrivacy - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-07]
FF Extension: User Agent Switcher - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-12-05]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
S2 AntiVirMailService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-29] (Nuance Communications, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; D:\vscan\MBAM\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; D:\vscan\Spybot - Search & Destroy\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\vscan\Spybot - Search & Destroy\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\vscan\Spybot - Search & Destroy\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 StarMoney 9.0 OnlineUpdate; D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 HPSLPSVC; C:\Users\HEY\AppData\Local\Temp\7zS1EF5\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-05-16] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-03-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [91840 2015-03-25] (McAfee, Inc.)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [44032 2009-12-07] (--)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 Tortilla; C:\Windows\System32\DRIVERS\tortilla.sys [10872 2013-12-21] () [File not signed]
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [339712 2011-01-21] (10Moons Technologies Co.,Ltd)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [23104 2009-11-04] (DTV-DVB)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [763584 2009-11-04] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 SANDRA; \??\D:\tools\REG Sandra\WNt500x86\Sandra.sys [X]
S3 Ser2plx86; system32\DRIVERS\ser2pl.sys [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
U5 UnlockerDriver5; D:\tools\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 17:47 - 2015-06-21 20:50 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw2434.tmp
2015-06-23 17:47 - 2015-06-21 20:50 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw2CBD.tmp
2015-06-23 10:26 - 2015-06-23 18:06 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-23 10:26 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-06-22 18:37 - 2015-06-22 18:37 - 00000694 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-20 18:17 - 2015-06-20 18:17 - 00000000 ____T C:\Windows\system32\USB003
2015-06-20 15:50 - 2015-06-20 15:51 - 00000000 ____D C:\Users\HEY\AbiSuite
2015-06-20 15:37 - 2015-06-20 15:37 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2015-06-20 15:12 - 2015-06-20 15:13 - 00000568 _____ C:\Windows\SecuniaPackage.log
2015-06-19 07:39 - 2015-06-19 07:39 - 02076309 _____ C:\Users\HEY\AppData\Local\ntkrlICE.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 00570073 _____ C:\Users\HEY\AppData\Local\gui.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 00397900 _____ C:\Users\HEY\AppData\Local\4GB_GER.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 00397900 _____ C:\Users\HEY\AppData\Local\4GB_EN.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 00021504 _____ (deepxw) C:\Users\HEY\AppData\Local\Wtrmrk.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 00000518 _____ C:\Users\HEY\AppData\Local\UNAWAVE_EN.url
2015-06-19 07:39 - 2015-06-19 07:39 - 00000240 _____ C:\Users\HEY\AppData\Local\UPDATE.url
2015-06-19 07:39 - 2015-06-19 07:39 - 00000216 _____ C:\Users\HEY\AppData\Local\UNAWAVE_GER.url
2015-06-19 03:20 - 2015-06-19 03:20 - 00000000 ____D C:\Program Files\stinger
2015-06-19 02:58 - 2015-06-19 02:58 - 00000598 _____ C:\Users\HEY\Desktop\JRT.txt
2015-06-18 23:24 - 2015-06-18 23:24 - 00000000 ____D C:\Program Files\ESET
2015-06-18 23:09 - 2015-06-18 23:09 - 00000000 ____D C:\Windows\Sun
2015-06-18 22:55 - 2015-06-18 22:55 - 00002679 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-06-18 16:27 - 2015-06-23 18:06 - 00401512 _____ C:\Windows\PFRO.log
2015-06-18 15:05 - 2015-06-18 23:02 - 00068592 _____ C:\Users\HEY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-18 13:44 - 2015-06-23 18:06 - 00002231 _____ C:\Windows\setupact.log
2015-06-18 13:44 - 2015-06-18 16:27 - 00302392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-18 13:44 - 2015-06-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 00:44 - 2015-06-18 00:44 - 00262144 _____ C:\Users\TECHNO
2015-06-18 00:38 - 2015-06-18 02:06 - 00000000 ____D C:\Users\HEY\SecurityScans
2015-06-18 00:38 - 2015-06-18 02:06 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2015-06-17 18:53 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-17 18:53 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-17 18:53 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-17 18:37 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-17 18:37 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-17 18:37 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-17 18:37 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-17 18:37 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-17 18:37 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-17 18:37 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-17 18:37 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-17 18:37 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-17 18:37 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-17 18:37 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-17 18:37 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-17 18:37 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-17 18:37 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-17 18:37 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-17 18:37 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-17 18:37 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-17 18:37 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-17 18:37 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-17 18:36 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-17 18:36 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-17 18:36 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-17 18:36 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-17 18:36 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-17 18:36 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-17 18:36 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-17 18:36 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-17 18:36 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-17 18:36 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-17 18:36 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-17 18:36 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-17 18:36 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-17 18:35 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-17 18:35 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-17 18:35 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-17 18:35 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-17 18:35 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-17 18:35 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-17 18:35 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-17 18:35 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-17 18:35 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-17 18:35 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-17 18:34 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-17 18:34 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-17 18:34 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-17 18:34 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-17 18:34 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-17 18:33 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-17 18:33 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-17 18:33 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-17 18:33 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-17 18:32 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-17 18:32 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-17 18:32 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-17 18:32 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-17 18:32 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-17 18:32 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-17 18:32 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-17 18:32 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-17 18:32 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-17 18:32 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-17 18:32 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-17 18:32 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-17 18:32 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-17 18:32 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-17 18:32 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-17 18:32 - 2014-12-11 19:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-17 18:32 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-17 18:32 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-17 18:32 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-17 18:32 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-17 18:32 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-17 18:32 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-17 18:32 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-17 18:32 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-17 18:32 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-17 18:32 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-17 18:32 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-17 18:32 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-17 18:32 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-17 18:32 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-17 18:32 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-17 18:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-17 18:32 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-17 18:32 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-17 18:32 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-17 18:32 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-17 18:32 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-17 18:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-17 18:32 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-06-17 18:32 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-17 18:32 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-06-17 18:32 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-17 18:32 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-17 18:26 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-17 18:26 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-17 18:18 - 2015-06-17 18:18 - 00000000 ____D C:\Windows\tracing
2015-06-17 18:17 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-17 18:16 - 2015-06-17 18:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-17 18:14 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-17 18:13 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-17 18:13 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-17 18:13 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-17 18:13 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-17 18:13 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-17 18:13 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-17 18:13 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-17 18:13 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-17 18:13 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-17 18:13 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-17 18:13 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-17 18:13 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-17 18:13 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-06-17 18:13 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-06-17 18:13 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-06-17 18:12 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-17 18:12 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-17 18:12 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-17 18:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-17 18:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-17 18:12 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-17 18:12 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-17 18:12 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-17 18:12 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-17 18:12 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-17 18:12 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-17 18:12 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-17 18:12 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-17 18:08 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-17 17:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-17 17:43 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-17 17:42 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-17 17:42 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-17 17:42 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-17 17:42 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-17 17:40 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-17 17:40 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-17 17:40 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-17 17:40 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-06-17 17:40 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-06-17 17:39 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-17 17:39 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-17 17:39 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-17 17:39 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-17 17:39 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-17 17:39 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-17 17:39 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-17 17:39 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-17 17:39 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-17 17:39 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-17 17:39 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-17 17:39 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-17 17:39 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-17 17:39 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-17 17:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-17 17:39 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-17 17:39 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-17 17:39 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-17 17:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-17 17:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-17 17:39 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-17 17:39 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-17 17:39 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-17 17:39 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-17 17:39 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-17 17:39 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-17 17:39 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-17 17:39 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-17 17:39 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-17 17:39 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-17 17:39 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-17 17:30 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-17 17:30 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-17 17:30 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-17 17:30 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-17 17:30 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-17 17:30 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-17 17:30 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-17 17:30 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-17 17:30 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-17 17:30 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-17 17:26 - 2015-05-09 05:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-17 17:26 - 2015-05-09 05:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-17 17:26 - 2015-05-09 05:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-17 17:26 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-17 17:26 - 2015-05-09 05:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-17 17:25 - 2015-05-09 20:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-17 17:25 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-17 17:25 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-17 17:25 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-06 12:07 - 2015-06-06 12:07 - 00000942 _____ C:\Users\HEY\seditor.launcher.log
2015-05-25 20:20 - 2015-06-23 17:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 18:14 - 2015-03-25 23:34 - 00000000 ____D C:\FRST
2015-06-23 18:13 - 2010-11-20 23:01 - 00256048 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 18:09 - 2012-10-09 18:45 - 01515607 _____ C:\Windows\WindowsUpdate.log
2015-06-23 18:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 18:05 - 2009-07-14 06:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 18:05 - 2009-07-14 06:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 18:02 - 2015-05-07 21:18 - 00001912 _____ C:\Windows\epplauncher.mif
2015-06-23 17:46 - 2012-10-13 09:39 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Spamihilator
2015-06-23 15:38 - 2014-04-05 20:58 - 00000000 ____D C:\Users\HEY\AppData\Local\cmon
2015-06-23 15:37 - 2012-10-16 01:45 - 00000000 ____D C:\Users\HEY\AppData\Roaming\TV-Browser
2015-06-23 12:18 - 2012-10-10 16:35 - 00000000 ____D C:\Users\HEY\Desktop\VSCAN
2015-06-23 10:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-21 18:09 - 2012-10-10 19:34 - 00000000 ____D C:\Users\HEY\AppData\Roaming\XnView
2015-06-20 18:31 - 2012-10-23 10:02 - 00000727 _____ C:\Windows\IMAGEIN.INI
2015-06-20 15:50 - 2012-10-09 18:43 - 00000000 ____D C:\Users\HEY
2015-06-20 15:13 - 2015-02-22 15:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-20 15:13 - 2015-02-22 15:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-20 13:57 - 2012-10-11 10:10 - 00000000 ____D C:\Users\HEY\AppData\Roaming\vlc
2015-06-19 08:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-19 03:22 - 2015-05-08 15:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 03:07 - 2015-03-24 20:07 - 00000000 ____D C:\AdwCleaner
2015-06-19 02:29 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 20:01 - 2015-05-12 11:10 - 00000000 ____D C:\Windows\rescache
2015-06-18 15:36 - 2012-10-16 06:11 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Macromedia
2015-06-18 13:41 - 2015-05-08 15:55 - 00000000 ____D C:\Users\HEY\AppData\Local\CrashDumps
2015-06-18 13:15 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-18 08:27 - 2015-05-01 17:14 - 02950477 _____ (Thisisu) C:\Users\HEY\Desktop\JRT_NEW.exe
2015-06-18 03:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-18 02:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-06-18 02:06 - 2012-10-09 18:45 - 00000000 ____D C:\Windows\SoftwareDistribution_OLD
2015-06-18 02:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-06-18 00:45 - 2014-09-20 18:01 - 00000000 __SHD C:\Users\HEY\AppData\Local\EmieUserList
2015-06-18 00:45 - 2014-09-20 18:01 - 00000000 __SHD C:\Users\HEY\AppData\Local\EmieSiteList
2015-06-17 19:33 - 2012-10-30 15:50 - 00000000 ____D C:\Windows\pss
2015-06-17 18:18 - 2015-04-10 10:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-17 18:18 - 2015-04-10 10:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-17 18:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-17 17:52 - 2010-11-21 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-17 17:30 - 2012-10-10 04:36 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-06-17 17:29 - 2014-03-12 10:47 - 00000000 ____D C:\Windows\system32\MRT
2015-06-17 17:26 - 2012-10-10 15:13 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 18:00 - 2012-11-20 19:00 - 00000325 _____ C:\Windows\KillProcess.INI
2015-06-09 11:35 - 2015-05-14 23:00 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-09 11:35 - 2015-05-14 23:00 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 11:35 - 2015-05-03 10:42 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-06 12:08 - 2013-12-19 19:54 - 00000000 ____D C:\Users\HEY\AppData\Roaming\tor
2015-06-06 12:07 - 2013-12-19 19:53 - 00000000 ____D C:\Users\HEY\AppData\Local\Vidalia
2015-05-30 14:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-05-25 19:46 - 2014-08-24 21:38 - 00000000 ____D C:\Users\HEY\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-02-08 01:50 - 2013-02-08 01:52 - 2932262 _____ () C:\Users\HEY\AppData\Roaming\langInstall.exe
2012-11-05 19:40 - 2015-03-22 13:27 - 0001595 _____ () C:\Users\HEY\AppData\Roaming\SAS7_000.DAT
2015-06-19 07:39 - 2015-06-19 07:39 - 0397900 _____ () C:\Users\HEY\AppData\Local\4GB_EN.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 0397900 _____ () C:\Users\HEY\AppData\Local\4GB_GER.exe
2015-06-19 07:39 - 2015-06-19 07:39 - 0570073 _____ () C:\Users\HEY\AppData\Local\gui.exe
2014-06-18 00:35 - 2014-06-18 00:35 - 0000001 _____ () C:\Users\HEY\AppData\Local\llftool.4.25.agreement
2014-06-18 00:36 - 2014-06-18 00:36 - 0000019 _____ () C:\Users\HEY\AppData\Local\llftool.license
2015-06-19 07:39 - 2015-06-19 07:39 - 2076309 _____ () C:\Users\HEY\AppData\Local\ntkrlICE.exe
2014-06-18 00:43 - 2014-06-18 00:43 - 0000001 _____ () C:\Users\HEY\AppData\Local\RawCopy.1.10.agreement
2014-06-18 00:43 - 2014-06-18 00:43 - 0000001 _____ () C:\Users\HEY\AppData\Local\RawCopy.sourcedisk.index
2015-05-06 18:58 - 2015-05-06 18:58 - 0000218 _____ () C:\Users\HEY\AppData\Local\recently-used.xbel
2015-06-19 07:39 - 2015-06-19 07:39 - 0000518 _____ () C:\Users\HEY\AppData\Local\UNAWAVE_EN.url
2015-06-19 07:39 - 2015-06-19 07:39 - 0000216 _____ () C:\Users\HEY\AppData\Local\UNAWAVE_GER.url
2015-06-19 07:39 - 2015-06-19 07:39 - 0000240 _____ () C:\Users\HEY\AppData\Local\UPDATE.url
2012-11-19 00:13 - 2015-01-11 18:12 - 0017408 _____ () C:\Users\HEY\AppData\Local\WebpageIcons.db
2015-06-19 07:39 - 2015-06-19 07:39 - 0021504 _____ (deepxw) C:\Users\HEY\AppData\Local\Wtrmrk.exe
2015-03-24 22:55 - 2015-03-24 22:55 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2014-02-16 12:46 - 2014-02-16 12:46 - 0005110 _____ () C:\ProgramData\mxnhytee.feu

Some files in TEMP:
====================
C:\Users\HEY\AppData\Local\Temp\avgnt.exe
C:\Users\HEY\AppData\Local\Temp\Quarantine.exe
C:\Users\HEY\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-06-23 07:37

==================== End of log ============================
         
--- --- ---



Addition.txt:



Code:
ATTFilter
addition:txt.


Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by HEY at 2015-06-23 18:14:45
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-582265673-3528206955-3743167496-500 - Administrator - Enabled)
Gast (S-1-5-21-582265673-3528206955-3743167496-501 - Limited - Disabled)
HEY (S-1-5-21-582265673-3528206955-3743167496-1000 - Administrator - Enabled) => C:\Users\HEY
HomeGroupUser$ (S-1-5-21-582265673-3528206955-3743167496-1004 - Limited - Enabled)
TECHNO (S-1-5-21-582265673-3528206955-3743167496-1002 - Limited - Enabled) => C:\Users\TECHNO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 18 ActiveX (HKLM\...\{9F5C6A1A-3B30-4AD5-B998-2885AA7C26A7}) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\{2448A347-6E10-4FDE-AD25-74804743D184}) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Ahnenblatt 2.74 (HKLM\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Any Video Converter 5.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Attachment Finder for Outlook Express version 2.31.15.45 (HKLM\...\Attachment Finder for Outlook Express_is1) (Version:  - Yarrow Soft)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Cinergy Hybrid Stick V1.00.08.06a (HKLM\...\Cinergy Hybrid Stick) (Version: 1.00.08.06a - )
c'mon Version 1.0.2 (HKLM\...\{75A58CEE-4F84-4F03-BA75-A7D4D6C986F0}_is1) (Version: 1.0.2 - sheepleap Software)
CrystalDiskInfo 5 Cynthia Alpha1 (HKLM\...\CrystalDiskInfo_is1) (Version: 5 Cynthia Alpha1 - Crystal Dew World)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dragon NaturallySpeaking 11 (HKLM\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dupe Remover for Outlook Express and Windows Mail version 3.5 (HKLM\...\{B262EDF7-B16C-447E-B203-FAD286B61F90}_is1) (Version: 3.5 - Topalt.com)
DVBViewer TERRATEC Edition (HKLM\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
FRITZBox Anrufmonitor (HKLM\...\{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}) (Version: 1.0.1 - Bernhard Elbl)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Glary Utilities 2.52.0.1698 (HKLM\...\Glary Utilities_is1) (Version: 2.52.0.1698 - Glarysoft Ltd)
GrampsAIO32 (HKLM\...\GrampsAIO32) (Version: 3.4.5-1 - The GRAMPS project)
Graphviz (HKLM\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.34 - AT&T Research Labs.)
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Hex-Editor MX (HKLM\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Inkscape 0.48.5 (HKLM\...\Inkscape) (Version: 0.48.5 - )
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KC Softwares SUMo (HKLM\...\KC Softwares SUMo_is1) (Version: 3.10.7.234 - KC Softwares)
Ladegeräte 4.02  (HKLM\...\Ladegeräte) (Version: 4.02 - )
Lotus SmartSuite Version 9 (HKLM\...\SmartSuite V98.0) (Version:  - )
Macromedia Extension Manager (HKLM\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname)
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{117E49F3-4985-41EC-90AD-72C09CEAB639}) (Version: 3.0.302.0 - Tracker Software Products (Canada) Ltd.)
PhonerLite 2.15 (HKLM\...\PhonerLite_is1) (Version: 2.15 - Heiko Sommerfeldt)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spamihilator 1.6.0 (32-Bit) (HKLM\...\{624CDCC7-9E58-46FE-956B-04A8004A9FCC}) (Version: 1.6.0 - Michel Krämer)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM\...\{70BEE0AE-B265-49E1-AC04-AFAFA99B4DE7}) (Version: 9.0 - Star Finanz GmbH)
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.24.8 - )
THC Codec Patch (HKLM\...\{03DF2CB2-FF23-47F7-8754-8C3938A5F44C}) (Version: 1.00.0000 - )
Tor 0.2.4.22 (HKLM\...\Tor) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV-Browser 3.4.0.1 (HKLM\...\tvbrowser) (Version: 3.4.0.1 - TV-Browser Team)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Vidalia 0.2.21 (HKLM\...\Vidalia) (Version:  - )
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wondershare Video Editor(Build 3.1.1) (HKLM\...\Wondershare Video Editor_is1) (Version: 3.1.1.1 - Wondershare Software)
XnView 2.13 (HKLM\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{53DEC138-A51E-11D2-861E-00C04FA35C89}\InprocServer32 -> D:\PROGRAM\symphony IBM\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.1.20101013-2236\os\win32\x86\tlogpsdll.DLL ()
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{A69145EB-EB83-4485-AF49-62619B164E34}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{c59c69c9-35fa-4bd3-9fb7-c38606f8547d}\localserver32 -> D:\PROGRAM\symphony IBM\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.1.20101013-2236\os\win32\x86\IEOOP.exe (IBM)
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{E33509A4-EB8B-4BB2-A55A-626EE4DBA50F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

19-06-2015 08:26:01 Geplanter Prüfpunkt
20-06-2015 15:12:16 Installed Adobe Flash Player 18 ActiveX.
20-06-2015 15:13:15 Installed Adobe Flash Player 18 NPAPI.
20-06-2015 21:46:27 MSXML 4.0 SP2 Parser und SDK wird installiert
20-06-2015 21:57:55 Windows Update
20-06-2015 22:25:21 MSXML 4.0 SP2 Parser und SDK wird entfernt
21-06-2015 20:47:33 avast! antivirus system restore point
23-06-2015 12:24:29 Windows Update
23-06-2015 17:46:30 avast! antivirus system restore point
23-06-2015 17:57:54 avast! antivirus system restore point

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {022071A1-BDB4-4D75-8038-8A4C298A1DF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {2DFAEE35-CB40-4231-87B7-AAA57E081560} - System32\Tasks\{AD457501-6A49-4D41-8DAF-0D971FB98F17} => pcalua.exe -a "F:\CX70 USB   setupSiemens-DCA-140-540v1.0.7.exe" -d f:\
Task: {3FD6F459-7231-4BEE-ADED-6C99850E0FEA} - System32\Tasks\{873E92E0-76AE-433B-AF2C-1D9D743C6F98} => pcalua.exe -a D:\vscan\spamihilator\wizard.exe -d D:\vscan\spamihilator\
Task: {4745B9A4-9A02-498C-A049-8D37793CF80E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {4BB26DFF-C667-42C0-8EFA-8634625284A6} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {78F46096-EDC9-4CEC-8E87-501822969D6D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {957C3813-079D-4B25-9E2C-878BCE7812F9} - System32\Tasks\sd => C:\Windows\system32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {96737689-332C-4E97-89D6-CB699C9C4D73} - System32\Tasks\GlaryInitialize => D:\tools\REG Glary\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {A4CC8448-1FB5-4CE7-8868-31C3AE47B232} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B9587736-E5B2-40FC-8DF5-15EBB9186AF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-20] (Adobe Systems Incorporated)
Task: {BBFE801B-9D0B-4CED-863C-9F5B4FCF3CF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\vscan\Spybot - Search & Destroy\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C30C4FBD-0B5B-44AD-A269-BCEA2D6A5CC6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {C57654B7-B03F-4C9F-8909-CFBAB57F13CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {CA9E5139-C09D-4425-953E-E6E2C50DCCA5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {E2DD2E49-76F7-4666-90CC-0E35B2844ED8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E9FE1EDA-56F2-4CA4-AFC3-0F1A983E3E93} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215piUpdateInfo.job => C:\ProgramData\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => D:\tools\REG Glary\initialize.exe

==================== Loaded Modules (Whitelisted) ==============

2013-02-20 13:04 - 1998-02-05 20:16 - 00018432 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\jDocPrc.dll
2015-05-14 14:13 - 2014-05-13 12:04 - 00109400 _____ () D:\vscan\Spybot - Search & Destroy\snlThirdParty150.bpl
2015-05-14 14:13 - 2014-05-13 12:04 - 00416600 _____ () D:\vscan\Spybot - Search & Destroy\DEC150.bpl
2015-05-14 14:13 - 2014-05-13 12:04 - 00167768 _____ () D:\vscan\Spybot - Search & Destroy\snlFileFormats150.bpl
2015-05-14 14:13 - 2012-08-23 10:38 - 00574840 _____ () D:\vscan\Spybot - Search & Destroy\sqlite3.dll
2015-05-14 14:13 - 2012-04-03 17:06 - 00565640 _____ () D:\vscan\Spybot - Search & Destroy\av\BDSmartDB.dll
2014-06-18 07:54 - 2010-07-04 23:32 - 00010752 _____ () D:\tools\Unlocker\UnlockerCOM.dll
2014-06-18 07:43 - 2012-08-03 08:01 - 00123536 _____ () D:\PROGRAM\wincmd TOTAL\wcmzip32.dll
2014-06-18 07:43 - 2012-08-03 08:01 - 00176128 _____ () D:\PROGRAM\wincmd TOTAL\UNRAR.DLL

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\windowsupdate.com -> windowsupdate.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12685 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 213.33.99.70 - 80.120.17.70

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\startupreg: EaseUS EPM tray => D:\tools\HDD Partition EASUS\bin\EpmNews.exe
MSCONFIG\startupreg: SDTray => "D:\vscan\Spybot - Search & Destroy\SDTray.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{EEE5FE62-739C-4051-9574-B98975824551}Z:\stausau\stausau.exe] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [UDP Query User{AC5A39C0-D333-4C0D-B915-F63288C77065}Z:\stausau\stausau.exe] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [{EDFF3B3D-3D91-48F1-AA9E-FBA042A57714}] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [{8CB7DA3E-5ADA-4AE6-A9C8-8D7C1D838C14}] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [TCP Query User{16FCFCDC-AB20-4594-8674-C89ABAA7B12B}C:5\stausau\stausau.exe] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [UDP Query User{64F1CFBB-FC0C-4C60-86F8-3456AB4E247D}C:5\stausau\stausau.exe] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{03AAAA8F-0E88-43E6-8161-1D9576F3B4EC}] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{2681CA6F-7BA7-4239-9EEA-6EA139620088}] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{E036EFC6-8BF4-4784-A1D5-62E87BC1C2A1}] => (Allow) LPort=51001
FirewallRules: [{9EC1E511-888E-4C96-825B-6583DF2E3343}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{57D043C2-01C4-4102-84A9-09C534E79DA5}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{F168206D-CDCC-4A28-9C52-6E3005AE1E2E}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{7D29F709-045B-4BF3-963B-FB3B29007721}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{EE88DF99-8558-47E1-87F3-4889DE69721B}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [{E22176C1-B5AF-491A-B316-626EF85B3240}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [TCP Query User{A5DA919E-670C-4C2B-8A51-E08C7AF4AEB0}C:4\stausau\stausau.exe] => (Allow) C:4\stausau\stausau.exe
FirewallRules: [UDP Query User{F275DC67-8555-47B3-B150-9D416CCB3831}C:4\stausau\stausau.exe] => (Allow) C:4\stausau\stausau.exe
FirewallRules: [{596C8ADB-C3BB-4804-B4D6-FAD98AE74E95}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{243AFF66-87B2-4586-8ED3-2A2A929D5D9F}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{0DAEE702-C881-4DB7-9A0F-BB87D368A8D3}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{C544B031-9DE8-4714-9537-396698B9974D}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{A44BBFFB-38EF-4323-ACB3-9FF61E030291}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{535A7A2A-D4D2-457A-B8AA-EF38620950E4}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{4AF7D4A8-29A1-48AD-AE91-342C604C5652}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{E41CE52E-5AC2-4356-8DD3-AB2475372040}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{E68867D3-562F-409F-827C-760A9F027470}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [{2ACAB2F9-0B51-4E9C-9BB1-24E36E94B633}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [TCP Query User{24EAF5F5-4155-4EA8-99BE-AAFB9CEB0E88}D:\program\vlc\vlc.exe] => (Allow) D:\program\vlc\vlc.exe
FirewallRules: [UDP Query User{A563107B-2437-409A-8F8E-CEAD40363473}D:\program\vlc\vlc.exe] => (Allow) D:\program\vlc\vlc.exe
FirewallRules: [TCP Query User{465DFC31-927C-49EC-834F-7CCAB035478F}C:2\stausau\stausau.exe] => (Allow) C:2\stausau\stausau.exe
FirewallRules: [UDP Query User{B8EF9947-322D-4DDD-BD08-4D027FC5C5BC}C:2\stausau\stausau.exe] => (Allow) C:2\stausau\stausau.exe
FirewallRules: [TCP Query User{1069438B-8837-490B-9DBD-E45AA096BADD}D:\program\wincmd total\totalcmd.exe] => (Allow) D:\program\wincmd total\totalcmd.exe
FirewallRules: [UDP Query User{CF358071-938C-4009-B701-A9DD5407D815}D:\program\wincmd total\totalcmd.exe] => (Allow) D:\program\wincmd total\totalcmd.exe
FirewallRules: [TCP Query User{783C08C3-58CB-47E3-B1D1-289BC0AA9D38}C:0\stausau\stausau.exe] => (Allow) C:0\stausau\stausau.exe
FirewallRules: [UDP Query User{C2D7DE1A-B390-417E-A47A-C5CEB2D5A1FF}C:0\stausau\stausau.exe] => (Allow) C:0\stausau\stausau.exe
FirewallRules: [{7B68A0F7-C27E-4544-BDB8-DDE54F023B15}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{9D867F3B-BB7E-438A-AD2D-BE9F65C61203}Z:\stausau\doppl\stausau.exe] => (Allow) Z:\stausau\doppl\stausau.exe
FirewallRules: [UDP Query User{D2A6E986-244D-414F-B940-DC9E758DE105}Z:\stausau\doppl\stausau.exe] => (Allow) Z:\stausau\doppl\stausau.exe
FirewallRules: [{D5AEBD1D-33CA-441A-A770-6701FDE6978E}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{2432250D-9297-41B8-9EA1-2683E60490C7}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{A6DFE1CF-D09C-4180-B81A-9BDD6032964F}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{8D594778-9337-47CE-9393-B858452A6DB0}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{35BB9939-281B-4226-98F0-F699F3341190}] => (Allow) D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{25EC2B1F-30BC-492E-B213-7314A35623B5}] => (Allow) D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4FDF767B-2235-4CF7-896F-F81D7FABF919}] => (Allow) D:\PROGRAM\Starmoney 9\app\StarMoney.exe
FirewallRules: [{4FB2E3A6-31E5-4E78-8AEE-1F1999766B79}] => (Allow) D:\PROGRAM\Starmoney 9\app\StarMoney.exe
FirewallRules: [{B8F86095-890C-4800-9FC2-A7D003DEACC9}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{CC240133-CAEA-4A3B-9988-5EDB3595BE21}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{E8CEFFA2-0C9D-43C7-998E-8D389F67CC7D}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{05B845B7-27AA-4D03-B9BC-681AFF6281F9}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{948C67DC-6769-44F8-93BE-27099544F310}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{C658F4EF-1D57-4CC2-AD28-22C7A64B0EB8}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{A8AE38A8-5479-48EF-B048-E6CCF6AF613B}] => (Allow) D:\system\DVB-T Terratec\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{FED31304-BB9E-4375-B357-A6C9D62AD053}] => (Allow) D:\system\DVB-T Terratec\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{3EDE1FDD-96D9-475F-8EBE-B535A3C1EC93}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{A1E953F6-A9C2-454F-90BE-01AD6FF9D30D}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [TCP Query User{8DCCEEF1-7073-4C7F-A5D1-C337EB222C46}D:\program\pdf libre office\program\soffice.bin] => (Allow) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [UDP Query User{DB298202-7346-45D9-8F56-328CFBE2715A}D:\program\pdf libre office\program\soffice.bin] => (Allow) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [TCP Query User{47450C1D-2C9D-4CC7-9020-3B3E20C07BAE}D:\www\schleier\vidalia bundle mit tor\tor\tor.exe] => (Allow) D:\www\schleier\vidalia bundle mit tor\tor\tor.exe
FirewallRules: [UDP Query User{F484BF2A-74B7-470D-BF09-E909AD3DA611}D:\www\schleier\vidalia bundle mit tor\tor\tor.exe] => (Allow) D:\www\schleier\vidalia bundle mit tor\tor\tor.exe
FirewallRules: [TCP Query User{CF7D2F4B-ECA9-4FB5-BB32-A55EA325A135}D:\system\voip phoner light\phonerlite.exe] => (Allow) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [UDP Query User{CE0CFC6D-DEB4-4E3F-B359-7B95F8628FDC}D:\system\voip phoner light\phonerlite.exe] => (Allow) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [{2347E8A6-CDC6-4A73-A5BA-6A11C52FAC4A}] => (Block) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [{D0567FAD-B88E-4E76-873E-2B1F2B16FB68}] => (Block) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [TCP Query User{13C5BB12-B93D-4391-90D6-9F5FE16E288F}C:6\stausau\stausau.exe] => (Block) C:6\stausau\stausau.exe
FirewallRules: [UDP Query User{12DB9945-1D94-4979-89FB-5FDD53157822}C:6\stausau\stausau.exe] => (Block) C:6\stausau\stausau.exe
FirewallRules: [TCP Query User{F139670F-4685-4B51-894D-E5CBD4A45EA2}D:\program\pdf libre office\program\soffice.bin] => (Block) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [UDP Query User{5596FAE2-D805-4934-8E58-781A41C16D42}D:\program\pdf libre office\program\soffice.bin] => (Block) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [{9C93CACF-8262-4F15-8A0F-B5BC5B2A7D3C}] => (Allow) D:\www\firefox\firefox.exe
FirewallRules: [{70AB2EDB-BEEF-4A15-A288-467404B9F228}] => (Allow) D:\www\firefox\firefox.exe
FirewallRules: [TCP Query User{DB4BE0B1-0D8C-4CDC-8686-64F8A537F98D}D:\www\firefox\firefox.exe] => (Block) D:\www\firefox\firefox.exe
FirewallRules: [UDP Query User{7A69564C-A873-45CD-8DA9-BEA315B88EDC}D:\www\firefox\firefox.exe] => (Block) D:\www\firefox\firefox.exe
FirewallRules: [{E3A163E3-96B0-4748-B483-873E6D3EE7AA}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{39A46D41-154F-4B96-B1FA-0CA92F687077}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{68B89C0B-1EA7-4366-957F-930BD80AD5E1}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{E244EB9B-05EA-4BB1-8686-AE02BACB844C}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{80F12F8F-9F38-40FB-840F-958090710B51}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
StandardProfile\AuthorizedApplications: [D:\vscan\Spybot - Search & Destroy\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [D:\vscan\Spybot - Search & Destroy\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\vscan\Spybot - Search & Destroy\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\vscan\Spybot - Search & Destroy\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 05:57:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f8bb298a-292b-451f-93db-822daef74801}

Error: (06/23/2015 05:46:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d89667a-9bd4-431c-a16f-a79438964122}

Error: (06/21/2015 08:47:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b827255e-1160-4208-b124-6c82054f15ae}

Error: (06/18/2015 01:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0x5f4
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 06:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 06:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0xf08
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 00:00:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/17/2015 11:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/17/2015 11:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2015 06:23:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/23/2015 06:08:44 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: WMPNetworkSvc

Error: (06/23/2015 06:06:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/23/2015 06:06:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (06/23/2015 06:06:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/23/2015 06:06:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/23/2015 06:06:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/23/2015 06:06:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/23/2015 05:59:16 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: WMPNetworkSvc

Error: (06/23/2015 05:57:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
aswRdr
aswSnx

Error: (06/23/2015 05:57:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office:
=========================
Error: (06/23/2015 05:57:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f8bb298a-292b-451f-93db-822daef74801}

Error: (06/23/2015 05:46:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d89667a-9bd4-431c-a16f-a79438964122}

Error: (06/21/2015 08:47:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b827255e-1160-4208-b124-6c82054f15ae}

Error: (06/18/2015 01:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b95f401d0a9bb992b7ae5D:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dlld82fb7aa-15ae-11e5-9cfc-60eb69953d0f

Error: (06/17/2015 06:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b9136c01d0a91732e1a8d8D:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dll70e7130e-150a-11e5-8183-60eb69953d0f

Error: (06/17/2015 06:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b9f0801d0a9172d9e895eD:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dll6c18d72a-150a-11e5-8183-60eb69953d0f

Error: (06/17/2015 00:00:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\system\SONY XPERIA\Flashtool 9_10\FlashTool64.exe

Error: (06/17/2015 11:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\PROGRAM\wincmd total\TCUNIN64.EXE

Error: (06/17/2015 11:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\PROGRAM\Stammbaum für gramps  graphviz-2.34 per MSI\bin\mingle.exe

Error: (06/14/2015 06:23:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\system\SONY XPERIA\Flashtool 9_10\FlashTool64.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-21 20:56:40.170
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-21 20:52:50.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:21:34.569
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-12 11:24:21.690
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 30%
Total physical RAM: 3004.5 MB
Available physical RAM: 2078.3 MB
Total Pagefile: 6007.3 MB
Available Pagefile: 4602.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.03 MB

==================== Drives ================================

Drive c: (C-PLATTE) (Fixed) (Total:42.98 GB) (Free:5.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (D-Platte) (Fixed) (Total:43.96 GB) (Free:9.75 GB) NTFS
Drive e: (E-Platte) (Fixed) (Total:87.88 GB) (Free:50.63 GB) NTFS
Drive f: (F-Platte) (Fixed) (Total:62.7 GB) (Free:39.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3DA700CC)
Partition 1: (Active) - (Size=43 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.7 GB) - (Type=OF Extended)

==================== End of log ============================
         
--- --- ---
__________________

Alt 24.06.2015, 08:56   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.06.2015, 14:10   #5
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Hello, Mr. Schrauber,

vielen Dank für die Mail.

MBAR sagt:
Scan finished; No malware found.
Congratulations, no Cleanup is required.

TDSSKILLER findet nur den Staurtup-Delayer / Launcher.
(Ein Programmchen, das es mir erlaubt, Reihenfolge und Zeitpunkt der Auto-Starts zu regulieren.)

Ich füge die Log-Files unten bei.

Schöne Grüße
Rabanus
------------------------------------------------------------

MBAR:
Code:
ATTFilter
=======================================
Initializing...
------------ Kernel report ------------
     06/24/2015 13:28:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\ambakdrv.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\epp32.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\ammntdrv.sys
\??\C:\Windows\system32\amwrtdrv.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.06.24.01
  rootkit: v2015.06.22.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86d345f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d34230, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d345f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86bdc030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3DA700CC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 353426  Numsec = 90140719
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 90895768  Numsec = 92180972

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 183687216  Numsec = 316110999

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C83E02CD9C42FEE9958EFA8DDDF69880813E0D0.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C83E02CD9C42FEE9958EFA8DDDF69880813E0D0.bin.VF" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-353426-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
         
TDSSKILLER:
Code:
ATTFilter
13:54:16.0324 0x0e9c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:54:27.0050 0x0e9c  ============================================================
13:54:27.0050 0x0e9c  Current date / time: 2015/06/24 13:54:27.0050
13:54:27.0050 0x0e9c  SystemInfo:
13:54:27.0050 0x0e9c  
13:54:27.0050 0x0e9c  OS Version: 6.1.7601 ServicePack: 1.0
13:54:27.0050 0x0e9c  Product type: Workstation
13:54:27.0051 0x0e9c  ComputerName: HASI
13:54:27.0051 0x0e9c  UserName: HEY
13:54:27.0051 0x0e9c  Windows directory: C:\Windows
13:54:27.0051 0x0e9c  System windows directory: C:\Windows
13:54:27.0051 0x0e9c  Processor architecture: Intel x86
13:54:27.0052 0x0e9c  Number of processors: 8
13:54:27.0052 0x0e9c  Page size: 0x1000
13:54:27.0052 0x0e9c  Boot type: Normal boot
13:54:27.0052 0x0e9c  ============================================================
13:54:27.0386 0x0e9c  KLMD registered as C:\Windows\system32\drivers\64809472.sys
13:54:27.0436 0x0e9c  System UUID: {817C2693-7B89-75B9-7498-F7C0380340BB}
13:54:27.0769 0x0e9c  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:54:27.0772 0x0e9c  ============================================================
13:54:27.0772 0x0e9c  \Device\Harddisk0\DR0:
13:54:27.0773 0x0e9c  MBR partitions:
13:54:27.0773 0x0e9c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x56492, BlocksNum 0x55F702F
13:54:27.0773 0x0e9c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x56AF598, BlocksNum 0x57E91EC
13:54:27.0773 0x0e9c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAF2D870, BlocksNum 0xAFC288A
13:54:27.0774 0x0e9c  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x15F3E850, BlocksNum 0x7D66877
13:54:27.0774 0x0e9c  ============================================================
13:54:27.0779 0x0e9c  E: <-> \Device\Harddisk0\DR0\Partition3
13:54:27.0792 0x0e9c  F: <-> \Device\Harddisk0\DR0\Partition4
13:54:27.0794 0x0e9c  D: <-> \Device\Harddisk0\DR0\Partition2
13:54:27.0797 0x0e9c  C: <-> \Device\Harddisk0\DR0\Partition1
13:54:27.0797 0x0e9c  ============================================================
13:54:27.0797 0x0e9c  Initialize success
13:54:27.0797 0x0e9c  ============================================================
13:56:33.0564 0x054c  ============================================================
13:56:33.0564 0x054c  Scan started
13:56:33.0564 0x054c  Mode: Manual; SigCheck; TDLFS; 
13:56:33.0564 0x054c  ============================================================
13:56:33.0564 0x054c  KSN ping started
13:56:36.0325 0x054c  KSN ping finished: true
13:56:36.0622 0x054c  ================ Scan system memory ========================
13:56:36.0622 0x054c  System memory - ok
13:56:36.0622 0x054c  ================ Scan services =============================
13:56:36.0684 0x054c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:56:36.0918 0x054c  1394ohci - ok
13:56:37.0043 0x054c  [ BBFD6BC7E79989B69F0998D0FEF4E6B8, 2283EC51F26AE34C79679741A220F0FF45703EB5F83823DF64F7AEA24A1966BA ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
13:56:37.0214 0x054c  a2AntiMalware - ok
13:56:37.0246 0x054c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:56:37.0277 0x054c  ACPI - ok
13:56:37.0277 0x054c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:56:37.0292 0x054c  AcpiPmi - ok
13:56:37.0308 0x054c  [ 7C58046ACEAF10525077BD586A740E9F, E26D446EDB158A9EDA7FC7E1DA650FA8896748B7DEB9FDBF5BD4352ACF01B721 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:56:37.0339 0x054c  AdobeFlashPlayerUpdateSvc - ok
13:56:37.0355 0x054c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:56:37.0386 0x054c  adp94xx - ok
13:56:37.0402 0x054c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:56:37.0433 0x054c  adpahci - ok
13:56:37.0448 0x054c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:56:37.0480 0x054c  adpu320 - ok
13:56:37.0495 0x054c  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:56:37.0511 0x054c  AeLookupSvc - ok
13:56:37.0526 0x054c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
13:56:37.0573 0x054c  AFD - ok
13:56:37.0573 0x054c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:56:37.0604 0x054c  agp440 - ok
13:56:37.0604 0x054c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:56:37.0620 0x054c  aic78xx - ok
13:56:37.0636 0x054c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
13:56:37.0651 0x054c  ALG - ok
13:56:37.0667 0x054c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:56:37.0682 0x054c  aliide - ok
13:56:37.0682 0x054c  [ DEB88D6B0D7CE5FB78FC4AB88E6B0C43, 914565B70FB330E901F2CA1E5A4A685DFF50D81168CAB51839F12C8DC2834F0C ] ambakdrv        C:\Windows\system32\ambakdrv.sys
13:56:37.0698 0x054c  ambakdrv - detected UnsignedFile.Multi.Generic ( 1 )
13:56:40.0646 0x054c  Detect skipped due to KSN trusted
13:56:40.0646 0x054c  ambakdrv - ok
13:56:40.0678 0x054c  [ 87F8E98FCD859D2F0C291DCF9F1A5543, 3EF4FC8740350DA14A9EDC8B7C6FEC3A272A0ED0350FD98D0A9AD999B8ADE628 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:56:40.0709 0x054c  AMD External Events Utility - ok
13:56:40.0709 0x054c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:56:40.0740 0x054c  amdagp - ok
13:56:40.0740 0x054c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:56:40.0756 0x054c  amdide - ok
13:56:40.0771 0x054c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:56:40.0787 0x054c  AmdK8 - ok
13:56:41.0005 0x054c  [ 6617FED21C91E821E3D00484741B302F, 8DE42A3A7A2D91ABF60F027F1D14AE56F459FE12CEB8C2DD5CF1F977868C077D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:56:41.0270 0x054c  amdkmdag - ok
13:56:41.0286 0x054c  [ 0CD80C1ABE5507B4ADBFC8338E3698E0, DD94A78ABF840B8F13598FA6DB1032ED4E67B13586CD8400947E513A0A108773 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:56:41.0317 0x054c  amdkmdap - ok
13:56:41.0317 0x054c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:56:41.0348 0x054c  AmdPPM - ok
13:56:41.0348 0x054c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:56:41.0380 0x054c  amdsata - ok
13:56:41.0380 0x054c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:56:41.0411 0x054c  amdsbs - ok
13:56:41.0411 0x054c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:56:41.0426 0x054c  amdxata - ok
13:56:41.0442 0x054c  [ 9059308FD5FE4317B6C489CA570567CB, 501E313DC3916D0782725834B75E32C65B2F6876FCFEC4AC41D4F8BBDBCBD3AD ] ammntdrv        C:\Windows\system32\ammntdrv.sys
13:56:41.0442 0x054c  ammntdrv - detected UnsignedFile.Multi.Generic ( 1 )
13:56:44.0390 0x054c  Detect skipped due to KSN trusted
13:56:44.0390 0x054c  ammntdrv - ok
13:56:44.0406 0x054c  [ 9D6956A382EE791013B3FE4B7206D8C7, 70A08FDCBD19D8B2B386133BA518BA80C2769EB638E0CC77060F11CDECF3F7E4 ] amwrtdrv        C:\Windows\system32\amwrtdrv.sys
13:56:44.0422 0x054c  amwrtdrv - detected UnsignedFile.Multi.Generic ( 1 )
13:56:47.0370 0x054c  Detect skipped due to KSN trusted
13:56:47.0370 0x054c  amwrtdrv - ok
13:56:47.0432 0x054c  [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService D:\vscan\antivir avira\Avira\AntiVir Desktop\avmailc7.exe
13:56:47.0479 0x054c  AntiVirMailService - ok
13:56:47.0495 0x054c  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe
13:56:47.0510 0x054c  AntiVirSchedulerService - ok
13:56:47.0526 0x054c  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService  D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe
13:56:47.0557 0x054c  AntiVirService - ok
13:56:47.0604 0x054c  [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService D:\vscan\antivir avira\Avira\AntiVir Desktop\avwebg7.exe
13:56:47.0651 0x054c  AntiVirWebService - ok
13:56:47.0651 0x054c  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
13:56:47.0682 0x054c  AppID - ok
13:56:47.0682 0x054c  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:56:47.0713 0x054c  AppIDSvc - ok
13:56:47.0729 0x054c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
13:56:47.0760 0x054c  Appinfo - ok
13:56:47.0760 0x054c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:56:47.0791 0x054c  AppMgmt - ok
13:56:47.0791 0x054c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
13:56:47.0822 0x054c  arc - ok
13:56:47.0822 0x054c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:56:47.0854 0x054c  arcsas - ok
13:56:47.0869 0x054c  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:56:47.0885 0x054c  aspnet_state - ok
13:56:47.0900 0x054c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:56:47.0932 0x054c  AsyncMac - ok
13:56:47.0932 0x054c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:56:47.0947 0x054c  atapi - ok
13:56:47.0963 0x054c  [ 434192D027A6A11E32E1C74C7C43E1ED, EA4A981B42EC16C2457D80218E94D7B339E05629A028ED5A011D8C7C1039BFD2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
13:56:47.0978 0x054c  AtiHDAudioService - ok
13:56:47.0994 0x054c  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:56:48.0025 0x054c  AudioEndpointBuilder - ok
13:56:48.0041 0x054c  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:56:48.0072 0x054c  Audiosrv - ok
13:56:48.0088 0x054c  AvastVBoxSvc - ok
13:56:48.0088 0x054c  [ 18FB1022DAFC9036ADA9ECF432FAFD06, AFA23C96BDAE15DF4AB32F4CCA04A9D5C5C242E704DC12237CBF57757EBC35AE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:56:48.0119 0x054c  avgntflt - ok
13:56:48.0119 0x054c  [ 062494C204553210FFC0FC33EA58EB36, 2A02003334D3F736907E743C5AB04604228E89DD918E060CCA346F8E739BEB16 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:56:48.0150 0x054c  avipbb - ok
13:56:48.0150 0x054c  [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:56:48.0166 0x054c  avkmgr - ok
13:56:48.0181 0x054c  [ 3303FB85532093FC6723632B5947E8C4, F8301069A8EAD7303CAE5B7CAE3F119747E7B7B4402178018EB5254087238A42 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
13:56:48.0197 0x054c  avnetflt - ok
13:56:48.0212 0x054c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:56:48.0228 0x054c  AxInstSV - ok
13:56:48.0244 0x054c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
13:56:48.0275 0x054c  b06bdrv - ok
13:56:48.0290 0x054c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:56:48.0322 0x054c  b57nd60x - ok
13:56:48.0415 0x054c  [ 9E209171C51B1D750F53777253B80E81, 8DC30F96A4334EFDA5A4567D4AC2AF7ACD686D3C2967335B66AEC429398B1AB6 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
13:56:48.0540 0x054c  BCM43XX - ok
13:56:48.0556 0x054c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
13:56:48.0571 0x054c  BDESVC - ok
13:56:48.0587 0x054c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:56:48.0618 0x054c  Beep - ok
13:56:48.0634 0x054c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
13:56:48.0665 0x054c  BFE - ok
13:56:48.0680 0x054c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
13:56:48.0727 0x054c  BITS - ok
13:56:48.0743 0x054c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:56:48.0758 0x054c  blbdrive - ok
13:56:48.0774 0x054c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:56:48.0790 0x054c  bowser - ok
13:56:48.0805 0x054c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:56:48.0821 0x054c  BrFiltLo - ok
13:56:48.0836 0x054c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:56:48.0852 0x054c  BrFiltUp - ok
13:56:48.0868 0x054c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
13:56:48.0883 0x054c  Browser - ok
13:56:48.0899 0x054c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:56:48.0930 0x054c  Brserid - ok
13:56:48.0946 0x054c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:56:48.0961 0x054c  BrSerWdm - ok
13:56:48.0977 0x054c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:56:48.0992 0x054c  BrUsbMdm - ok
13:56:49.0008 0x054c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:56:49.0024 0x054c  BrUsbSer - ok
13:56:49.0039 0x054c  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
13:56:49.0055 0x054c  BthEnum - ok
13:56:49.0070 0x054c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:56:49.0086 0x054c  BTHMODEM - ok
13:56:49.0102 0x054c  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:56:49.0133 0x054c  BthPan - ok
13:56:49.0148 0x054c  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:56:49.0180 0x054c  BTHPORT - ok
13:56:49.0195 0x054c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
13:56:49.0226 0x054c  bthserv - ok
13:56:49.0242 0x054c  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:56:49.0273 0x054c  BTHUSB - ok
13:56:49.0289 0x054c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:56:49.0320 0x054c  cdfs - ok
13:56:49.0336 0x054c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:56:49.0367 0x054c  cdrom - ok
13:56:49.0382 0x054c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:56:49.0429 0x054c  CertPropSvc - ok
13:56:49.0429 0x054c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:56:49.0476 0x054c  circlass - ok
13:56:49.0476 0x054c  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
13:56:49.0523 0x054c  CLFS - ok
13:56:49.0538 0x054c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:56:49.0554 0x054c  clr_optimization_v2.0.50727_32 - ok
13:56:49.0570 0x054c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:56:49.0601 0x054c  clr_optimization_v4.0.30319_32 - ok
13:56:49.0601 0x054c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:56:49.0632 0x054c  CmBatt - ok
13:56:49.0632 0x054c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:56:49.0663 0x054c  cmdide - ok
13:56:49.0679 0x054c  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
13:56:49.0726 0x054c  CNG - ok
13:56:49.0741 0x054c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:56:49.0757 0x054c  Compbatt - ok
13:56:49.0772 0x054c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:56:49.0788 0x054c  CompositeBus - ok
13:56:49.0804 0x054c  COMSysApp - ok
13:56:49.0804 0x054c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:56:49.0835 0x054c  crcdisk - ok
13:56:49.0850 0x054c  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:56:49.0882 0x054c  CryptSvc - ok
13:56:49.0897 0x054c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
13:56:49.0944 0x054c  CSC - ok
13:56:49.0960 0x054c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
13:56:49.0991 0x054c  CscService - ok
13:56:50.0022 0x054c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:56:50.0069 0x054c  DcomLaunch - ok
13:56:50.0069 0x054c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
13:56:50.0116 0x054c  defragsvc - ok
13:56:50.0131 0x054c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:56:50.0162 0x054c  DfsC - ok
13:56:50.0178 0x054c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:56:50.0209 0x054c  Dhcp - ok
13:56:50.0240 0x054c  [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack       C:\Windows\system32\diagtrack.dll
13:56:50.0287 0x054c  DiagTrack - ok
13:56:50.0303 0x054c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
13:56:50.0334 0x054c  discache - ok
13:56:50.0334 0x054c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
13:56:50.0365 0x054c  Disk - ok
13:56:50.0365 0x054c  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:56:50.0396 0x054c  dmvsc - ok
13:56:50.0396 0x054c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:56:50.0428 0x054c  Dnscache - ok
13:56:50.0428 0x054c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:56:50.0474 0x054c  dot3svc - ok
13:56:50.0490 0x054c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
13:56:50.0521 0x054c  DPS - ok
13:56:50.0537 0x054c  [ 5F6B9858815DA69146A0249D4E83C8FD, B23448542CC5AC8163F5E058A93C60FF08A181501381C0CD79405EBD4C59407B ] DragonSvc       C:\Program Files\Common Files\Nuance\dgnsvc.exe
13:56:50.0552 0x054c  DragonSvc - ok
13:56:50.0568 0x054c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:56:50.0584 0x054c  drmkaud - ok
13:56:50.0615 0x054c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:56:50.0646 0x054c  DXGKrnl - ok
13:56:50.0662 0x054c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
13:56:50.0693 0x054c  EapHost - ok
13:56:50.0771 0x054c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
13:56:50.0864 0x054c  ebdrv - ok
13:56:50.0880 0x054c  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] EFS             C:\Windows\System32\lsass.exe
13:56:50.0911 0x054c  EFS - ok
13:56:50.0927 0x054c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:56:50.0974 0x054c  ehRecvr - ok
13:56:50.0974 0x054c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
13:56:51.0005 0x054c  ehSched - ok
13:56:51.0020 0x054c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:56:51.0052 0x054c  elxstor - ok
13:56:51.0052 0x054c  [ 85319F7514100FCBA9A92ACA232BA2F9, 213B5DBF85C60F06681EA66BCC6CFF8A8A84302DC52A3D2DC0D41EEC667D9CC7 ] epp32           C:\Windows\system32\DRIVERS\epp32.sys
13:56:51.0083 0x054c  epp32 - ok
13:56:51.0083 0x054c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:56:51.0114 0x054c  ErrDev - ok
13:56:51.0130 0x054c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
13:56:51.0176 0x054c  EventSystem - ok
13:56:51.0192 0x054c  ewusbmbb - ok
13:56:51.0192 0x054c  ew_hwusbdev - ok
13:56:51.0208 0x054c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:56:51.0239 0x054c  exfat - ok
13:56:51.0254 0x054c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:56:51.0286 0x054c  fastfat - ok
13:56:51.0317 0x054c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
13:56:51.0348 0x054c  Fax - ok
13:56:51.0364 0x054c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
13:56:51.0379 0x054c  fdc - ok
13:56:51.0395 0x054c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
13:56:51.0426 0x054c  fdPHost - ok
13:56:51.0426 0x054c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:56:51.0457 0x054c  FDResPub - ok
13:56:51.0473 0x054c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:56:51.0488 0x054c  FileInfo - ok
13:56:51.0504 0x054c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:56:51.0535 0x054c  Filetrace - ok
13:56:51.0535 0x054c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:56:51.0566 0x054c  flpydisk - ok
13:56:51.0582 0x054c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:56:51.0598 0x054c  FltMgr - ok
13:56:51.0629 0x054c  [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache       C:\Windows\system32\FntCache.dll
13:56:51.0676 0x054c  FontCache - ok
13:56:51.0691 0x054c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:56:51.0707 0x054c  FontCache3.0.0.0 - ok
13:56:51.0722 0x054c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:56:51.0738 0x054c  FsDepends - ok
13:56:51.0738 0x054c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:56:51.0769 0x054c  Fs_Rec - ok
13:56:51.0769 0x054c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:56:51.0800 0x054c  fvevol - ok
13:56:51.0800 0x054c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:56:51.0832 0x054c  gagp30kx - ok
13:56:51.0832 0x054c  [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C, ACD6BBB639CAF092809927F84F5693B7BA11080684A4993029D713ACF67D4C79 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
13:56:51.0863 0x054c  ggflt - ok
13:56:51.0863 0x054c  [ 17E678AAB82CCDFB80E7614504933895, 43935C8C5C30DA415957B789DC9FA10721C240C603DC8733D9B791A2F58BE1BD ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
13:56:51.0894 0x054c  ggsemc - ok
13:56:51.0910 0x054c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:56:51.0956 0x054c  gpsvc - ok
13:56:51.0956 0x054c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:56:51.0988 0x054c  hcw85cir - ok
13:56:52.0003 0x054c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:56:52.0034 0x054c  HdAudAddService - ok
13:56:52.0034 0x054c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:56:52.0066 0x054c  HDAudBus - ok
13:56:52.0066 0x054c  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
13:56:52.0097 0x054c  HECI - ok
13:56:52.0112 0x054c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:56:52.0128 0x054c  HidBatt - ok
13:56:52.0144 0x054c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:56:52.0175 0x054c  HidBth - ok
13:56:52.0175 0x054c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:56:52.0206 0x054c  HidIr - ok
13:56:52.0206 0x054c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
13:56:52.0237 0x054c  hidserv - ok
13:56:52.0253 0x054c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:56:52.0284 0x054c  HidUsb - ok
13:56:52.0284 0x054c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:56:52.0315 0x054c  hkmsvc - ok
13:56:52.0331 0x054c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:56:52.0362 0x054c  HomeGroupListener - ok
13:56:52.0378 0x054c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:56:52.0409 0x054c  HomeGroupProvider - ok
13:56:52.0409 0x054c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:56:52.0424 0x054c  HpSAMD - ok
13:56:52.0627 0x054c  HPSLPSVC - ok
13:56:52.0721 0x054c  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:56:52.0768 0x054c  HTTP - ok
13:56:52.0783 0x054c  huawei_enumerator - ok
13:56:52.0783 0x054c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:56:52.0814 0x054c  hwpolicy - ok
13:56:52.0814 0x054c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:56:52.0846 0x054c  i8042prt - ok
13:56:52.0861 0x054c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:56:52.0877 0x054c  iaStorV - ok
13:56:52.0892 0x054c  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:56:52.0908 0x054c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:56:55.0856 0x054c  Detect skipped due to KSN trusted
13:56:55.0856 0x054c  IDriverT - ok
13:56:55.0888 0x054c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:56:55.0919 0x054c  idsvc - ok
13:56:55.0934 0x054c  IEEtwCollectorService - ok
13:56:55.0934 0x054c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:56:55.0966 0x054c  iirsp - ok
13:56:55.0997 0x054c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:56:56.0028 0x054c  IKEEXT - ok
13:56:56.0122 0x054c  [ DAA00AE67B4F8B083442BEAB684A387B, 8770DE3B80F8F192E333311A90BB0AD8E2CA0959B2CF363589C54E15F3D37569 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:56:56.0231 0x054c  IntcAzAudAddService - ok
13:56:56.0231 0x054c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:56:56.0262 0x054c  intelide - ok
13:56:56.0262 0x054c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:56:56.0293 0x054c  intelppm - ok
13:56:56.0309 0x054c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:56:56.0340 0x054c  IPBusEnum - ok
13:56:56.0340 0x054c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:56.0371 0x054c  IpFilterDriver - ok
13:56:56.0387 0x054c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:56:56.0434 0x054c  iphlpsvc - ok
13:56:56.0434 0x054c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:56:56.0465 0x054c  IPMIDRV - ok
13:56:56.0480 0x054c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:56:56.0512 0x054c  IPNAT - ok
13:56:56.0527 0x054c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:56:56.0543 0x054c  IRENUM - ok
13:56:56.0558 0x054c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:56:56.0574 0x054c  isapnp - ok
13:56:56.0590 0x054c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:56:56.0621 0x054c  iScsiPrt - ok
13:56:56.0621 0x054c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:56:56.0652 0x054c  kbdclass - ok
13:56:56.0652 0x054c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:56:56.0683 0x054c  kbdhid - ok
13:56:56.0699 0x054c  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] KeyIso          C:\Windows\system32\lsass.exe
13:56:56.0714 0x054c  KeyIso - ok
13:56:56.0730 0x054c  [ 3C9D9DFCF517103677D7B6255C727B48, F03252C1EF131AC4FEB83983B7BB3BAAACE0EEB0B1CFA06D0E04A156D527A0FD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:56:56.0746 0x054c  KSecDD - ok
13:56:56.0761 0x054c  [ 0DFC56491C8B56A35AD52EAF770752FE, C887D6A06DD691DB6E6DC73D2ED0072FE5430F46F85111338196CF342C5892D0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:56:56.0777 0x054c  KSecPkg - ok
13:56:56.0792 0x054c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:56:56.0839 0x054c  KtmRm - ok
13:56:56.0839 0x054c  [ 4566FD5F4416E7FEF3600E4B30D086C3, 8AF3E81D4BFE974D7419D1C7EFA7D2910AEA38A44C932A5EC83DAAAD995B7AB7 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
13:56:56.0870 0x054c  L1C - ok
13:56:56.0886 0x054c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:56:56.0917 0x054c  LanmanServer - ok
13:56:56.0933 0x054c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:56:56.0964 0x054c  LanmanWorkstation - ok
13:56:56.0980 0x054c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:56:57.0011 0x054c  lltdio - ok
13:56:57.0026 0x054c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:56:57.0058 0x054c  lltdsvc - ok
13:56:57.0073 0x054c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:56:57.0104 0x054c  lmhosts - ok
13:56:57.0120 0x054c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:56:57.0151 0x054c  LSI_FC - ok
13:56:57.0151 0x054c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:56:57.0182 0x054c  LSI_SAS - ok
13:56:57.0198 0x054c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:56:57.0214 0x054c  LSI_SAS2 - ok
13:56:57.0229 0x054c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:56:57.0245 0x054c  LSI_SCSI - ok
13:56:57.0260 0x054c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:56:57.0292 0x054c  luafv - ok
13:56:57.0307 0x054c  [ F88B3A1CA0CE7DA9879F633D3EC10B9B, 6D3849A34BB043BAC72E36B120B14827B577C6B462794C7A0E4BAD668FB4F3FC ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
13:56:57.0338 0x054c  mbamchameleon - ok
13:56:57.0338 0x054c  [ 3C21F7E95FFCA33EF1A83AA33D9663CF, C843116969E1CDBA45AEF98B33BEDBA9200C62CDB52CD7056CE6768A1EF3A637 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:56:57.0370 0x054c  MBAMProtector - ok
13:56:57.0401 0x054c  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     D:\vscan\MBAM\mbamservice.exe
13:56:57.0448 0x054c  MBAMService - ok
13:56:57.0448 0x054c  [ 167BCE00050B19DA25065335645A3C7A, 5CD3EA3E09B4ED318AB6151F56A17B0E4C8CE32DBB77342A39DEF53908F7D2F0 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:56:57.0479 0x054c  MBAMWebAccessControl - ok
13:56:57.0479 0x054c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:56:57.0526 0x054c  Mcx2Svc - ok
13:56:57.0526 0x054c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:56:57.0557 0x054c  megasas - ok
13:56:57.0572 0x054c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:56:57.0588 0x054c  MegaSR - ok
13:56:57.0619 0x054c  [ 19D2D9C507D0E7A577807303FE96501B, 0CFBAA935D50AA9939D23597D26A7D8FBAFA85A9267B7DB57E79CDDD8202509A ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
13:56:57.0650 0x054c  mfehidk - ok
13:56:57.0666 0x054c  [ 6EA4C5591F7EEE370EF4E93ECDD4EFAE, C5961DE45E62399A79412A14C06C1791653D4AD328458BC4CE8D86C298931456 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
13:56:57.0697 0x054c  mferkdet - ok
13:56:57.0697 0x054c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
13:56:57.0744 0x054c  MMCSS - ok
13:56:57.0760 0x054c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
13:56:57.0791 0x054c  Modem - ok
13:56:57.0806 0x054c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:56:57.0822 0x054c  monitor - ok
13:56:57.0838 0x054c  [ E66D10E798ADAF4E87D95576B93DB0D2, AC0FD777A74D180663339B198D0A5E117746E502F8F67D0FD0116D16C151CCA3 ] MOSUMAC         C:\Windows\system32\DRIVERS\MOSUMAC.SYS
13:56:57.0869 0x054c  MOSUMAC - ok
13:56:57.0869 0x054c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:56:57.0900 0x054c  mouclass - ok
13:56:57.0900 0x054c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:56:57.0931 0x054c  mouhid - ok
13:56:57.0947 0x054c  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:56:57.0978 0x054c  mountmgr - ok
13:56:57.0978 0x054c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:56:58.0025 0x054c  mpio - ok
13:56:58.0025 0x054c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:56:58.0056 0x054c  mpsdrv - ok
13:56:58.0087 0x054c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:56:58.0134 0x054c  MpsSvc - ok
13:56:58.0150 0x054c  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:56:58.0181 0x054c  MRxDAV - ok
13:56:58.0181 0x054c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:58.0212 0x054c  mrxsmb - ok
13:56:58.0228 0x054c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:58.0259 0x054c  mrxsmb10 - ok
13:56:58.0274 0x054c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:58.0306 0x054c  mrxsmb20 - ok
13:56:58.0306 0x054c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:56:58.0321 0x054c  msahci - ok
13:56:58.0337 0x054c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:56:58.0352 0x054c  msdsm - ok
13:56:58.0368 0x054c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
13:56:58.0399 0x054c  MSDTC - ok
13:56:58.0415 0x054c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:56:58.0462 0x054c  Msfs - ok
13:56:58.0462 0x054c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:56:58.0508 0x054c  mshidkmdf - ok
13:56:58.0508 0x054c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:56:58.0540 0x054c  msisadrv - ok
13:56:58.0555 0x054c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:56:58.0602 0x054c  MSiSCSI - ok
13:56:58.0602 0x054c  msiserver - ok
13:56:58.0618 0x054c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:56:58.0649 0x054c  MSKSSRV - ok
13:56:58.0664 0x054c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:58.0696 0x054c  MSPCLOCK - ok
13:56:58.0711 0x054c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:56:58.0742 0x054c  MSPQM - ok
13:56:58.0758 0x054c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:56:58.0789 0x054c  MsRPC - ok
13:56:58.0805 0x054c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:56:58.0820 0x054c  mssmbios - ok
13:56:58.0820 0x054c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:56:58.0852 0x054c  MSTEE - ok
13:56:58.0867 0x054c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:56:58.0883 0x054c  MTConfig - ok
13:56:58.0898 0x054c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:56:58.0914 0x054c  Mup - ok
13:56:58.0930 0x054c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
13:56:58.0976 0x054c  napagent - ok
13:56:58.0992 0x054c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:56:59.0023 0x054c  NativeWifiP - ok
13:56:59.0039 0x054c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:56:59.0086 0x054c  NDIS - ok
13:56:59.0101 0x054c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:59.0132 0x054c  NdisCap - ok
13:56:59.0148 0x054c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:59.0179 0x054c  NdisTapi - ok
13:56:59.0179 0x054c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:59.0210 0x054c  Ndisuio - ok
13:56:59.0226 0x054c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:59.0257 0x054c  NdisWan - ok
13:56:59.0273 0x054c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:56:59.0304 0x054c  NDProxy - ok
13:56:59.0320 0x054c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:56:59.0351 0x054c  NetBIOS - ok
13:56:59.0366 0x054c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:56:59.0413 0x054c  NetBT - ok
13:56:59.0413 0x054c  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] Netlogon        C:\Windows\system32\lsass.exe
13:56:59.0444 0x054c  Netlogon - ok
13:56:59.0460 0x054c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
13:56:59.0491 0x054c  Netman - ok
13:56:59.0507 0x054c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:59.0538 0x054c  NetMsmqActivator - ok
13:56:59.0554 0x054c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:59.0569 0x054c  NetPipeActivator - ok
13:56:59.0585 0x054c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
13:56:59.0632 0x054c  netprofm - ok
13:56:59.0647 0x054c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:59.0663 0x054c  NetTcpActivator - ok
13:56:59.0678 0x054c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:56:59.0694 0x054c  NetTcpPortSharing - ok
13:56:59.0710 0x054c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:56:59.0725 0x054c  nfrd960 - ok
13:56:59.0741 0x054c  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:56:59.0756 0x054c  NlaSvc - ok
13:56:59.0772 0x054c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:56:59.0803 0x054c  Npfs - ok
13:56:59.0819 0x054c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
13:56:59.0850 0x054c  nsi - ok
13:56:59.0866 0x054c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:56:59.0897 0x054c  nsiproxy - ok
13:56:59.0944 0x054c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:56:59.0990 0x054c  Ntfs - ok
13:57:00.0006 0x054c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
13:57:00.0037 0x054c  Null - ok
13:57:00.0037 0x054c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:57:00.0068 0x054c  nvraid - ok
13:57:00.0068 0x054c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:57:00.0100 0x054c  nvstor - ok
13:57:00.0115 0x054c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:57:00.0131 0x054c  nv_agp - ok
13:57:00.0146 0x054c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:57:00.0162 0x054c  ohci1394 - ok
13:57:00.0178 0x054c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:57:00.0209 0x054c  p2pimsvc - ok
13:57:00.0224 0x054c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:57:00.0256 0x054c  p2psvc - ok
13:57:00.0271 0x054c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
13:57:00.0287 0x054c  Parport - ok
13:57:00.0302 0x054c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:57:00.0318 0x054c  partmgr - ok
13:57:00.0334 0x054c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:57:00.0349 0x054c  Parvdm - ok
13:57:00.0365 0x054c  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:57:00.0396 0x054c  PcaSvc - ok
13:57:00.0412 0x054c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
13:57:00.0427 0x054c  pci - ok
13:57:00.0443 0x054c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:57:00.0458 0x054c  pciide - ok
13:57:00.0474 0x054c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:57:00.0505 0x054c  pcmcia - ok
13:57:00.0505 0x054c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:57:00.0536 0x054c  pcw - ok
13:57:00.0552 0x054c  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:57:00.0599 0x054c  PEAUTH - ok
13:57:00.0630 0x054c  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:57:00.0677 0x054c  PeerDistSvc - ok
13:57:00.0739 0x054c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
13:57:00.0817 0x054c  pla - ok
13:57:00.0848 0x054c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:57:00.0880 0x054c  PlugPlay - ok
13:57:00.0895 0x054c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:57:00.0911 0x054c  PNRPAutoReg - ok
13:57:00.0926 0x054c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:57:00.0958 0x054c  PNRPsvc - ok
13:57:00.0973 0x054c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:57:01.0020 0x054c  PolicyAgent - ok
13:57:01.0036 0x054c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
13:57:01.0067 0x054c  Power - ok
13:57:01.0082 0x054c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:57:01.0129 0x054c  PptpMiniport - ok
13:57:01.0129 0x054c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
13:57:01.0160 0x054c  Processor - ok
13:57:01.0192 0x054c  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:57:01.0223 0x054c  ProfSvc - ok
13:57:01.0223 0x054c  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:57:01.0254 0x054c  ProtectedStorage - ok
13:57:01.0254 0x054c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:57:01.0301 0x054c  Psched - ok
13:57:01.0301 0x054c  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
13:57:01.0332 0x054c  PSI - ok
13:57:01.0332 0x054c  [ 3A6489DCB6F28970B6BBD9687777FA00, 23F8C7B8A4B95925AA53D7F0AA4C349EA38CBEDF31AC9EAC17189CBBEAEF7B5C ] pwdrvio         C:\Windows\system32\pwdrvio.sys
13:57:01.0363 0x054c  pwdrvio - ok
13:57:01.0379 0x054c  [ 9D00D015159B6ADF0980BAEEB5DCC5E4, C944564FD992084E86DD581B73E8DFDA54DBDA8A4396F6675BDA771ED50AF6C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
13:57:01.0394 0x054c  pwdspio - ok
13:57:01.0441 0x054c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:57:01.0488 0x054c  ql2300 - ok
13:57:01.0504 0x054c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:57:01.0535 0x054c  ql40xx - ok
13:57:01.0535 0x054c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
13:57:01.0582 0x054c  QWAVE - ok
13:57:01.0582 0x054c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:57:01.0613 0x054c  QWAVEdrv - ok
13:57:01.0628 0x054c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:57:01.0660 0x054c  RasAcd - ok
13:57:01.0675 0x054c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:01.0706 0x054c  RasAgileVpn - ok
13:57:01.0722 0x054c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
13:57:01.0753 0x054c  RasAuto - ok
13:57:01.0769 0x054c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:01.0816 0x054c  Rasl2tp - ok
13:57:01.0831 0x054c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
13:57:01.0862 0x054c  RasMan - ok
13:57:01.0878 0x054c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:01.0925 0x054c  RasPppoe - ok
13:57:01.0940 0x054c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:57:01.0987 0x054c  RasSstp - ok
13:57:02.0003 0x054c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:57:02.0050 0x054c  rdbss - ok
13:57:02.0065 0x054c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:02.0096 0x054c  rdpbus - ok
13:57:02.0096 0x054c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:02.0143 0x054c  RDPCDD - ok
13:57:02.0159 0x054c  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:57:02.0174 0x054c  RDPDR - ok
13:57:02.0190 0x054c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:57:02.0221 0x054c  RDPENCDD - ok
13:57:02.0237 0x054c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:57:02.0268 0x054c  RDPREFMP - ok
13:57:02.0284 0x054c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:57:02.0299 0x054c  RdpVideoMiniport - ok
13:57:02.0315 0x054c  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:57:02.0346 0x054c  RDPWD - ok
13:57:02.0362 0x054c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:57:02.0393 0x054c  rdyboost - ok
13:57:02.0408 0x054c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:57:02.0440 0x054c  RemoteAccess - ok
13:57:02.0455 0x054c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:57:02.0486 0x054c  RemoteRegistry - ok
13:57:02.0502 0x054c  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:57:02.0533 0x054c  RFCOMM - ok
13:57:02.0533 0x054c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:57:02.0580 0x054c  RpcEptMapper - ok
13:57:02.0596 0x054c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
13:57:02.0611 0x054c  RpcLocator - ok
13:57:02.0627 0x054c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
13:57:02.0674 0x054c  RpcSs - ok
13:57:02.0689 0x054c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:57:02.0720 0x054c  rspndr - ok
13:57:02.0736 0x054c  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:57:02.0752 0x054c  s3cap - ok
13:57:02.0767 0x054c  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] SamSs           C:\Windows\system32\lsass.exe
13:57:02.0783 0x054c  SamSs - ok
13:57:02.0798 0x054c  SANDRA - ok
13:57:02.0814 0x054c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:57:02.0845 0x054c  sbp2port - ok
13:57:02.0845 0x054c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:57:02.0892 0x054c  SCardSvr - ok
13:57:02.0908 0x054c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:57:02.0939 0x054c  scfilter - ok
13:57:02.0954 0x054c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
13:57:03.0032 0x054c  Schedule - ok
13:57:03.0032 0x054c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:57:03.0079 0x054c  SCPolicySvc - ok
13:57:03.0095 0x054c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:57:03.0110 0x054c  SDRSVC - ok
13:57:03.0173 0x054c  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService D:\vscan\Spybot - Search & Destroy\SDFSSvc.exe
13:57:03.0235 0x054c  SDScannerService - ok
13:57:03.0313 0x054c  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService D:\vscan\Spybot - Search & Destroy\SDUpdSvc.exe
13:57:03.0376 0x054c  SDUpdateService - ok
13:57:03.0391 0x054c  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    D:\vscan\Spybot - Search & Destroy\SDWSCSvc.exe
13:57:03.0422 0x054c  SDWSCService - ok
13:57:03.0422 0x054c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:57:03.0454 0x054c  secdrv - ok
13:57:03.0469 0x054c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
13:57:03.0500 0x054c  seclogon - ok
13:57:03.0547 0x054c  [ 05E383849FA1FBBBC160612B0080618C, 43A33CC6BD24635EE849E89DB4391AB36292DDC0AC407E1B480B6E1DF7FC3BC5 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:57:03.0594 0x054c  Secunia PSI Agent - ok
13:57:03.0625 0x054c  [ F8173F1454F21C451439CB47EF75830A, CF87917CD061686CD956884D4ED73AA8C0B04B0B7B5BA36BAA4CC4A03C8C0263 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:57:03.0656 0x054c  Secunia Update Agent - ok
13:57:03.0672 0x054c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
13:57:03.0703 0x054c  SENS - ok
13:57:03.0719 0x054c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:57:03.0750 0x054c  SensrSvc - ok
13:57:03.0750 0x054c  Ser2plx86 - ok
13:57:03.0766 0x054c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:57:03.0781 0x054c  Serenum - ok
13:57:03.0797 0x054c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
13:57:03.0812 0x054c  Serial - ok
13:57:03.0828 0x054c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:57:03.0844 0x054c  sermouse - ok
13:57:03.0890 0x054c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:57:03.0922 0x054c  SessionEnv - ok
13:57:03.0937 0x054c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:57:03.0953 0x054c  sffdisk - ok
13:57:03.0968 0x054c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:57:03.0984 0x054c  sffp_mmc - ok
13:57:04.0000 0x054c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:57:04.0015 0x054c  sffp_sd - ok
13:57:04.0031 0x054c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:57:04.0062 0x054c  sfloppy - ok
13:57:04.0078 0x054c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:57:04.0109 0x054c  SharedAccess - ok
13:57:04.0124 0x054c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:57:04.0171 0x054c  ShellHWDetection - ok
13:57:04.0187 0x054c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:57:04.0202 0x054c  sisagp - ok
13:57:04.0218 0x054c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:57:04.0234 0x054c  SiSRaid2 - ok
13:57:04.0249 0x054c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:57:04.0265 0x054c  SiSRaid4 - ok
13:57:04.0280 0x054c  siusbmod - ok
13:57:04.0296 0x054c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:57:04.0327 0x054c  Smb - ok
13:57:04.0358 0x054c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:57:04.0390 0x054c  SNMPTRAP - ok
13:57:04.0390 0x054c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:57:04.0421 0x054c  spldr - ok
13:57:04.0436 0x054c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
13:57:04.0468 0x054c  Spooler - ok
13:57:04.0561 0x054c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
13:57:04.0670 0x054c  sppsvc - ok
13:57:04.0686 0x054c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:57:04.0717 0x054c  sppuinotify - ok
13:57:04.0748 0x054c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:57:04.0780 0x054c  srv - ok
13:57:04.0795 0x054c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:57:04.0842 0x054c  srv2 - ok
13:57:04.0858 0x054c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:57:04.0889 0x054c  srvnet - ok
13:57:04.0904 0x054c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:57:04.0951 0x054c  SSDPSRV - ok
13:57:04.0967 0x054c  [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:57:04.0982 0x054c  ssmdrv - ok
13:57:04.0998 0x054c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:57:05.0029 0x054c  SstpSvc - ok
13:57:05.0060 0x054c  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
13:57:05.0107 0x054c  StarMoney 9.0 OnlineUpdate - ok
13:57:05.0123 0x054c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:57:05.0138 0x054c  stexstor - ok
13:57:05.0154 0x054c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:57:05.0201 0x054c  StiSvc - ok
13:57:05.0201 0x054c  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:57:05.0232 0x054c  storflt - ok
13:57:05.0248 0x054c  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
13:57:05.0279 0x054c  StorSvc - ok
13:57:05.0294 0x054c  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:57:05.0326 0x054c  storvsc - ok
13:57:05.0341 0x054c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:57:05.0357 0x054c  swenum - ok
13:57:05.0372 0x054c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
13:57:05.0419 0x054c  swprv - ok
13:57:05.0450 0x054c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
13:57:05.0528 0x054c  SysMain - ok
13:57:05.0544 0x054c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:57:05.0575 0x054c  TabletInputService - ok
13:57:05.0591 0x054c  [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
13:57:05.0606 0x054c  tap0901 - ok
13:57:05.0622 0x054c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:57:05.0669 0x054c  TapiSrv - ok
13:57:05.0669 0x054c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
13:57:05.0716 0x054c  TBS - ok
13:57:05.0762 0x054c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:57:05.0825 0x054c  Tcpip - ok
13:57:05.0872 0x054c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:57:05.0918 0x054c  TCPIP6 - ok
13:57:05.0950 0x054c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:57:05.0965 0x054c  tcpipreg - ok
13:57:05.0996 0x054c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:57:06.0028 0x054c  TDPIPE - ok
13:57:06.0028 0x054c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:57:06.0059 0x054c  TDTCP - ok
13:57:06.0059 0x054c  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:57:06.0090 0x054c  tdx - ok
13:57:06.0106 0x054c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:57:06.0137 0x054c  TermDD - ok
13:57:06.0152 0x054c  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
13:57:06.0184 0x054c  TermService - ok
13:57:06.0199 0x054c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
13:57:06.0230 0x054c  Themes - ok
13:57:06.0230 0x054c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:57:06.0262 0x054c  THREADORDER - ok
13:57:06.0277 0x054c  [ E03640172D04EE4F98D42EA1F49A2FCE, 5152F9CF0154C5E925473670D10410CBD1717668F6475B2237598EBA58820018 ] Tortilla        C:\Windows\system32\DRIVERS\tortilla.sys
13:57:06.0293 0x054c  Tortilla - detected UnsignedFile.Multi.Generic ( 1 )
13:57:09.0023 0x054c  Detect skipped due to KSN trusted
13:57:09.0023 0x054c  Tortilla - ok
13:57:09.0070 0x054c  [ DDB9CC0D945DC8BAAE379DE17682AA10, 02E8D7BCF42D8DE953856C10AD0436500089CB44F3549CFF1496D1B6E9D6DA87 ] TridVid         C:\Windows\system32\DRIVERS\tridvid6010.sys
13:57:09.0101 0x054c  TridVid - ok
13:57:09.0116 0x054c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
13:57:09.0148 0x054c  TrkWks - ok
13:57:09.0163 0x054c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:57:09.0210 0x054c  TrustedInstaller - ok
13:57:09.0226 0x054c  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:09.0257 0x054c  tssecsrv - ok
13:57:09.0257 0x054c  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:57:09.0288 0x054c  TsUsbFlt - ok
13:57:09.0288 0x054c  [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:57:09.0319 0x054c  TsUsbGD - ok
13:57:09.0335 0x054c  [ FB5E6989A3F6E6378A45406B1C3A0605, 534020BCEAD25C172403DD7334F5995B78A4DBCF512B045A199AD46E43BFFE56 ] TTHID           C:\Windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys
13:57:09.0350 0x054c  TTHID - ok
13:57:09.0366 0x054c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:57:09.0413 0x054c  tunnel - ok
13:57:09.0413 0x054c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:57:09.0444 0x054c  uagp35 - ok
13:57:09.0460 0x054c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:57:09.0506 0x054c  udfs - ok
13:57:09.0538 0x054c  [ 2FCF594487FB01E3648D4A35156D1596, 472559F528AD37DC366039F22F1042A22B7A18318C0133834A7ACD3FEB03C030 ] UDXTTM6010      C:\Windows\system32\DRIVERS\UDXTTM6010.sys
13:57:09.0569 0x054c  UDXTTM6010 - ok
13:57:09.0600 0x054c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:57:09.0631 0x054c  UI0Detect - ok
13:57:09.0647 0x054c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:57:09.0678 0x054c  uliagpkx - ok
13:57:09.0678 0x054c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:57:09.0709 0x054c  umbus - ok
13:57:09.0725 0x054c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:57:09.0740 0x054c  UmPass - ok
13:57:09.0756 0x054c  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:57:09.0803 0x054c  UmRdpService - ok
13:57:09.0803 0x054c  [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 D:\tools\Unlocker\UnlockerDriver5.sys
13:57:09.0818 0x054c  UnlockerDriver5 - detected UnsignedFile.Multi.Generic ( 1 )
13:57:12.0533 0x054c  Detect skipped due to KSN trusted
13:57:12.0533 0x054c  UnlockerDriver5 - ok
13:57:12.0580 0x054c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
13:57:12.0626 0x054c  upnphost - ok
13:57:12.0642 0x054c  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:57:12.0658 0x054c  usbaudio - ok
13:57:12.0673 0x054c  [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:12.0704 0x054c  usbccgp - ok
13:57:12.0720 0x054c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:57:12.0736 0x054c  usbcir - ok
13:57:12.0751 0x054c  [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:57:12.0782 0x054c  usbehci - ok
13:57:12.0798 0x054c  [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:57:12.0814 0x054c  usbhub - ok
13:57:12.0829 0x054c  [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:57:12.0860 0x054c  usbohci - ok
13:57:12.0876 0x054c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:57:12.0892 0x054c  usbprint - ok
13:57:12.0907 0x054c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:57:12.0938 0x054c  USBSTOR - ok
13:57:12.0938 0x054c  [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:57:12.0970 0x054c  usbuhci - ok
13:57:12.0985 0x054c  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:57:13.0016 0x054c  usbvideo - ok
13:57:13.0016 0x054c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
13:57:13.0063 0x054c  UxSms - ok
13:57:13.0079 0x054c  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] VaultSvc        C:\Windows\system32\lsass.exe
13:57:13.0094 0x054c  VaultSvc - ok
13:57:13.0110 0x054c  VBoxAswDrv - ok
13:57:13.0126 0x054c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:57:13.0141 0x054c  vdrvroot - ok
13:57:13.0172 0x054c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
13:57:13.0219 0x054c  vds - ok
13:57:13.0235 0x054c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:13.0250 0x054c  vga - ok
13:57:13.0266 0x054c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:57:13.0297 0x054c  VgaSave - ok
13:57:13.0313 0x054c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:57:13.0344 0x054c  vhdmp - ok
13:57:13.0344 0x054c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:57:13.0375 0x054c  viaagp - ok
13:57:13.0391 0x054c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:57:13.0406 0x054c  ViaC7 - ok
13:57:13.0422 0x054c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:57:13.0438 0x054c  viaide - ok
13:57:13.0453 0x054c  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:57:13.0484 0x054c  vmbus - ok
13:57:13.0500 0x054c  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:57:13.0516 0x054c  VMBusHID - ok
13:57:13.0531 0x054c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:57:13.0547 0x054c  volmgr - ok
13:57:13.0578 0x054c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:57:13.0609 0x054c  volmgrx - ok
13:57:13.0625 0x054c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:57:13.0640 0x054c  volsnap - ok
13:57:13.0656 0x054c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:57:13.0687 0x054c  vsmraid - ok
13:57:13.0718 0x054c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
13:57:13.0781 0x054c  VSS - ok
13:57:13.0796 0x054c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:57:13.0812 0x054c  vwifibus - ok
13:57:13.0828 0x054c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:57:13.0843 0x054c  vwififlt - ok
13:57:13.0859 0x054c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:57:13.0890 0x054c  vwifimp - ok
13:57:13.0906 0x054c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
13:57:13.0952 0x054c  W32Time - ok
13:57:13.0968 0x054c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:57:13.0999 0x054c  WacomPen - ok
13:57:14.0015 0x054c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:57:14.0046 0x054c  WANARP - ok
13:57:14.0062 0x054c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:57:14.0093 0x054c  Wanarpv6 - ok
13:57:14.0140 0x054c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
13:57:14.0202 0x054c  wbengine - ok
13:57:14.0218 0x054c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:57:14.0249 0x054c  WbioSrvc - ok
13:57:14.0264 0x054c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:57:14.0296 0x054c  wcncsvc - ok
13:57:14.0311 0x054c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:57:14.0342 0x054c  WcsPlugInService - ok
13:57:14.0342 0x054c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:57:14.0374 0x054c  Wd - ok
13:57:14.0389 0x054c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:57:14.0420 0x054c  Wdf01000 - ok
13:57:14.0436 0x054c  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:57:14.0467 0x054c  WdiServiceHost - ok
13:57:14.0483 0x054c  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:57:14.0514 0x054c  WdiSystemHost - ok
13:57:14.0530 0x054c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
13:57:14.0561 0x054c  WebClient - ok
13:57:14.0576 0x054c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:57:14.0623 0x054c  Wecsvc - ok
13:57:14.0623 0x054c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:57:14.0670 0x054c  wercplsupport - ok
13:57:14.0686 0x054c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
13:57:14.0717 0x054c  WerSvc - ok
13:57:14.0732 0x054c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:14.0764 0x054c  WfpLwf - ok
13:57:14.0779 0x054c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:57:14.0795 0x054c  WIMMount - ok
13:57:14.0826 0x054c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:57:14.0873 0x054c  WinDefend - ok
13:57:14.0904 0x054c  WinHttpAutoProxySvc - ok
13:57:14.0920 0x054c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:57:14.0966 0x054c  Winmgmt - ok
13:57:14.0998 0x054c  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:57:15.0060 0x054c  WinRM - ok
13:57:15.0091 0x054c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUSB          C:\Windows\system32\drivers\WinUsb.sys
13:57:15.0122 0x054c  WinUSB - ok
13:57:15.0154 0x054c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:57:15.0216 0x054c  Wlansvc - ok
13:57:15.0232 0x054c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:57:15.0247 0x054c  WmiAcpi - ok
13:57:15.0278 0x054c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:57:15.0310 0x054c  wmiApSrv - ok
13:57:15.0341 0x054c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:57:15.0388 0x054c  WMPNetworkSvc - ok
13:57:15.0403 0x054c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:57:15.0434 0x054c  WPCSvc - ok
13:57:15.0450 0x054c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:57:15.0466 0x054c  WPDBusEnum - ok
13:57:15.0481 0x054c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:57:15.0528 0x054c  ws2ifsl - ok
13:57:15.0544 0x054c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:57:15.0575 0x054c  wscsvc - ok
13:57:15.0575 0x054c  WSearch - ok
13:57:15.0653 0x054c  [ B5202CD63C502A16F6C94186089CF602, 0C4B3F92318D81B67820524D71618333539FEAD2877D8ABA5D7D82E66A9A6417 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:57:15.0731 0x054c  wuauserv - ok
13:57:15.0746 0x054c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:57:15.0762 0x054c  WudfPf - ok
13:57:15.0778 0x054c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
13:57:15.0809 0x054c  WUDFRd - ok
13:57:15.0824 0x054c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:57:15.0856 0x054c  wudfsvc - ok
13:57:15.0871 0x054c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:57:15.0902 0x054c  WwanSvc - ok
13:57:15.0980 0x054c  ================ Scan global ===============================
13:57:15.0996 0x054c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:57:15.0996 0x054c  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
13:57:16.0012 0x054c  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
13:57:16.0027 0x054c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:57:16.0027 0x054c  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
13:57:16.0043 0x054c  [ Global ] - ok
13:57:16.0043 0x054c  ================ Scan MBR ==================================
13:57:16.0043 0x054c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:57:16.0417 0x054c  \Device\Harddisk0\DR0 - ok
13:57:16.0417 0x054c  ================ Scan VBR ==================================
13:57:16.0417 0x054c  [ E191062A081795251EC0401B93A8D917 ] \Device\Harddisk0\DR0\Partition1
13:57:16.0417 0x054c  \Device\Harddisk0\DR0\Partition1 - ok
13:57:16.0433 0x054c  [ 712A3FB082889B5B2FD50B56E2ECAD05 ] \Device\Harddisk0\DR0\Partition2
13:57:16.0433 0x054c  \Device\Harddisk0\DR0\Partition2 - ok
13:57:16.0433 0x054c  [ C45A3688B613E5C70F2B6FAE248D9C4D ] \Device\Harddisk0\DR0\Partition3
13:57:16.0433 0x054c  \Device\Harddisk0\DR0\Partition3 - ok
13:57:16.0448 0x054c  [ 73327495CCA21ED4EAB1E0325BF02E2C ] \Device\Harddisk0\DR0\Partition4
13:57:16.0448 0x054c  \Device\Harddisk0\DR0\Partition4 - ok
13:57:16.0448 0x054c  ================ Scan generic autorun ======================
13:57:16.0464 0x054c  [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe
13:57:16.0495 0x054c  avgnt - ok
13:57:16.0495 0x054c  [ 2F2185AFE45573B6A037642212E350AF, AD63202EBE25E397DB6DB9C2E584DEEB5B2AB8C747D7D18D6816CE99D48E5E4D ] D:\tools\Startup Delayer\Startup Launcher GUI.exe
13:57:16.0511 0x054c  StartupDelayer - detected UnsignedFile.Multi.Generic ( 1 )
13:57:19.0334 0x054c  StartupDelayer ( UnsignedFile.Multi.Generic ) - warning
13:57:19.0334 0x054c  Force sending object to P2P due to detect: D:\tools\Startup Delayer\Startup Launcher GUI.exe
13:57:22.0189 0x054c  Object send P2P result: true
13:57:24.0997 0x054c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:57:25.0044 0x054c  mctadmin - ok
13:57:25.0044 0x054c  Waiting for KSN requests completion. In queue: 1
13:57:26.0058 0x054c  Waiting for KSN requests completion. In queue: 1
13:57:27.0072 0x054c  Waiting for KSN requests completion. In queue: 1
13:57:28.0133 0x054c  AV detected via SS2: Avira Antivirus, D:\vscan\antivir avira\Avira\AntiVir Desktop\wsctool.exe ( 15.0.11.550 ), 0x40000 ( disabled : updated )
13:57:28.0148 0x054c  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 10.0.0.5409 ), 0x41000 ( enabled : updated )
13:57:28.0164 0x054c  Win FW state via NFP2: enabled
13:57:30.0925 0x054c  ============================================================
13:57:30.0925 0x054c  Scan finished
13:57:30.0925 0x054c  ============================================================
13:57:30.0925 0x0648  Detected object count: 1
13:57:30.0925 0x0648  Actual detected object count: 1
13:59:51.0498 0x0648  StartupDelayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:59:51.0498 0x0648  StartupDelayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 25.06.2015, 09:01   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.

Alt 25.06.2015, 11:01   #7
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Guten Tag, Schrauber.

Dank für die Mail.

Hier kommt nun das COMBOFIX-Logfile.
(ich mußte vorher SPYBOT und EMSISOFT deinstallieren...)

Schöne Grüße
Rabanus
---------------------------------
COMBOFIX:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 15-06-24.02 - HEY 25.06.2015  11:43:39.1.8 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3004.2125 [GMT 2:00]
ausgeführt von:: c:\users\HEY\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HEY\AppData\Local\4GB_EN.exe
c:\users\HEY\AppData\Local\4GB_GER.exe
c:\users\HEY\AppData\Local\gui.exe
c:\users\HEY\AppData\Local\ntkrlICE.exe
c:\users\HEY\AppData\Local\Wtrmrk.exe
c:\users\HEY\AppData\Roaming\langInstall.exe
c:\windows\msdownld.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ntkrlICE.exe
c:\windows\winhelp.ini
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-25 bis 2015-06-25  ))))))))))))))))))))))))))))))
.
.
2015-06-25 07:56 . 2015-06-12 07:54	9252600	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D499276-305E-45F3-B1D4-0D5D3D46F175}\mpengine.dll
2015-06-24 08:16 . 2015-06-24 11:42	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-23 08:31 . 2015-06-23 08:59	--------	d-----w-	c:\programdata\Emsisoft
2015-06-23 08:26 . 2015-06-25 09:40	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2015-06-20 20:14 . 2015-06-20 20:14	--------	d-----w-	c:\programdata\Logs
2015-06-20 13:50 . 2015-06-20 13:51	--------	d-----w-	c:\users\HEY\AbiSuite
2015-06-19 01:20 . 2015-06-19 01:20	--------	d-----w-	c:\program files\stinger
2015-06-18 21:24 . 2015-06-18 21:24	--------	d-----w-	c:\program files\ESET
2015-06-18 21:09 . 2015-06-18 21:09	--------	d-----w-	c:\windows\Sun
2015-06-18 20:56 . 2015-06-18 20:56	--------	d-----w-	c:\programdata\Sophos
2015-06-17 22:38 . 2015-06-18 00:06	--------	d-----w-	c:\users\HEY\SecurityScans
2015-06-17 22:38 . 2015-06-18 00:06	--------	d-----w-	c:\program files\Microsoft Baseline Security Analyzer 2
2015-06-17 16:53 . 2014-06-18 22:23	81560	----a-w-	c:\windows\system32\mscories.dll
2015-06-17 16:53 . 2014-06-18 22:23	156824	----a-w-	c:\windows\system32\mscorier.dll
2015-06-17 16:53 . 2014-06-18 22:23	1131664	----a-w-	c:\windows\system32\dfshim.dll
2015-06-17 16:36 . 2015-06-02 19:35	815304	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2015-06-17 16:35 . 2015-02-03 03:12	617984	----a-w-	c:\windows\system32\wmdrmsdk.dll
2015-06-17 16:34 . 2014-07-17 01:39	304128	----a-w-	c:\windows\system32\winlogon.exe
2015-06-17 16:34 . 2014-07-17 01:40	157696	----a-w-	c:\windows\system32\winsta.dll
2015-06-17 16:34 . 2014-07-17 01:39	130048	----a-w-	c:\windows\system32\rdpcorekmts.dll
2015-06-17 16:34 . 2014-07-17 01:03	184320	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2015-06-17 16:34 . 2014-07-17 01:02	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2015-06-17 16:33 . 2014-11-11 02:44	186880	----a-w-	c:\windows\system32\pku2u.dll
2015-06-17 16:33 . 2015-04-18 02:56	342016	----a-w-	c:\windows\system32\certcli.dll
2015-06-17 16:33 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2015-06-17 16:33 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2015-06-17 16:26 . 2015-03-10 03:08	1237504	----a-w-	c:\windows\system32\msxml3.dll
2015-06-17 16:26 . 2015-03-10 03:05	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-06-17 16:18 . 2015-06-17 16:18	--------	d-----w-	c:\windows\tracing
2015-06-17 16:16 . 2015-06-17 16:16	--------	d-s---w-	c:\windows\system32\GWX
2015-06-17 16:16 . 2015-06-17 16:16	--------	d-----w-	c:\windows\Migration
2015-06-17 16:14 . 2014-09-05 01:52	5703168	----a-w-	c:\windows\system32\mstscax.dll
2015-06-17 16:12 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\system32\msi.dll
2015-06-17 16:08 . 2014-10-03 01:45	248832	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2015-06-17 16:08 . 2014-10-03 01:45	214016	----a-w-	c:\windows\system32\WsmWmiPl.dll
2015-06-17 16:08 . 2014-10-03 01:45	145920	----a-w-	c:\windows\system32\WsmAuto.dll
2015-06-17 16:08 . 2014-10-03 01:45	1177088	----a-w-	c:\windows\system32\WsmSvc.dll
2015-06-17 16:08 . 2014-10-03 01:44	198656	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2015-06-17 15:44 . 2015-05-01 13:16	102608	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-17 15:43 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2015-06-17 15:42 . 2014-03-09 21:47	99480	----a-w-	c:\windows\system32\infocardapi.dll
2015-06-17 15:42 . 2014-06-30 22:14	8856	----a-w-	c:\windows\system32\icardres.dll
2015-06-17 15:42 . 2014-03-09 21:47	619672	----a-w-	c:\windows\system32\icardagt.exe
2015-06-17 15:42 . 2014-06-06 06:16	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2015-06-17 15:40 . 2013-12-04 02:03	87040	----a-w-	c:\windows\system32\secproc_ssp.dll
2015-06-17 15:40 . 2013-12-04 02:03	423936	----a-w-	c:\windows\system32\secproc_isv.dll
2015-06-17 15:40 . 2013-12-04 02:03	428032	----a-w-	c:\windows\system32\secproc.dll
2015-06-17 15:40 . 2013-12-04 02:02	390144	----a-w-	c:\windows\system32\msdrm.dll
2015-06-17 15:40 . 2013-12-04 01:54	510976	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2015-06-17 15:40 . 2013-12-04 01:54	594944	----a-w-	c:\windows\system32\RMActivate_isv.exe
2015-06-17 15:40 . 2013-12-04 01:54	572416	----a-w-	c:\windows\system32\RMActivate.exe
2015-06-17 15:40 . 2013-12-04 01:54	508928	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2015-06-17 15:40 . 2013-12-04 02:03	87040	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2015-06-17 15:40 . 2014-10-14 01:50	523776	----a-w-	c:\windows\system32\termsrv.dll
2015-06-17 15:40 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2015-06-17 15:40 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2015-06-17 15:30 . 2013-10-01 23:45	32256	----a-w-	c:\windows\system32\TsUsbGDCoInstaller.dll
2015-06-17 15:30 . 2013-10-02 00:32	12800	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-17 15:30 . 2013-10-02 00:42	49152	----a-w-	c:\windows\system32\drivers\TsUsbFlt.sys
2015-06-17 15:30 . 2013-10-02 00:30	14336	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-17 15:30 . 2013-10-02 00:14	50176	----a-w-	c:\windows\system32\MsRdpWebAccess.dll
2015-06-17 15:30 . 2013-10-02 00:14	17920	----a-w-	c:\windows\system32\wksprtPS.dll
2015-06-17 15:30 . 2013-10-01 23:58	53248	----a-w-	c:\windows\system32\tsgqec.dll
2015-06-17 15:30 . 2013-10-01 23:08	855552	----a-w-	c:\windows\system32\rdvidcrl.dll
2015-06-17 15:30 . 2013-10-01 22:53	350208	----a-w-	c:\windows\system32\wksprt.exe
2015-06-17 15:30 . 2013-10-01 22:34	1068544	----a-w-	c:\windows\system32\mstsc.exe
2015-06-17 15:26 . 2015-05-09 03:14	92672	----a-w-	c:\windows\system32\wudriver.dll
2015-06-17 15:26 . 2015-05-09 03:14	35840	----a-w-	c:\windows\system32\wups2.dll
2015-06-17 15:26 . 2015-05-09 03:14	30208	----a-w-	c:\windows\system32\wups.dll
2015-06-17 15:26 . 2015-05-09 03:14	2937344	----a-w-	c:\windows\system32\wucltux.dll
2015-06-17 15:26 . 2015-05-09 03:14	173056	----a-w-	c:\windows\system32\wuwebv.dll
2015-06-17 15:26 . 2015-05-09 03:14	566784	----a-w-	c:\windows\system32\wuapi.dll
2015-06-17 15:26 . 2015-05-09 03:13	11776	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-06-17 15:26 . 2015-05-09 03:13	33792	----a-w-	c:\windows\system32\wuapp.exe
2015-06-17 15:26 . 2015-05-09 03:13	131584	----a-w-	c:\windows\system32\wuauclt.exe
2015-06-17 15:26 . 2015-05-09 03:14	2045952	----a-w-	c:\windows\system32\wuaueng.dll
2015-06-17 15:26 . 2015-05-09 03:13	69632	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-06-17 15:25 . 2015-04-27 19:05	179200	----a-w-	c:\windows\system32\wintrust.dll
2015-06-17 15:25 . 2015-04-27 19:04	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2015-06-17 15:25 . 2015-04-27 19:04	1174528	----a-w-	c:\windows\system32\crypt32.dll
2015-06-17 15:25 . 2015-04-27 19:04	103936	----a-w-	c:\windows\system32\cryptnet.dll
2015-06-17 15:25 . 2015-03-14 03:04	67584	----a-w-	c:\windows\system32\dwmapi.dll
2015-06-17 15:25 . 2015-03-14 03:04	1372160	----a-w-	c:\windows\system32\dwmcore.dll
2015-06-17 15:25 . 2015-05-09 18:09	715200	----a-w-	c:\windows\system32\mcupdate_GenuineIntel.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-24 11:28 . 2015-05-08 13:54	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-20 13:13 . 2015-02-22 13:21	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-06-20 13:13 . 2015-02-22 13:21	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 09:35 . 2015-05-14 21:00	136728	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-06-09 09:35 . 2015-05-14 21:00	108448	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-20 04:09 . 2015-05-14 21:00	37896	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-05-16 21:21 . 2015-05-16 20:03	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-16 09:16 . 2015-04-16 09:17	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-04-14 07:37 . 2015-05-16 20:03	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-05-16 20:03	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"StartupDelayer"="d:\tools\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R2 AntiVirMailService;Avira Email-Schutz;d:\vscan\antivir avira\Avira\AntiVir Desktop\avmailc7.exe [2015-06-09 827184]
R2 AntiVirWebService;Avira Browser-Schutz;d:\vscan\antivir avira\Avira\AntiVir Desktop\avwebg7.exe [2015-06-09 1188360]
R2 MBAMService;MBAMService;d:\vscan\MBAM\mbamservice.exe [2015-04-14 1080120]
R2 VBoxAswDrv;VBoxAsw Support Driver;d:\vscan\AVAST\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;d:\vscan\AVAST\ng\vbox\AvastVBoxSVC.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-05-16 92888]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2015-03-25 91840]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2009-12-07 44032]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-07-03 16024]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-07-03 1228504]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [x]
R3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys [x]
R3 Tortilla;Tortilla Driver;c:\windows\system32\DRIVERS\tortilla.sys [2013-12-20 10872]
R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2011-01-21 339712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [2009-11-04 23104]
R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [2009-11-04 763584]
R4 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-02-07 12400]
R4 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;d:\program\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe [2014-07-04 697488]
S0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2013-05-07 26424]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-20 37896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 217600]
S2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2013-05-07 129720]
S2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2013-02-06 14392]
S2 AntiVirSchedulerService;Avira Planer;d:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe [2015-06-09 450808]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-03-17 37896]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-07-03 660184]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
utcsvc	REG_MULTI_SZ   	DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-07 c:\windows\Tasks\0215piUpdateInfo.job
- c:\programdata\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe [2015-05-07 13:26]
.
2015-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-22 13:13]
.
2015-03-26 c:\windows\Tasks\GlaryInitialize.job
- d:\tools\REG Glary\initialize.exe [2014-06-18 23:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = file:///D:/www/S8.HTM
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 213.33.99.70 80.120.17.70
FF - ProfilePath - c:\users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\
FF - prefs.js: browser.search.selectedEngine - Englische Ergebnisse
FF - prefs.js: browser.startup.homepage - file:///D:/www/S8.HTM
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9150
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-EaseUS EPM tray - d:\tools\HDD Partition EASUS\bin\EpmNews.exe
MSConfigStartUp-SDTray - d:\vscan\Spybot - Search & Destroy\SDTray.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2487367 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2736428 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-25  11:53:47
ComboFix-quarantined-files.txt  2015-06-25 09:53
.
Vor Suchlauf: 3.317.669.888 Bytes frei
Nach Suchlauf: 3.152.076.800 Bytes frei
.
- - End Of File - - 8BA9AD971D5726BCCC97AF03EAC103CE
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31

Alt 26.06.2015, 05:48   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.06.2015, 06:37   #9
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Guten Morgen, Schrauber.

Dank für die Mail.

Unten sind die Logfiles.

Schöne Grüße
Rabanus
-----------------------------
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 26/06/2015 um 07:12:34
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : HEY - HASI
# Gestarted von : D:\vscan\adwcleaner\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.1 (x86 de)


*************************

AdwCleaner[R10].txt - [1375 Bytes] - [02/05/2015 14:28:36]
AdwCleaner[R11].txt - [1494 Bytes] - [05/05/2015 14:30:32]
AdwCleaner[R12].txt - [1942 Bytes] - [07/05/2015 18:37:48]
AdwCleaner[R13].txt - [2218 Bytes] - [12/05/2015 18:22:56]
AdwCleaner[R14].txt - [1887 Bytes] - [12/05/2015 18:58:15]
AdwCleaner[R15].txt - [2299 Bytes] - [14/05/2015 16:07:31]
AdwCleaner[R16].txt - [2144 Bytes] - [18/06/2015 15:34:41]
AdwCleaner[R17].txt - [2204 Bytes] - [18/06/2015 23:11:19]
AdwCleaner[R18].txt - [2269 Bytes] - [19/06/2015 03:06:50]
AdwCleaner[R19].txt - [2800 Bytes] - [26/06/2015 07:09:14]
AdwCleaner[R2].txt - [1386 Bytes] - [24/03/2015 20:07:26]
AdwCleaner[R3].txt - [297 Bytes] - [25/03/2015 23:10:05]
AdwCleaner[R4].txt - [2667 Bytes] - [25/03/2015 23:11:07]
AdwCleaner[R5].txt - [1016 Bytes] - [25/03/2015 23:22:46]
AdwCleaner[R6].txt - [1075 Bytes] - [25/03/2015 23:29:44]
AdwCleaner[R7].txt - [1135 Bytes] - [26/03/2015 14:47:03]
AdwCleaner[R8].txt - [1681 Bytes] - [01/05/2015 17:06:25]
AdwCleaner[R9].txt - [1315 Bytes] - [02/05/2015 14:24:15]
AdwCleaner[S10].txt - [1974 Bytes] - [26/06/2015 07:12:34]
AdwCleaner[S1].txt - [2630 Bytes] - [25/03/2015 23:14:24]
AdwCleaner[S2].txt - [1535 Bytes] - [01/05/2015 17:07:52]
AdwCleaner[S3].txt - [1434 Bytes] - [02/05/2015 14:31:42]
AdwCleaner[S4].txt - [1553 Bytes] - [05/05/2015 14:32:18]
AdwCleaner[S5].txt - [1786 Bytes] - [07/05/2015 18:40:47]
AdwCleaner[S6].txt - [2066 Bytes] - [12/05/2015 18:26:14]
AdwCleaner[S7].txt - [1950 Bytes] - [12/05/2015 18:59:14]
AdwCleaner[S8].txt - [2143 Bytes] - [14/05/2015 16:14:30]
AdwCleaner[S9].txt - [2262 Bytes] - [18/06/2015 23:13:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [2565  Bytes] ##########
         
--- --- ---

[/CODE]

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.4 (06.25.2015:1)
OS: Windows 7 Professional x86
Ran by HEY on 26.06.2015 at  7:18:27,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2015 at  7:21:19,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.06.2015
Suchlauf-Zeit: 06:55:06
Logdatei: mbam.log
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.26.01
Rootkit Datenbank: v2015.06.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: HEY

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 339023
Verstrichene Zeit: 9 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by HEY (administrator) on HASI on 26-06-2015 07:24:45
Running from F:\
Loaded Profiles: HEY (Available Profiles: HEY & TECHNO)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avshadow.exe
(Ghisler Software GmbH) D:\PROGRAM\wincmd TOTAL\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) D:\www\firefox\firefox.exe
(Mozilla Corporation) D:\www\firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [StartupDelayer] => D:\tools\Startup Delayer\Startup Launcher GUI.exe [147456 2009-03-08] (r2 studios)
HKLM\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-582265673-3528206955-3743167496-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/www/S8.HTM
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-582265673-3528206955-3743167496-1000 -> {4C3AD88C-7275-436A-BABC-C03BA99F5F7C} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\vscan\AVAST\aswWebRepIE.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler: javascript - No CLSID Value - 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70

FireFox:
========
FF ProfilePath: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default
FF DefaultSearchEngine: Google 
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Englische Ergebnisse
FF Homepage: file:///D:/www/S8.HTM
FF NetworkProxy: "autoconfig_url", "hxxp://127.0.0.1:9151/"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9150
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-20] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\ebay-deutschland.xml [2014-04-09]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\google-.xml [2013-08-20]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\google-maps.xml [2013-10-01]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\suche--wikipedia.xml [2013-08-20]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\wiktionary.xml [2012-01-22]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\youtube-videosuche.xml [2014-11-24]
FF Extension: Avira Browser Safety - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-12-07]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-18]
FF Extension: anonymoX - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\client@anonymox.net.xpi [2015-02-04]
FF Extension: CookieKeeper - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\cookiekeeper@cookiekeeper.mozdev.org.xpi [2014-03-02]
FF Extension: Cookies Export/import - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\CookiesIE@yahoo.com.xpi [2014-11-18]
FF Extension: Copy Urls Expert - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-11-18]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-12-07]
FF Extension: Ghostery - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\firefox@ghostery.com.xpi [2015-01-03]
FF Extension: History Export - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\histexp@cycledlm.gmail.com.xpi [2014-11-18]
FF Extension: Lightbeam - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-11-18]
FF Extension: keyconfig - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\keyconfig@dorando.xpi [2014-03-05]
FF Extension: Deutsch (DE) Language Pack - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-04-02]
FF Extension: Reload Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\reloadplus@blackwind.xpi [2014-11-18]
FF Extension: Status-4-Evar - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\status4evar@caligonstudios.com.xpi [2012-12-07]
FF Extension: PDF Viewer - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\uriloader@pdf.js.xpi [2014-11-18]
FF Extension: Image Zoom - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-17]
FF Extension: Unhide Passwords - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2012-12-07]
FF Extension: Cookie Monster - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2012-12-07]
FF Extension: oldbar - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2014-11-18]
FF Extension: Compact Menu 2 - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}.xpi [2012-12-07]
FF Extension: NoScript - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-07]
FF Extension: ReloadEvery - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012-12-07]
FF Extension: Active Stop Button - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb}.xpi [2015-03-12]
FF Extension: Password Exporter - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-11-18]
FF Extension: SelectionSK - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{D0BF6ED6-4A0E-489d-B207-556474500B4E}.xpi [2013-08-24]
FF Extension: Adblock Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Tiny Menu - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2015-01-13]
FF Extension: BetterPrivacy - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-07]
FF Extension: User Agent Switcher - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-12-05]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-29] (Nuance Communications, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; D:\vscan\MBAM\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 StarMoney 9.0 OnlineUpdate; D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "D:\vscan\AVAST\ng\vbox\AvastVBoxSVC.exe" [X]
S4 HPSLPSVC; C:\Users\HEY\AppData\Local\Temp\7zS1EF5\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-05-16] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-03-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [91840 2015-03-25] (McAfee, Inc.)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [44032 2009-12-07] (--)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 Tortilla; C:\Windows\System32\DRIVERS\tortilla.sys [10872 2013-12-21] () [File not signed]
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [339712 2011-01-21] (10Moons Technologies Co.,Ltd)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [23104 2009-11-04] (DTV-DVB)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [763584 2009-11-04] ()
S3 catchme; \??\C:\Users\HEY\AppData\Local\Temp\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 SANDRA; \??\D:\tools\REG Sandra\WNt500x86\Sandra.sys [X]
S3 Ser2plx86; system32\DRIVERS\ser2pl.sys [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S2 VBoxAswDrv; \??\D:\vscan\AVAST\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 07:21 - 2015-06-26 07:21 - 00000603 _____ C:\Users\HEY\Desktop\JRT.txt
2015-06-25 11:53 - 2015-06-25 11:53 - 00020966 _____ C:\ComboFix.txt
2015-06-25 11:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-25 11:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-25 11:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-25 10:40 - 2015-06-25 11:54 - 00000000 ____D C:\Qoobox
2015-06-25 10:39 - 2015-06-25 11:51 - 00000000 ____D C:\Windows\erdnt
2015-06-25 10:25 - 2015-06-25 10:25 - 05630239 ____R (Swearware) C:\Users\HEY\Desktop\ComboFix.exe
2015-06-23 10:26 - 2015-06-25 11:40 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-22 18:37 - 2015-06-22 18:37 - 00000694 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-21 20:51 - 2015-06-21 20:51 - 00000757 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-20 18:17 - 2015-06-20 18:17 - 00000000 ____T C:\Windows\system32\USB003
2015-06-20 15:50 - 2015-06-20 15:51 - 00000000 ____D C:\Users\HEY\AbiSuite
2015-06-20 15:37 - 2015-06-20 15:37 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2015-06-20 15:12 - 2015-06-20 15:13 - 00000568 _____ C:\Windows\SecuniaPackage.log
2015-06-19 07:39 - 2015-06-24 21:05 - 00000518 _____ C:\Users\HEY\AppData\Local\UNAWAVE_EN.url
2015-06-19 07:39 - 2015-06-24 21:05 - 00000240 _____ C:\Users\HEY\AppData\Local\UPDATE.url
2015-06-19 07:39 - 2015-06-24 21:05 - 00000216 _____ C:\Users\HEY\AppData\Local\UNAWAVE_GER.url
2015-06-19 03:20 - 2015-06-19 03:20 - 00000000 ____D C:\Program Files\stinger
2015-06-18 23:24 - 2015-06-18 23:24 - 00000000 ____D C:\Program Files\ESET
2015-06-18 23:09 - 2015-06-18 23:09 - 00000000 ____D C:\Windows\Sun
2015-06-18 22:55 - 2015-06-18 22:55 - 00002679 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-06-18 16:27 - 2015-06-25 12:43 - 00036990 _____ C:\Windows\PFRO.log
2015-06-18 15:05 - 2015-06-18 23:02 - 00068592 _____ C:\Users\HEY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-18 13:44 - 2015-06-26 07:13 - 00002679 _____ C:\Windows\setupact.log
2015-06-18 13:44 - 2015-06-18 16:27 - 00302392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-18 13:44 - 2015-06-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 00:44 - 2015-06-18 00:44 - 00262144 _____ C:\Users\TECHNO
2015-06-18 00:38 - 2015-06-18 02:06 - 00000000 ____D C:\Users\HEY\SecurityScans
2015-06-18 00:38 - 2015-06-18 02:06 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2015-06-17 18:53 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-17 18:53 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-17 18:53 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-17 18:37 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-17 18:37 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-17 18:37 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-17 18:37 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-17 18:37 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-17 18:37 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-17 18:37 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-17 18:37 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-17 18:37 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-17 18:37 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-17 18:37 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-17 18:37 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-17 18:37 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-17 18:37 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-17 18:37 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-17 18:37 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-17 18:37 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-17 18:37 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-17 18:37 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-17 18:36 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-17 18:36 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-17 18:36 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-17 18:36 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-17 18:36 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-17 18:36 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-17 18:36 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-17 18:36 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-17 18:36 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-17 18:36 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-17 18:36 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-17 18:36 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-17 18:36 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-17 18:35 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-17 18:35 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-17 18:35 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-17 18:35 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-17 18:35 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-17 18:35 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-17 18:35 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-17 18:35 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-17 18:35 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-17 18:35 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-17 18:34 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-17 18:34 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-17 18:34 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-17 18:34 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-17 18:34 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-17 18:33 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-17 18:33 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-17 18:33 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-17 18:33 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-17 18:32 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-17 18:32 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-17 18:32 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-17 18:32 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-17 18:32 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-17 18:32 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-17 18:32 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-17 18:32 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-17 18:32 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-17 18:32 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-17 18:32 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-17 18:32 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-17 18:32 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-17 18:32 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-17 18:32 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-17 18:32 - 2014-12-11 19:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-17 18:32 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-17 18:32 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-17 18:32 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-17 18:32 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-17 18:32 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-17 18:32 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-17 18:32 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-17 18:32 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-17 18:32 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-17 18:32 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-17 18:32 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-17 18:32 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-17 18:32 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-17 18:32 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-17 18:32 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-17 18:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-17 18:32 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-17 18:32 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-17 18:32 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-17 18:32 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-17 18:32 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-17 18:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-17 18:32 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-06-17 18:32 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-17 18:32 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-06-17 18:32 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-17 18:32 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-17 18:26 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-17 18:26 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-17 18:18 - 2015-06-17 18:18 - 00000000 ____D C:\Windows\tracing
2015-06-17 18:17 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-17 18:16 - 2015-06-17 18:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-17 18:14 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-17 18:13 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-17 18:13 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-17 18:13 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-17 18:13 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-17 18:13 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-17 18:13 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-17 18:13 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-17 18:13 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-17 18:13 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-17 18:13 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-17 18:13 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-17 18:13 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-17 18:13 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-06-17 18:13 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-06-17 18:13 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-06-17 18:12 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-17 18:12 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-17 18:12 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-17 18:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-17 18:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-17 18:12 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-17 18:12 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-17 18:12 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-17 18:12 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-17 18:12 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-17 18:12 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-17 18:12 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-17 18:12 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-17 18:08 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-17 17:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-17 17:43 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-17 17:42 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-17 17:42 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-17 17:42 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-17 17:42 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-17 17:40 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-17 17:40 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-17 17:40 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-17 17:40 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-06-17 17:40 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-06-17 17:39 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-17 17:39 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-17 17:39 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-17 17:39 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-17 17:39 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-17 17:39 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-17 17:39 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-17 17:39 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-17 17:39 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-17 17:39 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-17 17:39 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-17 17:39 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-17 17:39 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-17 17:39 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-17 17:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-17 17:39 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-17 17:39 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-17 17:39 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-17 17:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-17 17:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-17 17:39 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-17 17:39 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-17 17:39 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-17 17:39 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-17 17:39 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-17 17:39 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-17 17:39 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-17 17:39 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-17 17:39 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-17 17:39 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-17 17:39 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-17 17:30 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-17 17:30 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-17 17:30 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-17 17:30 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-17 17:30 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-17 17:30 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-17 17:30 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-17 17:30 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-17 17:30 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-17 17:30 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-17 17:26 - 2015-05-09 05:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-17 17:26 - 2015-05-09 05:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-17 17:26 - 2015-05-09 05:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-17 17:26 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-17 17:26 - 2015-05-09 05:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-17 17:25 - 2015-05-09 20:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-17 17:25 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-17 17:25 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-17 17:25 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-06 12:07 - 2015-06-06 12:07 - 00000942 _____ C:\Users\HEY\seditor.launcher.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 07:24 - 2015-03-25 23:34 - 00000000 ____D C:\FRST
2015-06-26 07:18 - 2010-11-20 23:01 - 00256048 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 07:18 - 2009-07-14 06:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 07:18 - 2009-07-14 06:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-26 07:13 - 2012-10-09 18:45 - 01642689 _____ C:\Windows\WindowsUpdate.log
2015-06-26 07:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 07:12 - 2015-03-24 20:07 - 00000000 ____D C:\AdwCleaner
2015-06-26 07:07 - 2012-10-16 01:45 - 00000000 ____D C:\Users\HEY\AppData\Roaming\TV-Browser
2015-06-26 07:06 - 2012-10-13 09:39 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Spamihilator
2015-06-26 07:05 - 2015-05-08 15:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-26 06:40 - 2015-05-25 20:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-25 21:59 - 2012-10-11 10:10 - 00000000 ____D C:\Users\HEY\AppData\Roaming\vlc
2015-06-25 12:49 - 2014-04-05 20:58 - 00000000 ____D C:\Users\HEY\AppData\Local\cmon
2015-06-25 11:53 - 2013-12-20 00:52 - 00000000 ___RD C:\Users\Public
2015-06-25 11:49 - 2009-07-14 04:04 - 00000296 _____ C:\Windows\system.ini
2015-06-24 07:29 - 2015-05-07 21:18 - 00001912 _____ C:\Windows\epplauncher.mif
2015-06-23 19:07 - 2012-10-09 18:43 - 00000000 ____D C:\Users\HEY
2015-06-23 19:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-06-23 19:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-06-23 12:18 - 2012-10-10 16:35 - 00000000 ____D C:\Users\HEY\Desktop\VSCAN
2015-06-23 10:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-21 18:09 - 2012-10-10 19:34 - 00000000 ____D C:\Users\HEY\AppData\Roaming\XnView
2015-06-20 18:31 - 2012-10-23 10:02 - 00000727 _____ C:\Windows\IMAGEIN.INI
2015-06-20 15:13 - 2015-02-22 15:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-20 15:13 - 2015-02-22 15:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-19 08:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-19 02:29 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 20:01 - 2015-05-12 11:10 - 00000000 ____D C:\Windows\rescache
2015-06-18 15:36 - 2012-10-16 06:11 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Macromedia
2015-06-18 13:41 - 2015-05-08 15:55 - 00000000 ____D C:\Users\HEY\AppData\Local\CrashDumps
2015-06-18 13:15 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-18 08:27 - 2015-05-01 17:14 - 02950477 _____ (Thisisu) C:\Users\HEY\Desktop\JRT_NEW.exe
2015-06-18 03:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-18 02:06 - 2012-10-09 18:45 - 00000000 ____D C:\Windows\SoftwareDistribution_OLD
2015-06-18 00:45 - 2014-09-20 18:01 - 00000000 __SHD C:\Users\HEY\AppData\Local\EmieUserList
2015-06-18 00:45 - 2014-09-20 18:01 - 00000000 __SHD C:\Users\HEY\AppData\Local\EmieSiteList
2015-06-17 19:33 - 2012-10-30 15:50 - 00000000 ____D C:\Windows\pss
2015-06-17 18:18 - 2015-04-10 10:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-17 18:18 - 2015-04-10 10:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-17 18:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-17 17:52 - 2010-11-21 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-17 17:30 - 2012-10-10 04:36 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-06-17 17:29 - 2014-03-12 10:47 - 00000000 ____D C:\Windows\system32\MRT
2015-06-17 17:26 - 2012-10-10 15:13 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 18:00 - 2012-11-20 19:00 - 00000325 _____ C:\Windows\KillProcess.INI
2015-06-09 11:35 - 2015-05-14 23:00 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-09 11:35 - 2015-05-14 23:00 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 11:35 - 2015-05-03 10:42 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-06 12:08 - 2013-12-19 19:54 - 00000000 ____D C:\Users\HEY\AppData\Roaming\tor
2015-06-06 12:07 - 2013-12-19 19:53 - 00000000 ____D C:\Users\HEY\AppData\Local\Vidalia
2015-05-30 14:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-11-05 19:40 - 2015-03-22 13:27 - 0001595 _____ () C:\Users\HEY\AppData\Roaming\SAS7_000.DAT
2014-06-18 00:35 - 2014-06-18 00:35 - 0000001 _____ () C:\Users\HEY\AppData\Local\llftool.4.25.agreement
2014-06-18 00:36 - 2014-06-18 00:36 - 0000019 _____ () C:\Users\HEY\AppData\Local\llftool.license
2014-06-18 00:43 - 2014-06-18 00:43 - 0000001 _____ () C:\Users\HEY\AppData\Local\RawCopy.1.10.agreement
2014-06-18 00:43 - 2014-06-18 00:43 - 0000001 _____ () C:\Users\HEY\AppData\Local\RawCopy.sourcedisk.index
2015-05-06 18:58 - 2015-05-06 18:58 - 0000218 _____ () C:\Users\HEY\AppData\Local\recently-used.xbel
2015-06-19 07:39 - 2015-06-24 21:05 - 0000518 _____ () C:\Users\HEY\AppData\Local\UNAWAVE_EN.url
2015-06-19 07:39 - 2015-06-24 21:05 - 0000216 _____ () C:\Users\HEY\AppData\Local\UNAWAVE_GER.url
2015-06-19 07:39 - 2015-06-24 21:05 - 0000240 _____ () C:\Users\HEY\AppData\Local\UPDATE.url
2012-11-19 00:13 - 2015-01-11 18:12 - 0017408 _____ () C:\Users\HEY\AppData\Local\WebpageIcons.db
2015-03-24 22:55 - 2015-03-24 22:55 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2014-02-16 12:46 - 2014-02-16 12:46 - 0005110 _____ () C:\ProgramData\mxnhytee.feu

Some files in TEMP:
====================
C:\Users\HEY\AppData\Local\Temp\avgnt.exe
C:\Users\HEY\AppData\Local\Temp\Quarantine.exe
C:\Users\HEY\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-06-23 07:37

==================== End of log ============================
         
--- --- ---


[CODE]
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by HEY at 2015-06-26 07:25:16
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-582265673-3528206955-3743167496-500 - Administrator - Enabled)
Gast (S-1-5-21-582265673-3528206955-3743167496-501 - Limited - Disabled)
HEY (S-1-5-21-582265673-3528206955-3743167496-1000 - Administrator - Enabled) => C:\Users\HEY
HomeGroupUser$ (S-1-5-21-582265673-3528206955-3743167496-1004 - Limited - Enabled)
TECHNO (S-1-5-21-582265673-3528206955-3743167496-1002 - Limited - Enabled) => C:\Users\TECHNO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 18 ActiveX (HKLM\...\{9F5C6A1A-3B30-4AD5-B998-2885AA7C26A7}) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\{2448A347-6E10-4FDE-AD25-74804743D184}) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Ahnenblatt 2.74 (HKLM\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Any Video Converter 5.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Attachment Finder for Outlook Express version 2.31.15.45 (HKLM\...\Attachment Finder for Outlook Express_is1) (Version:  - Yarrow Soft)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Cinergy Hybrid Stick V1.00.08.06a (HKLM\...\Cinergy Hybrid Stick) (Version: 1.00.08.06a - )
c'mon Version 1.0.2 (HKLM\...\{75A58CEE-4F84-4F03-BA75-A7D4D6C986F0}_is1) (Version: 1.0.2 - sheepleap Software)
CrystalDiskInfo 5 Cynthia Alpha1 (HKLM\...\CrystalDiskInfo_is1) (Version: 5 Cynthia Alpha1 - Crystal Dew World)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dragon NaturallySpeaking 11 (HKLM\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dupe Remover for Outlook Express and Windows Mail version 3.5 (HKLM\...\{B262EDF7-B16C-447E-B203-FAD286B61F90}_is1) (Version: 3.5 - Topalt.com)
DVBViewer TERRATEC Edition (HKLM\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
FRITZBox Anrufmonitor (HKLM\...\{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}) (Version: 1.0.1 - Bernhard Elbl)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Glary Utilities 2.52.0.1698 (HKLM\...\Glary Utilities_is1) (Version: 2.52.0.1698 - Glarysoft Ltd)
GrampsAIO32 (HKLM\...\GrampsAIO32) (Version: 3.4.5-1 - The GRAMPS project)
Graphviz (HKLM\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.34 - AT&T Research Labs.)
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Hex-Editor MX (HKLM\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Inkscape 0.48.5 (HKLM\...\Inkscape) (Version: 0.48.5 - )
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KC Softwares SUMo (HKLM\...\KC Softwares SUMo_is1) (Version: 3.10.7.234 - KC Softwares)
Ladegeräte 4.02  (HKLM\...\Ladegeräte) (Version: 4.02 - )
Lotus SmartSuite Version 9 (HKLM\...\SmartSuite V98.0) (Version:  - )
Macromedia Extension Manager (HKLM\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname)
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{117E49F3-4985-41EC-90AD-72C09CEAB639}) (Version: 3.0.302.0 - Tracker Software Products (Canada) Ltd.)
PhonerLite 2.15 (HKLM\...\PhonerLite_is1) (Version: 2.15 - Heiko Sommerfeldt)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spamihilator 1.6.0 (32-Bit) (HKLM\...\{624CDCC7-9E58-46FE-956B-04A8004A9FCC}) (Version: 1.6.0 - Michel Krämer)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM\...\{70BEE0AE-B265-49E1-AC04-AFAFA99B4DE7}) (Version: 9.0 - Star Finanz GmbH)
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.24.8 - )
THC Codec Patch (HKLM\...\{03DF2CB2-FF23-47F7-8754-8C3938A5F44C}) (Version: 1.00.0000 - )
Tor 0.2.4.22 (HKLM\...\Tor) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV-Browser 3.4.0.1 (HKLM\...\tvbrowser) (Version: 3.4.0.1 - TV-Browser Team)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Vidalia 0.2.21 (HKLM\...\Vidalia) (Version:  - )
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wondershare Video Editor(Build 3.1.1) (HKLM\...\Wondershare Video Editor_is1) (Version: 3.1.1.1 - Wondershare Software)
XnView 2.13 (HKLM\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{53DEC138-A51E-11D2-861E-00C04FA35C89}\InprocServer32 -> D:\PROGRAM\symphony IBM\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.1.20101013-2236\os\win32\x86\tlogpsdll.DLL ()
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{A69145EB-EB83-4485-AF49-62619B164E34}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{c59c69c9-35fa-4bd3-9fb7-c38606f8547d}\localserver32 -> D:\PROGRAM\symphony IBM\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.1.20101013-2236\os\win32\x86\IEOOP.exe (IBM)
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{E33509A4-EB8B-4BB2-A55A-626EE4DBA50F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

20-06-2015 22:25:21 MSXML 4.0 SP2 Parser und SDK wird entfernt
21-06-2015 20:47:33 avast! antivirus system restore point
23-06-2015 12:24:29 Windows Update
23-06-2015 17:46:30 avast! antivirus system restore point
23-06-2015 17:57:54 avast! antivirus system restore point
23-06-2015 19:04:53 Wiederherstellungsvorgang
24-06-2015 15:17:49 Windows Update

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {181C236A-87BE-42B6-86D5-5D3B67737A05} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {2DFAEE35-CB40-4231-87B7-AAA57E081560} - System32\Tasks\{AD457501-6A49-4D41-8DAF-0D971FB98F17} => pcalua.exe -a "F:\CX70 USB   setupSiemens-DCA-140-540v1.0.7.exe" -d f:\
Task: {3372FC63-A51B-43E7-929C-A6AE447EE15D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {35022A48-A5AE-4B42-B9F4-15BCAEB4DD72} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3FD6F459-7231-4BEE-ADED-6C99850E0FEA} - System32\Tasks\{873E92E0-76AE-433B-AF2C-1D9D743C6F98} => pcalua.exe -a D:\vscan\spamihilator\wizard.exe -d D:\vscan\spamihilator\
Task: {41B612DD-5D2C-40B0-B4EC-542B512ABF29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {497185EA-7F95-490A-B106-0F81C119017F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {5210FAA3-0ED2-4185-BF2F-89EB7E43D33C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {957C3813-079D-4B25-9E2C-878BCE7812F9} - System32\Tasks\sd => C:\Windows\system32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {96737689-332C-4E97-89D6-CB699C9C4D73} - System32\Tasks\GlaryInitialize => D:\tools\REG Glary\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {B9587736-E5B2-40FC-8DF5-15EBB9186AF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-20] (Adobe Systems Incorporated)
Task: {C2191ED4-320D-446B-97A1-7A2801D8570B} - System32\Tasks\avast! Emergency Update => D:\vscan\AVAST\AvastEmUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215piUpdateInfo.job => C:\ProgramData\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => D:\tools\REG Glary\initialize.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-18 07:54 - 2010-07-04 23:32 - 00010752 _____ () D:\tools\Unlocker\UnlockerCOM.dll
2013-02-20 13:04 - 1998-02-05 20:16 - 00018432 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\jDocPrc.dll
2015-06-20 15:13 - 2015-06-20 15:13 - 17321648 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\windowsupdate.com -> windowsupdate.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12683 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 213.33.99.70 - 80.120.17.70

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{EEE5FE62-739C-4051-9574-B98975824551}Z:\stausau\stausau.exe] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [UDP Query User{AC5A39C0-D333-4C0D-B915-F63288C77065}Z:\stausau\stausau.exe] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [{EDFF3B3D-3D91-48F1-AA9E-FBA042A57714}] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [{8CB7DA3E-5ADA-4AE6-A9C8-8D7C1D838C14}] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [TCP Query User{16FCFCDC-AB20-4594-8674-C89ABAA7B12B}C:5\stausau\stausau.exe] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [UDP Query User{64F1CFBB-FC0C-4C60-86F8-3456AB4E247D}C:5\stausau\stausau.exe] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{03AAAA8F-0E88-43E6-8161-1D9576F3B4EC}] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{2681CA6F-7BA7-4239-9EEA-6EA139620088}] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{E036EFC6-8BF4-4784-A1D5-62E87BC1C2A1}] => (Allow) LPort=51001
FirewallRules: [{9EC1E511-888E-4C96-825B-6583DF2E3343}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{57D043C2-01C4-4102-84A9-09C534E79DA5}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{F168206D-CDCC-4A28-9C52-6E3005AE1E2E}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{7D29F709-045B-4BF3-963B-FB3B29007721}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{EE88DF99-8558-47E1-87F3-4889DE69721B}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [{E22176C1-B5AF-491A-B316-626EF85B3240}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [TCP Query User{A5DA919E-670C-4C2B-8A51-E08C7AF4AEB0}C:4\stausau\stausau.exe] => (Allow) C:4\stausau\stausau.exe
FirewallRules: [UDP Query User{F275DC67-8555-47B3-B150-9D416CCB3831}C:4\stausau\stausau.exe] => (Allow) C:4\stausau\stausau.exe
FirewallRules: [{596C8ADB-C3BB-4804-B4D6-FAD98AE74E95}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{243AFF66-87B2-4586-8ED3-2A2A929D5D9F}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{0DAEE702-C881-4DB7-9A0F-BB87D368A8D3}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{C544B031-9DE8-4714-9537-396698B9974D}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{A44BBFFB-38EF-4323-ACB3-9FF61E030291}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{535A7A2A-D4D2-457A-B8AA-EF38620950E4}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{4AF7D4A8-29A1-48AD-AE91-342C604C5652}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{E41CE52E-5AC2-4356-8DD3-AB2475372040}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{E68867D3-562F-409F-827C-760A9F027470}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [{2ACAB2F9-0B51-4E9C-9BB1-24E36E94B633}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [TCP Query User{24EAF5F5-4155-4EA8-99BE-AAFB9CEB0E88}D:\program\vlc\vlc.exe] => (Allow) D:\program\vlc\vlc.exe
FirewallRules: [UDP Query User{A563107B-2437-409A-8F8E-CEAD40363473}D:\program\vlc\vlc.exe] => (Allow) D:\program\vlc\vlc.exe
FirewallRules: [TCP Query User{465DFC31-927C-49EC-834F-7CCAB035478F}C:2\stausau\stausau.exe] => (Allow) C:2\stausau\stausau.exe
FirewallRules: [UDP Query User{B8EF9947-322D-4DDD-BD08-4D027FC5C5BC}C:2\stausau\stausau.exe] => (Allow) C:2\stausau\stausau.exe
FirewallRules: [TCP Query User{1069438B-8837-490B-9DBD-E45AA096BADD}D:\program\wincmd total\totalcmd.exe] => (Allow) D:\program\wincmd total\totalcmd.exe
FirewallRules: [UDP Query User{CF358071-938C-4009-B701-A9DD5407D815}D:\program\wincmd total\totalcmd.exe] => (Allow) D:\program\wincmd total\totalcmd.exe
FirewallRules: [TCP Query User{783C08C3-58CB-47E3-B1D1-289BC0AA9D38}C:0\stausau\stausau.exe] => (Allow) C:0\stausau\stausau.exe
FirewallRules: [UDP Query User{C2D7DE1A-B390-417E-A47A-C5CEB2D5A1FF}C:0\stausau\stausau.exe] => (Allow) C:0\stausau\stausau.exe
FirewallRules: [{7B68A0F7-C27E-4544-BDB8-DDE54F023B15}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{9D867F3B-BB7E-438A-AD2D-BE9F65C61203}Z:\stausau\doppl\stausau.exe] => (Allow) Z:\stausau\doppl\stausau.exe
FirewallRules: [UDP Query User{D2A6E986-244D-414F-B940-DC9E758DE105}Z:\stausau\doppl\stausau.exe] => (Allow) Z:\stausau\doppl\stausau.exe
FirewallRules: [{D5AEBD1D-33CA-441A-A770-6701FDE6978E}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{2432250D-9297-41B8-9EA1-2683E60490C7}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{A6DFE1CF-D09C-4180-B81A-9BDD6032964F}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{8D594778-9337-47CE-9393-B858452A6DB0}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{35BB9939-281B-4226-98F0-F699F3341190}] => (Allow) D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{25EC2B1F-30BC-492E-B213-7314A35623B5}] => (Allow) D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4FDF767B-2235-4CF7-896F-F81D7FABF919}] => (Allow) D:\PROGRAM\Starmoney 9\app\StarMoney.exe
FirewallRules: [{4FB2E3A6-31E5-4E78-8AEE-1F1999766B79}] => (Allow) D:\PROGRAM\Starmoney 9\app\StarMoney.exe
FirewallRules: [{B8F86095-890C-4800-9FC2-A7D003DEACC9}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{CC240133-CAEA-4A3B-9988-5EDB3595BE21}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{E8CEFFA2-0C9D-43C7-998E-8D389F67CC7D}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{05B845B7-27AA-4D03-B9BC-681AFF6281F9}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{948C67DC-6769-44F8-93BE-27099544F310}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{C658F4EF-1D57-4CC2-AD28-22C7A64B0EB8}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{A8AE38A8-5479-48EF-B048-E6CCF6AF613B}] => (Allow) D:\system\DVB-T Terratec\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{FED31304-BB9E-4375-B357-A6C9D62AD053}] => (Allow) D:\system\DVB-T Terratec\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{3EDE1FDD-96D9-475F-8EBE-B535A3C1EC93}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{A1E953F6-A9C2-454F-90BE-01AD6FF9D30D}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [TCP Query User{8DCCEEF1-7073-4C7F-A5D1-C337EB222C46}D:\program\pdf libre office\program\soffice.bin] => (Allow) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [UDP Query User{DB298202-7346-45D9-8F56-328CFBE2715A}D:\program\pdf libre office\program\soffice.bin] => (Allow) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [TCP Query User{47450C1D-2C9D-4CC7-9020-3B3E20C07BAE}D:\www\schleier\vidalia bundle mit tor\tor\tor.exe] => (Allow) D:\www\schleier\vidalia bundle mit tor\tor\tor.exe
FirewallRules: [UDP Query User{F484BF2A-74B7-470D-BF09-E909AD3DA611}D:\www\schleier\vidalia bundle mit tor\tor\tor.exe] => (Allow) D:\www\schleier\vidalia bundle mit tor\tor\tor.exe
FirewallRules: [TCP Query User{CF7D2F4B-ECA9-4FB5-BB32-A55EA325A135}D:\system\voip phoner light\phonerlite.exe] => (Allow) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [UDP Query User{CE0CFC6D-DEB4-4E3F-B359-7B95F8628FDC}D:\system\voip phoner light\phonerlite.exe] => (Allow) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [{2347E8A6-CDC6-4A73-A5BA-6A11C52FAC4A}] => (Block) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [{D0567FAD-B88E-4E76-873E-2B1F2B16FB68}] => (Block) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [TCP Query User{13C5BB12-B93D-4391-90D6-9F5FE16E288F}C:6\stausau\stausau.exe] => (Block) C:6\stausau\stausau.exe
FirewallRules: [UDP Query User{12DB9945-1D94-4979-89FB-5FDD53157822}C:6\stausau\stausau.exe] => (Block) C:6\stausau\stausau.exe
FirewallRules: [TCP Query User{F139670F-4685-4B51-894D-E5CBD4A45EA2}D:\program\pdf libre office\program\soffice.bin] => (Block) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [UDP Query User{5596FAE2-D805-4934-8E58-781A41C16D42}D:\program\pdf libre office\program\soffice.bin] => (Block) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [{9C93CACF-8262-4F15-8A0F-B5BC5B2A7D3C}] => (Allow) D:\www\firefox\firefox.exe
FirewallRules: [{70AB2EDB-BEEF-4A15-A288-467404B9F228}] => (Allow) D:\www\firefox\firefox.exe
FirewallRules: [TCP Query User{DB4BE0B1-0D8C-4CDC-8686-64F8A537F98D}D:\www\firefox\firefox.exe] => (Block) D:\www\firefox\firefox.exe
FirewallRules: [UDP Query User{7A69564C-A873-45CD-8DA9-BEA315B88EDC}D:\www\firefox\firefox.exe] => (Block) D:\www\firefox\firefox.exe
FirewallRules: [{E3A163E3-96B0-4748-B483-873E6D3EE7AA}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{39A46D41-154F-4B96-B1FA-0CA92F687077}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{68B89C0B-1EA7-4366-957F-930BD80AD5E1}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{E244EB9B-05EA-4BB1-8686-AE02BACB844C}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{80F12F8F-9F38-40FB-840F-958090710B51}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D0D6060-EBEE-4478-85C0-68872D2C4483}] => (Allow) D:\vscan\AVAST\ng\vbox\aswFe.exe
FirewallRules: [{7CDA9FB4-B489-48E2-9F3B-FE4CF1920EA4}] => (Allow) D:\vscan\AVAST\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 05:57:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f8bb298a-292b-451f-93db-822daef74801}

Error: (06/23/2015 05:46:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d89667a-9bd4-431c-a16f-a79438964122}

Error: (06/21/2015 08:47:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b827255e-1160-4208-b124-6c82054f15ae}

Error: (06/18/2015 01:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0x5f4
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 06:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 06:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0xf08
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 00:00:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/17/2015 11:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/17/2015 11:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2015 06:23:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/26/2015 07:18:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 07:18:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 07:18:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 07:18:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia Update Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 07:18:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dragon Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 07:18:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2015 07:18:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/26/2015 07:16:08 AM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: WMPNetworkSvc

Error: (06/26/2015 07:14:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 07:14:02 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office:
=========================
Error: (06/23/2015 05:57:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f8bb298a-292b-451f-93db-822daef74801}

Error: (06/23/2015 05:46:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d89667a-9bd4-431c-a16f-a79438964122}

Error: (06/21/2015 08:47:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b827255e-1160-4208-b124-6c82054f15ae}

Error: (06/18/2015 01:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b95f401d0a9bb992b7ae5D:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dlld82fb7aa-15ae-11e5-9cfc-60eb69953d0f

Error: (06/17/2015 06:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b9136c01d0a91732e1a8d8D:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dll70e7130e-150a-11e5-8183-60eb69953d0f

Error: (06/17/2015 06:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b9f0801d0a9172d9e895eD:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dll6c18d72a-150a-11e5-8183-60eb69953d0f

Error: (06/17/2015 00:00:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\system\SONY XPERIA\Flashtool 9_10\FlashTool64.exe

Error: (06/17/2015 11:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\PROGRAM\wincmd total\TCUNIN64.EXE

Error: (06/17/2015 11:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\PROGRAM\Stammbaum für gramps  graphviz-2.34 per MSI\bin\mingle.exe

Error: (06/14/2015 06:23:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\system\SONY XPERIA\Flashtool 9_10\FlashTool64.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-25 22:08:24.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:07:25.155
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:07:06.887
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:06:43.727
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:03:54.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:03:33.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 21:59:52.157
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-21 20:56:40.170
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-21 20:52:50.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:21:34.569
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 56%
Total physical RAM: 3004.5 MB
Available physical RAM: 1295.16 MB
Total Pagefile: 4880.68 MB
Available Pagefile: 3010.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.43 MB

==================== Drives ================================

Drive c: (C-PLATTE) (Fixed) (Total:42.98 GB) (Free:2.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (D-Platte) (Fixed) (Total:43.96 GB) (Free:10.04 GB) NTFS
Drive e: (E-Platte) (Fixed) (Total:87.88 GB) (Free:50.63 GB) NTFS
Drive f: (F-Platte) (Fixed) (Total:62.7 GB) (Free:39.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3DA700CC)
Partition 1: (Active) - (Size=43 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.7 GB) - (Type=OF Extended)

==================== End of log ============================
         
--- --- ---

Alt 26.06.2015, 10:07   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.06.2015, 18:24   #11
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Guten Abend, Schrauber.

Unten sind jetzt die 4 Log-Files.

ESET beanstandet ja diese F:\dff_rbno-msxml4.exe.
Wie Eingangs beschrieben, gab es ja Unregelmäßigkeiten mit diesen MSXML4-Komponenten, und dies war ein Tool aus dem WWW, das die Probleme lösen sollte, (aber nicht löste).
Ich habe das Teil sofort (leichten Herzens) gelöscht.

Nun:
Die 5 Phänomene aus meiner ersten Mail sind nach wie vor vorhanden.
(habe das immer wieder mal getestet...)

Eines noch:
Unmittelbar nach dem Booten kommt synchron mit dem Desktop ein Fensterchen:
"Windows-Installer": Die Installation wird vorbereitet. [Abbruch].
Keine Ahnung, was das sein könnte (Avira Antivir eventuell?).
Jedenfalls schließt es sich so schnell, daß ich keine Chance habe, die Prozesse zu beobachten (Taskmanager, ProcMon, Killproc oder so...)

Die ganzen Scan-Ergebnisse sind ja bis jetzt eher mager und ergeben irgendwie kein klares Feindbild.
Ich hätte an sich nur gerne Klarheit gehabt, inwieweit ich mit meiner Maschine gefährdet bin, weil ich damit doch eine Menge wichtiger Dinge erledige.
Und ob es nicht eventuell besser wäre, das WIN neu aufzusetzen.
(Was aber in meinem Fall eine enorme Arbeit wäre, (die man sich im Grunde denn doch lieber ersparen würde...)

Gibt es vielleicht noch mehr, was ich tun könnte?

Schöne Grüße
Rabanus
--------------------------------------------------------------

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# end=init
# utc_time=2015-06-19 12:50:45
# local_time=2015-06-19 02:50:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24398
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# end=updated
# utc_time=2015-06-19 12:53:50
# local_time=2015-06-19 02:53:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# end=init
# utc_time=2015-06-19 01:10:36
# local_time=2015-06-19 03:10:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24398
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# end=updated
# utc_time=2015-06-19 01:10:52
# local_time=2015-06-19 03:10:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# engine=24398
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-19 02:31:41
# local_time=2015-06-19 04:31:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 43597 186312292 0 0
# scanned=330141
# found=0
# cleaned=0
# scan_time=4848
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# end=init
# utc_time=2015-06-26 01:41:27
# local_time=2015-06-26 03:41:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24518
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# end=updated
# utc_time=2015-06-26 01:43:50
# local_time=2015-06-26 03:43:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f59d3109f908b146869d87fe6335ceec
# engine=24518
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-26 03:06:26
# local_time=2015-06-26 05:06:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 186962377 0 0
# scanned=330659
# found=1
# cleaned=0
# scan_time=4955
sh=ACF1FF5E761233392213C5C066C9E7293CD8A8C0 ft=1 fh=85b9bf718dc3ebe0 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="F:\dff_rbno-msxml4.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 xp-AntiSpy 3.98-2    
 Secunia PSI (3.0.0.7011)   
 Java 8 Update 45  
 Adobe Flash Player 	18.0.0.160  
 Mozilla Firefox (38.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by HEY (administrator) on HASI on 26-06-2015 17:22:39
Running from F:\
Loaded Profiles: HEY (Available Profiles: HEY & TECHNO)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe
(r2 studios) D:\tools\Startup Delayer\Startup Launcher GUI.exe
(Avira Operations GmbH & Co. KG) D:\vscan\antivir avira\Avira\AntiVir Desktop\avshadow.exe
(Ghisler Software GmbH) D:\PROGRAM\wincmd TOTAL\TOTALCMD.EXE
(Mozilla Corporation) D:\www\firefox\firefox.exe
(Mozilla Corporation) D:\www\firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
() D:\vscan\security check von TBoard\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => D:\vscan\antivir avira\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [StartupDelayer] => D:\tools\Startup Delayer\Startup Launcher GUI.exe [147456 2009-03-08] (r2 studios)
HKLM\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-582265673-3528206955-3743167496-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/www/S8.HTM
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-582265673-3528206955-3743167496-1000 -> {4C3AD88C-7275-436A-BABC-C03BA99F5F7C} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\vscan\AVAST\aswWebRepIE.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Handler: javascript - No CLSID Value - 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 213.33.99.70 80.120.17.70

FireFox:
========
FF ProfilePath: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default
FF DefaultSearchEngine: Google 
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Englische Ergebnisse
FF Homepage: file:///D:/www/S8.HTM
FF NetworkProxy: "autoconfig_url", "hxxp://127.0.0.1:9151/"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9150
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-20] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\PROGRAM\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\ebay-deutschland.xml [2014-04-09]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\google-.xml [2013-08-20]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\google-maps.xml [2013-10-01]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\suche--wikipedia.xml [2013-08-20]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\wiktionary.xml [2012-01-22]
FF SearchPlugin: C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\searchplugins\youtube-videosuche.xml [2014-11-24]
FF Extension: Avira Browser Safety - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-12-07]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-18]
FF Extension: anonymoX - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\client@anonymox.net.xpi [2015-02-04]
FF Extension: CookieKeeper - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\cookiekeeper@cookiekeeper.mozdev.org.xpi [2014-03-02]
FF Extension: Cookies Export/import - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\CookiesIE@yahoo.com.xpi [2014-11-18]
FF Extension: Copy Urls Expert - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-11-18]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-12-07]
FF Extension: Ghostery - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\firefox@ghostery.com.xpi [2015-01-03]
FF Extension: History Export - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\histexp@cycledlm.gmail.com.xpi [2014-11-18]
FF Extension: Lightbeam - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-11-18]
FF Extension: keyconfig - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\keyconfig@dorando.xpi [2014-03-05]
FF Extension: Deutsch (DE) Language Pack - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-04-02]
FF Extension: Reload Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\reloadplus@blackwind.xpi [2014-11-18]
FF Extension: Status-4-Evar - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\status4evar@caligonstudios.com.xpi [2012-12-07]
FF Extension: PDF Viewer - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\uriloader@pdf.js.xpi [2014-11-18]
FF Extension: Image Zoom - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-17]
FF Extension: Unhide Passwords - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2012-12-07]
FF Extension: Cookie Monster - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2012-12-07]
FF Extension: oldbar - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi [2014-11-18]
FF Extension: Compact Menu 2 - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4}.xpi [2012-12-07]
FF Extension: NoScript - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-07]
FF Extension: ReloadEvery - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2012-12-07]
FF Extension: Active Stop Button - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{9e96e0c4-9bde-49b7-989f-a4ca4bdc90bb}.xpi [2015-03-12]
FF Extension: Password Exporter - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-11-18]
FF Extension: SelectionSK - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{D0BF6ED6-4A0E-489d-B207-556474500B4E}.xpi [2013-08-24]
FF Extension: Adblock Plus - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-07]
FF Extension: Tiny Menu - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2015-01-13]
FF Extension: BetterPrivacy - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-07]
FF Extension: User Agent Switcher - C:\Users\HEY\AppData\Roaming\Mozilla\Firefox\Profiles\x2o3cn6w.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-12-05]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\vscan\antivir avira\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\vscan\antivir avira\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-29] (Nuance Communications, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; D:\vscan\MBAM\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 StarMoney 9.0 OnlineUpdate; D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "D:\vscan\AVAST\ng\vbox\AvastVBoxSVC.exe" [X]
S4 HPSLPSVC; C:\Users\HEY\AppData\Local\Temp\7zS1EF5\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 eapihdrv; C:\Users\HEY\AppData\Local\Temp\ehdrv.sys [135760 2015-06-26] (ESET)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-05-16] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-03-25] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [91840 2015-03-25] (McAfee, Inc.)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [44032 2009-12-07] (--)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 Tortilla; C:\Windows\System32\DRIVERS\tortilla.sys [10872 2013-12-21] () [File not signed]
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [339712 2011-01-21] (10Moons Technologies Co.,Ltd)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [23104 2009-11-04] (DTV-DVB)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [763584 2009-11-04] ()
S3 catchme; \??\C:\Users\HEY\AppData\Local\Temp\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 SANDRA; \??\D:\tools\REG Sandra\WNt500x86\Sandra.sys [X]
S3 Ser2plx86; system32\DRIVERS\ser2pl.sys [X]
S3 siusbmod; system32\DRIVERS\siusbmod.sys [X]
S2 VBoxAswDrv; \??\D:\vscan\AVAST\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 07:21 - 2015-06-26 07:21 - 00000603 _____ C:\Users\HEY\Desktop\JRT.txt
2015-06-25 11:53 - 2015-06-25 11:53 - 00020966 _____ C:\ComboFix.txt
2015-06-25 11:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-25 11:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-25 11:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-25 11:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-25 10:40 - 2015-06-25 11:54 - 00000000 ____D C:\Qoobox
2015-06-25 10:39 - 2015-06-25 11:51 - 00000000 ____D C:\Windows\erdnt
2015-06-25 10:25 - 2015-06-25 10:25 - 05630239 ____R (Swearware) C:\Users\HEY\Desktop\ComboFix.exe
2015-06-23 10:26 - 2015-06-25 11:40 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-22 18:37 - 2015-06-22 18:37 - 00000694 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-21 20:51 - 2015-06-21 20:51 - 00000757 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-20 18:17 - 2015-06-20 18:17 - 00000000 ____T C:\Windows\system32\USB003
2015-06-20 15:50 - 2015-06-20 15:51 - 00000000 ____D C:\Users\HEY\AbiSuite
2015-06-20 15:37 - 2015-06-20 15:37 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2015-06-20 15:12 - 2015-06-20 15:13 - 00000568 _____ C:\Windows\SecuniaPackage.log
2015-06-19 07:39 - 2015-06-24 21:05 - 00000518 _____ C:\Users\HEY\AppData\Local\UNAWAVE_EN.url
2015-06-19 07:39 - 2015-06-24 21:05 - 00000240 _____ C:\Users\HEY\AppData\Local\UPDATE.url
2015-06-19 07:39 - 2015-06-24 21:05 - 00000216 _____ C:\Users\HEY\AppData\Local\UNAWAVE_GER.url
2015-06-19 03:20 - 2015-06-19 03:20 - 00000000 ____D C:\Program Files\stinger
2015-06-18 23:24 - 2015-06-18 23:24 - 00000000 ____D C:\Program Files\ESET
2015-06-18 23:09 - 2015-06-18 23:09 - 00000000 ____D C:\Windows\Sun
2015-06-18 22:55 - 2015-06-18 22:55 - 00002679 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-06-18 16:27 - 2015-06-25 12:43 - 00036990 _____ C:\Windows\PFRO.log
2015-06-18 15:05 - 2015-06-18 23:02 - 00068592 _____ C:\Users\HEY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-18 13:44 - 2015-06-26 15:40 - 00002735 _____ C:\Windows\setupact.log
2015-06-18 13:44 - 2015-06-18 16:27 - 00302392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-18 13:44 - 2015-06-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 00:44 - 2015-06-18 00:44 - 00262144 _____ C:\Users\TECHNO
2015-06-18 00:38 - 2015-06-18 02:06 - 00000000 ____D C:\Users\HEY\SecurityScans
2015-06-18 00:38 - 2015-06-18 02:06 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2015-06-17 18:53 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-17 18:53 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-17 18:53 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-17 18:37 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-17 18:37 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-17 18:37 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-17 18:37 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-17 18:37 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-17 18:37 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-17 18:37 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-17 18:37 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-17 18:37 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-17 18:37 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-17 18:37 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-17 18:37 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-17 18:37 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-17 18:37 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-17 18:37 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-17 18:37 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-17 18:37 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-17 18:37 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-17 18:37 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-17 18:36 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-17 18:36 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-17 18:36 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-17 18:36 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-17 18:36 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-17 18:36 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-17 18:36 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-17 18:36 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-17 18:36 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-17 18:36 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-17 18:36 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-17 18:36 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-17 18:36 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-17 18:36 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-17 18:35 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-17 18:35 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-17 18:35 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-17 18:35 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-17 18:35 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-17 18:35 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-17 18:35 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-17 18:35 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-17 18:35 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-17 18:35 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-17 18:35 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-17 18:35 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-17 18:34 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-17 18:34 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-17 18:34 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-17 18:34 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-17 18:34 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-17 18:33 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-17 18:33 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-17 18:33 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-17 18:33 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-17 18:32 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-17 18:32 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-17 18:32 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-17 18:32 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-17 18:32 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-17 18:32 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-17 18:32 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-17 18:32 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-17 18:32 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-17 18:32 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-17 18:32 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-17 18:32 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-17 18:32 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-17 18:32 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-17 18:32 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-17 18:32 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-17 18:32 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-17 18:32 - 2014-12-11 19:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-17 18:32 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-17 18:32 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-17 18:32 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-17 18:32 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-17 18:32 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-17 18:32 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-17 18:32 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-17 18:32 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-17 18:32 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-17 18:32 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-17 18:32 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-17 18:32 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-17 18:32 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-17 18:32 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-17 18:32 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-17 18:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-17 18:32 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-17 18:32 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-17 18:32 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-17 18:32 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-17 18:32 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-17 18:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-17 18:32 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-06-17 18:32 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-17 18:32 - 2013-07-12 12:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-06-17 18:32 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-17 18:32 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-17 18:26 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-17 18:26 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-17 18:18 - 2015-06-17 18:18 - 00000000 ____D C:\Windows\tracing
2015-06-17 18:17 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-17 18:16 - 2015-06-17 18:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-17 18:14 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-17 18:13 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-17 18:13 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-17 18:13 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-17 18:13 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-17 18:13 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-17 18:13 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-17 18:13 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-17 18:13 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-17 18:13 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-17 18:13 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-17 18:13 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-17 18:13 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-17 18:13 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-17 18:13 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-17 18:13 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-06-17 18:13 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-06-17 18:13 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-06-17 18:13 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-06-17 18:12 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-17 18:12 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-17 18:12 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-17 18:12 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-17 18:12 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-17 18:12 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-17 18:12 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-17 18:12 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-17 18:12 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-17 18:12 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-17 18:12 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-17 18:12 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-17 18:12 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-17 18:12 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-17 18:12 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-17 18:12 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-17 18:12 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-17 18:08 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-17 18:08 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-17 17:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-17 17:43 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-17 17:42 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-17 17:42 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-17 17:42 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-17 17:42 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-17 17:40 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-17 17:40 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-17 17:40 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-17 17:40 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-17 17:40 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-17 17:40 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-06-17 17:40 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-06-17 17:39 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-17 17:39 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-17 17:39 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-17 17:39 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-17 17:39 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-17 17:39 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-17 17:39 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-17 17:39 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-17 17:39 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-17 17:39 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-17 17:39 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-17 17:39 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-17 17:39 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-17 17:39 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-17 17:39 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-17 17:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-17 17:39 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-17 17:39 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-17 17:39 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-17 17:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-17 17:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-17 17:39 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-17 17:39 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-17 17:39 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-17 17:39 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-17 17:39 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-17 17:39 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-17 17:39 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-17 17:39 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-17 17:39 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-17 17:39 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-17 17:39 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-17 17:30 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-17 17:30 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-17 17:30 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-17 17:30 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-17 17:30 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-17 17:30 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-17 17:30 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-17 17:30 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-17 17:30 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-17 17:30 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-17 17:26 - 2015-05-09 05:14 - 02937344 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 02045952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-17 17:26 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-17 17:26 - 2015-05-09 05:13 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-17 17:26 - 2015-05-09 05:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-17 17:26 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-17 17:26 - 2015-05-09 05:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-17 17:25 - 2015-05-09 20:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-17 17:25 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-17 17:25 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-17 17:25 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-17 17:25 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-06 12:07 - 2015-06-06 12:07 - 00000942 _____ C:\Users\HEY\seditor.launcher.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 17:22 - 2015-03-25 23:34 - 00000000 ____D C:\FRST
2015-06-26 16:27 - 2015-05-25 20:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-26 15:48 - 2009-07-14 06:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 15:48 - 2009-07-14 06:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-26 15:46 - 2010-11-20 23:01 - 00256048 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 15:40 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 15:39 - 2012-10-16 01:45 - 00000000 ____D C:\Users\HEY\AppData\Roaming\TV-Browser
2015-06-26 15:39 - 2012-10-13 09:39 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Spamihilator
2015-06-26 15:39 - 2012-10-09 18:45 - 01646298 _____ C:\Windows\WindowsUpdate.log
2015-06-26 08:02 - 2014-04-05 20:58 - 00000000 ____D C:\Users\HEY\AppData\Local\cmon
2015-06-26 07:12 - 2015-03-24 20:07 - 00000000 ____D C:\AdwCleaner
2015-06-26 07:05 - 2015-05-08 15:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-25 21:59 - 2012-10-11 10:10 - 00000000 ____D C:\Users\HEY\AppData\Roaming\vlc
2015-06-25 11:53 - 2013-12-20 00:52 - 00000000 ___RD C:\Users\Public
2015-06-25 11:49 - 2009-07-14 04:04 - 00000296 _____ C:\Windows\system.ini
2015-06-24 07:29 - 2015-05-07 21:18 - 00001912 _____ C:\Windows\epplauncher.mif
2015-06-23 19:07 - 2012-10-09 18:43 - 00000000 ____D C:\Users\HEY
2015-06-23 19:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-06-23 19:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-06-23 12:18 - 2012-10-10 16:35 - 00000000 ____D C:\Users\HEY\Desktop\VSCAN
2015-06-23 10:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-21 18:09 - 2012-10-10 19:34 - 00000000 ____D C:\Users\HEY\AppData\Roaming\XnView
2015-06-20 18:31 - 2012-10-23 10:02 - 00000727 _____ C:\Windows\IMAGEIN.INI
2015-06-20 15:13 - 2015-02-22 15:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-20 15:13 - 2015-02-22 15:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-19 08:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-19 02:29 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-18 20:01 - 2015-05-12 11:10 - 00000000 ____D C:\Windows\rescache
2015-06-18 15:36 - 2012-10-16 06:11 - 00000000 ____D C:\Users\HEY\AppData\Roaming\Macromedia
2015-06-18 13:41 - 2015-05-08 15:55 - 00000000 ____D C:\Users\HEY\AppData\Local\CrashDumps
2015-06-18 13:15 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-18 08:27 - 2015-05-01 17:14 - 02950477 _____ (Thisisu) C:\Users\HEY\Desktop\JRT_NEW.exe
2015-06-18 03:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-18 02:06 - 2012-10-09 18:45 - 00000000 ____D C:\Windows\SoftwareDistribution_OLD
2015-06-18 00:45 - 2014-09-20 18:01 - 00000000 __SHD C:\Users\HEY\AppData\Local\EmieUserList
2015-06-18 00:45 - 2014-09-20 18:01 - 00000000 __SHD C:\Users\HEY\AppData\Local\EmieSiteList
2015-06-17 19:33 - 2012-10-30 15:50 - 00000000 ____D C:\Windows\pss
2015-06-17 18:18 - 2015-04-10 10:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-17 18:18 - 2015-04-10 10:58 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-17 18:18 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-17 17:52 - 2010-11-21 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-17 17:30 - 2012-10-10 04:36 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-06-17 17:29 - 2014-03-12 10:47 - 00000000 ____D C:\Windows\system32\MRT
2015-06-17 17:26 - 2012-10-10 15:13 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 18:00 - 2012-11-20 19:00 - 00000325 _____ C:\Windows\KillProcess.INI
2015-06-09 11:35 - 2015-05-14 23:00 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-09 11:35 - 2015-05-14 23:00 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 11:35 - 2015-05-03 10:42 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-06 12:08 - 2013-12-19 19:54 - 00000000 ____D C:\Users\HEY\AppData\Roaming\tor
2015-06-06 12:07 - 2013-12-19 19:53 - 00000000 ____D C:\Users\HEY\AppData\Local\Vidalia
2015-05-30 14:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2012-11-05 19:40 - 2015-03-22 13:27 - 0001595 _____ () C:\Users\HEY\AppData\Roaming\SAS7_000.DAT
2014-06-18 00:35 - 2014-06-18 00:35 - 0000001 _____ () C:\Users\HEY\AppData\Local\llftool.4.25.agreement
2014-06-18 00:36 - 2014-06-18 00:36 - 0000019 _____ () C:\Users\HEY\AppData\Local\llftool.license
2014-06-18 00:43 - 2014-06-18 00:43 - 0000001 _____ () C:\Users\HEY\AppData\Local\RawCopy.1.10.agreement
2014-06-18 00:43 - 2014-06-18 00:43 - 0000001 _____ () C:\Users\HEY\AppData\Local\RawCopy.sourcedisk.index
2015-05-06 18:58 - 2015-05-06 18:58 - 0000218 _____ () C:\Users\HEY\AppData\Local\recently-used.xbel
2015-06-19 07:39 - 2015-06-24 21:05 - 0000518 _____ () C:\Users\HEY\AppData\Local\UNAWAVE_EN.url
2015-06-19 07:39 - 2015-06-24 21:05 - 0000216 _____ () C:\Users\HEY\AppData\Local\UNAWAVE_GER.url
2015-06-19 07:39 - 2015-06-24 21:05 - 0000240 _____ () C:\Users\HEY\AppData\Local\UPDATE.url
2012-11-19 00:13 - 2015-01-11 18:12 - 0017408 _____ () C:\Users\HEY\AppData\Local\WebpageIcons.db
2015-03-24 22:55 - 2015-03-24 22:55 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2014-02-16 12:46 - 2014-02-16 12:46 - 0005110 _____ () C:\ProgramData\mxnhytee.feu

Some files in TEMP:
====================
C:\Users\HEY\AppData\Local\Temp\avgnt.exe
C:\Users\HEY\AppData\Local\Temp\Quarantine.exe
C:\Users\HEY\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-06-23 07:37

==================== End of log ============================
         
--- --- ---


[CODE]
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by HEY at 2015-06-26 17:23:07
Running from F:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-582265673-3528206955-3743167496-500 - Administrator - Enabled)
Gast (S-1-5-21-582265673-3528206955-3743167496-501 - Limited - Disabled)
HEY (S-1-5-21-582265673-3528206955-3743167496-1000 - Administrator - Enabled) => C:\Users\HEY
HomeGroupUser$ (S-1-5-21-582265673-3528206955-3743167496-1004 - Limited - Enabled)
TECHNO (S-1-5-21-582265673-3528206955-3743167496-1002 - Limited - Enabled) => C:\Users\TECHNO

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 18 ActiveX (HKLM\...\{9F5C6A1A-3B30-4AD5-B998-2885AA7C26A7}) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\{2448A347-6E10-4FDE-AD25-74804743D184}) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Ahnenblatt 2.74 (HKLM\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Any Video Converter 5.7.3 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Attachment Finder for Outlook Express version 2.31.15.45 (HKLM\...\Attachment Finder for Outlook Express_is1) (Version:  - Yarrow Soft)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
Cinergy Hybrid Stick V1.00.08.06a (HKLM\...\Cinergy Hybrid Stick) (Version: 1.00.08.06a - )
c'mon Version 1.0.2 (HKLM\...\{75A58CEE-4F84-4F03-BA75-A7D4D6C986F0}_is1) (Version: 1.0.2 - sheepleap Software)
CrystalDiskInfo 5 Cynthia Alpha1 (HKLM\...\CrystalDiskInfo_is1) (Version: 5 Cynthia Alpha1 - Crystal Dew World)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dragon NaturallySpeaking 11 (HKLM\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dupe Remover for Outlook Express and Windows Mail version 3.5 (HKLM\...\{B262EDF7-B16C-447E-B203-FAD286B61F90}_is1) (Version: 3.5 - Topalt.com)
DVBViewer TERRATEC Edition (HKLM\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FormatFactory 3.00 (HKLM\...\FormatFactory) (Version: 3.00 - Free Time)
FRITZBox Anrufmonitor (HKLM\...\{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}) (Version: 1.0.1 - Bernhard Elbl)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Glary Utilities 2.52.0.1698 (HKLM\...\Glary Utilities_is1) (Version: 2.52.0.1698 - Glarysoft Ltd)
GrampsAIO32 (HKLM\...\GrampsAIO32) (Version: 3.4.5-1 - The GRAMPS project)
Graphviz (HKLM\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.34 - AT&T Research Labs.)
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
Hex-Editor MX (HKLM\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Inkscape 0.48.5 (HKLM\...\Inkscape) (Version: 0.48.5 - )
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KC Softwares SUMo (HKLM\...\KC Softwares SUMo_is1) (Version: 3.10.7.234 - KC Softwares)
Ladegeräte 4.02  (HKLM\...\Ladegeräte) (Version: 4.02 - )
Lotus SmartSuite Version 9 (HKLM\...\SmartSuite V98.0) (Version:  - )
Macromedia Extension Manager (HKLM\...\{0F022A2E-7022-497D-90A5-0F46746D8275}) (Version: 1.7.270 - Ihr Firmenname)
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF-XChange Editor (HKLM\...\{117E49F3-4985-41EC-90AD-72C09CEAB639}) (Version: 3.0.302.0 - Tracker Software Products (Canada) Ltd.)
PhonerLite 2.15 (HKLM\...\PhonerLite_is1) (Version: 2.15 - Heiko Sommerfeldt)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spamihilator 1.6.0 (32-Bit) (HKLM\...\{624CDCC7-9E58-46FE-956B-04A8004A9FCC}) (Version: 1.6.0 - Michel Krämer)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0  (HKLM\...\{70BEE0AE-B265-49E1-AC04-AFAFA99B4DE7}) (Version: 9.0 - Star Finanz GmbH)
TerraTec Home Cinema (HKLM\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.24.8 - )
THC Codec Patch (HKLM\...\{03DF2CB2-FF23-47F7-8754-8C3938A5F44C}) (Version: 1.00.0000 - )
Tor 0.2.4.22 (HKLM\...\Tor) (Version:  - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV-Browser 3.4.0.1 (HKLM\...\tvbrowser) (Version: 3.4.0.1 - TV-Browser Team)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Vidalia 0.2.21 (HKLM\...\Vidalia) (Version:  - )
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (HKLM\...\{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wondershare Video Editor(Build 3.1.1) (HKLM\...\Wondershare Video Editor_is1) (Version: 3.1.1.1 - Wondershare Software)
XnView 2.13 (HKLM\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{53DEC138-A51E-11D2-861E-00C04FA35C89}\InprocServer32 -> D:\PROGRAM\symphony IBM\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.1.20101013-2236\os\win32\x86\tlogpsdll.DLL ()
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{A69145EB-EB83-4485-AF49-62619B164E34}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{c59c69c9-35fa-4bd3-9fb7-c38606f8547d}\localserver32 -> D:\PROGRAM\symphony IBM\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.1.20101013-2236\os\win32\x86\IEOOP.exe (IBM)
CustomCLSID: HKU\S-1-5-21-582265673-3528206955-3743167496-1000_Classes\CLSID\{E33509A4-EB8B-4BB2-A55A-626EE4DBA50F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

23-06-2015 17:46:30 avast! antivirus system restore point
23-06-2015 17:57:54 avast! antivirus system restore point
23-06-2015 19:04:53 Wiederherstellungsvorgang
24-06-2015 15:17:49 Windows Update

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0861D335-02CD-4F39-A489-9148E0D9D1D3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {2DFAEE35-CB40-4231-87B7-AAA57E081560} - System32\Tasks\{AD457501-6A49-4D41-8DAF-0D971FB98F17} => pcalua.exe -a "F:\CX70 USB   setupSiemens-DCA-140-540v1.0.7.exe" -d f:\
Task: {35635A3A-D090-47AA-AD8A-1CF041D2194C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3FD6F459-7231-4BEE-ADED-6C99850E0FEA} - System32\Tasks\{873E92E0-76AE-433B-AF2C-1D9D743C6F98} => pcalua.exe -a D:\vscan\spamihilator\wizard.exe -d D:\vscan\spamihilator\
Task: {520BC68B-68A1-4C81-B3F6-58222F2D44F3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {957C3813-079D-4B25-9E2C-878BCE7812F9} - System32\Tasks\sd => C:\Windows\system32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {96737689-332C-4E97-89D6-CB699C9C4D73} - System32\Tasks\GlaryInitialize => D:\tools\REG Glary\initialize.exe [2013-01-05] (Glarysoft Ltd)
Task: {9A985331-8D98-4767-9D65-27BBA73006B1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {B9587736-E5B2-40FC-8DF5-15EBB9186AF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-20] (Adobe Systems Incorporated)
Task: {BF85B74A-C67A-43C7-A871-0A12989158C5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {C2191ED4-320D-446B-97A1-7A2801D8570B} - System32\Tasks\avast! Emergency Update => D:\vscan\AVAST\AvastEmUpdate.exe
Task: {DE5EE42B-C04D-4936-886E-AEBF63FDE9C0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215piUpdateInfo.job => C:\ProgramData\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => D:\tools\REG Glary\initialize.exe

==================== Loaded Modules (Whitelisted) ==============

2013-02-20 13:04 - 1998-02-05 20:16 - 00018432 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\jDocPrc.dll
2014-06-18 07:54 - 2010-07-04 23:32 - 00010752 _____ () D:\tools\Unlocker\UnlockerCOM.dll
2015-06-20 15:13 - 2015-06-20 15:13 - 17321648 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll
2015-06-26 17:20 - 2015-06-26 17:19 - 00852662 _____ () D:\vscan\security check von TBoard\SecurityCheck.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-582265673-3528206955-3743167496-1000\...\windowsupdate.com -> windowsupdate.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12683 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-582265673-3528206955-3743167496-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 213.33.99.70 - 80.120.17.70

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{EEE5FE62-739C-4051-9574-B98975824551}Z:\stausau\stausau.exe] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [UDP Query User{AC5A39C0-D333-4C0D-B915-F63288C77065}Z:\stausau\stausau.exe] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [{EDFF3B3D-3D91-48F1-AA9E-FBA042A57714}] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [{8CB7DA3E-5ADA-4AE6-A9C8-8D7C1D838C14}] => (Allow) Z:\stausau\stausau.exe
FirewallRules: [TCP Query User{16FCFCDC-AB20-4594-8674-C89ABAA7B12B}C:5\stausau\stausau.exe] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [UDP Query User{64F1CFBB-FC0C-4C60-86F8-3456AB4E247D}C:5\stausau\stausau.exe] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{03AAAA8F-0E88-43E6-8161-1D9576F3B4EC}] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{2681CA6F-7BA7-4239-9EEA-6EA139620088}] => (Allow) C:5\stausau\stausau.exe
FirewallRules: [{E036EFC6-8BF4-4784-A1D5-62E87BC1C2A1}] => (Allow) LPort=51001
FirewallRules: [{9EC1E511-888E-4C96-825B-6583DF2E3343}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{57D043C2-01C4-4102-84A9-09C534E79DA5}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{F168206D-CDCC-4A28-9C52-6E3005AE1E2E}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{7D29F709-045B-4BF3-963B-FB3B29007721}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{EE88DF99-8558-47E1-87F3-4889DE69721B}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [{E22176C1-B5AF-491A-B316-626EF85B3240}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [TCP Query User{A5DA919E-670C-4C2B-8A51-E08C7AF4AEB0}C:4\stausau\stausau.exe] => (Allow) C:4\stausau\stausau.exe
FirewallRules: [UDP Query User{F275DC67-8555-47B3-B150-9D416CCB3831}C:4\stausau\stausau.exe] => (Allow) C:4\stausau\stausau.exe
FirewallRules: [{596C8ADB-C3BB-4804-B4D6-FAD98AE74E95}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{243AFF66-87B2-4586-8ED3-2A2A929D5D9F}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{0DAEE702-C881-4DB7-9A0F-BB87D368A8D3}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{C544B031-9DE8-4714-9537-396698B9974D}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{A44BBFFB-38EF-4323-ACB3-9FF61E030291}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{535A7A2A-D4D2-457A-B8AA-EF38620950E4}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{4AF7D4A8-29A1-48AD-AE91-342C604C5652}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{E41CE52E-5AC2-4356-8DD3-AB2475372040}] => (Allow) D:\system\DVB-T Terratec\CinergyDvr.exe
FirewallRules: [{E68867D3-562F-409F-827C-760A9F027470}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [{2ACAB2F9-0B51-4E9C-9BB1-24E36E94B633}] => (Allow) D:\system\DVB-T Terratec\VersionCheck\VersionCheck.exe
FirewallRules: [TCP Query User{24EAF5F5-4155-4EA8-99BE-AAFB9CEB0E88}D:\program\vlc\vlc.exe] => (Allow) D:\program\vlc\vlc.exe
FirewallRules: [UDP Query User{A563107B-2437-409A-8F8E-CEAD40363473}D:\program\vlc\vlc.exe] => (Allow) D:\program\vlc\vlc.exe
FirewallRules: [TCP Query User{465DFC31-927C-49EC-834F-7CCAB035478F}C:2\stausau\stausau.exe] => (Allow) C:2\stausau\stausau.exe
FirewallRules: [UDP Query User{B8EF9947-322D-4DDD-BD08-4D027FC5C5BC}C:2\stausau\stausau.exe] => (Allow) C:2\stausau\stausau.exe
FirewallRules: [TCP Query User{1069438B-8837-490B-9DBD-E45AA096BADD}D:\program\wincmd total\totalcmd.exe] => (Allow) D:\program\wincmd total\totalcmd.exe
FirewallRules: [UDP Query User{CF358071-938C-4009-B701-A9DD5407D815}D:\program\wincmd total\totalcmd.exe] => (Allow) D:\program\wincmd total\totalcmd.exe
FirewallRules: [TCP Query User{783C08C3-58CB-47E3-B1D1-289BC0AA9D38}C:0\stausau\stausau.exe] => (Allow) C:0\stausau\stausau.exe
FirewallRules: [UDP Query User{C2D7DE1A-B390-417E-A47A-C5CEB2D5A1FF}C:0\stausau\stausau.exe] => (Allow) C:0\stausau\stausau.exe
FirewallRules: [{7B68A0F7-C27E-4544-BDB8-DDE54F023B15}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{9D867F3B-BB7E-438A-AD2D-BE9F65C61203}Z:\stausau\doppl\stausau.exe] => (Allow) Z:\stausau\doppl\stausau.exe
FirewallRules: [UDP Query User{D2A6E986-244D-414F-B940-DC9E758DE105}Z:\stausau\doppl\stausau.exe] => (Allow) Z:\stausau\doppl\stausau.exe
FirewallRules: [{D5AEBD1D-33CA-441A-A770-6701FDE6978E}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{2432250D-9297-41B8-9EA1-2683E60490C7}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{A6DFE1CF-D09C-4180-B81A-9BDD6032964F}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{8D594778-9337-47CE-9393-B858452A6DB0}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{35BB9939-281B-4226-98F0-F699F3341190}] => (Allow) D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{25EC2B1F-30BC-492E-B213-7314A35623B5}] => (Allow) D:\PROGRAM\Starmoney 9\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{4FDF767B-2235-4CF7-896F-F81D7FABF919}] => (Allow) D:\PROGRAM\Starmoney 9\app\StarMoney.exe
FirewallRules: [{4FB2E3A6-31E5-4E78-8AEE-1F1999766B79}] => (Allow) D:\PROGRAM\Starmoney 9\app\StarMoney.exe
FirewallRules: [{B8F86095-890C-4800-9FC2-A7D003DEACC9}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{CC240133-CAEA-4A3B-9988-5EDB3595BE21}] => (Allow) D:\vscan\spamihilator\spamihilator.exe
FirewallRules: [{E8CEFFA2-0C9D-43C7-998E-8D389F67CC7D}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{05B845B7-27AA-4D03-B9BC-681AFF6281F9}] => (Allow) D:\vscan\spamihilator\cdcc.exe
FirewallRules: [{948C67DC-6769-44F8-93BE-27099544F310}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{C658F4EF-1D57-4CC2-AD28-22C7A64B0EB8}] => (Allow) D:\vscan\spamihilator\dccproc.exe
FirewallRules: [{A8AE38A8-5479-48EF-B048-E6CCF6AF613B}] => (Allow) D:\system\DVB-T Terratec\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{FED31304-BB9E-4375-B357-A6C9D62AD053}] => (Allow) D:\system\DVB-T Terratec\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{3EDE1FDD-96D9-475F-8EBE-B535A3C1EC93}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [{A1E953F6-A9C2-454F-90BE-01AD6FF9D30D}] => (Allow) D:\system\DVB-T Terratec\InstTool.exe
FirewallRules: [TCP Query User{8DCCEEF1-7073-4C7F-A5D1-C337EB222C46}D:\program\pdf libre office\program\soffice.bin] => (Allow) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [UDP Query User{DB298202-7346-45D9-8F56-328CFBE2715A}D:\program\pdf libre office\program\soffice.bin] => (Allow) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [TCP Query User{47450C1D-2C9D-4CC7-9020-3B3E20C07BAE}D:\www\schleier\vidalia bundle mit tor\tor\tor.exe] => (Allow) D:\www\schleier\vidalia bundle mit tor\tor\tor.exe
FirewallRules: [UDP Query User{F484BF2A-74B7-470D-BF09-E909AD3DA611}D:\www\schleier\vidalia bundle mit tor\tor\tor.exe] => (Allow) D:\www\schleier\vidalia bundle mit tor\tor\tor.exe
FirewallRules: [TCP Query User{CF7D2F4B-ECA9-4FB5-BB32-A55EA325A135}D:\system\voip phoner light\phonerlite.exe] => (Allow) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [UDP Query User{CE0CFC6D-DEB4-4E3F-B359-7B95F8628FDC}D:\system\voip phoner light\phonerlite.exe] => (Allow) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [{2347E8A6-CDC6-4A73-A5BA-6A11C52FAC4A}] => (Block) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [{D0567FAD-B88E-4E76-873E-2B1F2B16FB68}] => (Block) D:\system\voip phoner light\phonerlite.exe
FirewallRules: [TCP Query User{13C5BB12-B93D-4391-90D6-9F5FE16E288F}C:6\stausau\stausau.exe] => (Block) C:6\stausau\stausau.exe
FirewallRules: [UDP Query User{12DB9945-1D94-4979-89FB-5FDD53157822}C:6\stausau\stausau.exe] => (Block) C:6\stausau\stausau.exe
FirewallRules: [TCP Query User{F139670F-4685-4B51-894D-E5CBD4A45EA2}D:\program\pdf libre office\program\soffice.bin] => (Block) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [UDP Query User{5596FAE2-D805-4934-8E58-781A41C16D42}D:\program\pdf libre office\program\soffice.bin] => (Block) D:\program\pdf libre office\program\soffice.bin
FirewallRules: [{9C93CACF-8262-4F15-8A0F-B5BC5B2A7D3C}] => (Allow) D:\www\firefox\firefox.exe
FirewallRules: [{70AB2EDB-BEEF-4A15-A288-467404B9F228}] => (Allow) D:\www\firefox\firefox.exe
FirewallRules: [TCP Query User{DB4BE0B1-0D8C-4CDC-8686-64F8A537F98D}D:\www\firefox\firefox.exe] => (Block) D:\www\firefox\firefox.exe
FirewallRules: [UDP Query User{7A69564C-A873-45CD-8DA9-BEA315B88EDC}D:\www\firefox\firefox.exe] => (Block) D:\www\firefox\firefox.exe
FirewallRules: [{E3A163E3-96B0-4748-B483-873E6D3EE7AA}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{39A46D41-154F-4B96-B1FA-0CA92F687077}] => (Allow) D:\www\tvbrowser\tvbrowser.exe
FirewallRules: [{68B89C0B-1EA7-4366-957F-930BD80AD5E1}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{E244EB9B-05EA-4BB1-8686-AE02BACB844C}] => (Allow) D:\www\tvbrowser\tvbrowser_noDD.exe
FirewallRules: [{80F12F8F-9F38-40FB-840F-958090710B51}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5D0D6060-EBEE-4478-85C0-68872D2C4483}] => (Allow) D:\vscan\AVAST\ng\vbox\aswFe.exe
FirewallRules: [{7CDA9FB4-B489-48E2-9F3B-FE4CF1920EA4}] => (Allow) D:\vscan\AVAST\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2015 05:57:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f8bb298a-292b-451f-93db-822daef74801}

Error: (06/23/2015 05:46:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d89667a-9bd4-431c-a16f-a79438964122}

Error: (06/21/2015 08:47:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b827255e-1160-4208-b124-6c82054f15ae}

Error: (06/18/2015 01:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0x5f4
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 06:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 06:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillProcess.exe, Version: 5.0.0.5, Zeitstempel: 0x3d19f654
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b9e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000100b9
ID des fehlerhaften Prozesses: 0xf08
Startzeit der fehlerhaften Anwendung: 0xKillProcess.exe0
Pfad der fehlerhaften Anwendung: KillProcess.exe1
Pfad des fehlerhaften Moduls: KillProcess.exe2
Berichtskennung: KillProcess.exe3

Error: (06/17/2015 00:00:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/17/2015 11:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/17/2015 11:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2015 06:23:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/26/2015 03:42:25 PM) (Source: WMPNetworkSvc) (EventID: 14319) (User: )
Description: WMPNetworkSvc

Error: (06/26/2015 03:40:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:25 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:14 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/26/2015 03:40:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (06/26/2015 03:39:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}


Microsoft Office:
=========================
Error: (06/23/2015 05:57:53 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f8bb298a-292b-451f-93db-822daef74801}

Error: (06/23/2015 05:46:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d89667a-9bd4-431c-a16f-a79438964122}

Error: (06/21/2015 08:47:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b827255e-1160-4208-b124-6c82054f15ae}

Error: (06/18/2015 01:40:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b95f401d0a9bb992b7ae5D:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dlld82fb7aa-15ae-11e5-9cfc-60eb69953d0f

Error: (06/17/2015 06:03:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b9136c01d0a91732e1a8d8D:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dll70e7130e-150a-11e5-8183-60eb69953d0f

Error: (06/17/2015 06:03:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KillProcess.exe5.0.0.53d19f654SHLWAPI.dll6.1.7601.175144ce7b9e2c0000005000100b9f0801d0a9172d9e895eD:\tools\KillProcess\KillProcess.exeC:\Windows\system32\SHLWAPI.dll6c18d72a-150a-11e5-8183-60eb69953d0f

Error: (06/17/2015 00:00:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\system\SONY XPERIA\Flashtool 9_10\FlashTool64.exe

Error: (06/17/2015 11:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"d:\PROGRAM\wincmd total\TCUNIN64.EXE

Error: (06/17/2015 11:56:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\PROGRAM\Stammbaum für gramps  graphviz-2.34 per MSI\bin\mingle.exe

Error: (06/14/2015 06:23:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\system\SONY XPERIA\Flashtool 9_10\FlashTool64.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-25 22:08:24.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:07:25.155
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:07:06.887
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:06:43.727
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:03:54.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 22:03:33.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-25 21:59:52.157
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-21 20:56:40.170
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-21 20:52:50.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 21:21:34.569
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\comdlg32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 68%
Total physical RAM: 3004.5 MB
Available physical RAM: 948.02 MB
Total Pagefile: 4946.77 MB
Available Pagefile: 2834.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.43 MB

==================== Drives ================================

Drive c: (C-PLATTE) (Fixed) (Total:42.98 GB) (Free:4.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (D-Platte) (Fixed) (Total:43.96 GB) (Free:10.03 GB) NTFS
Drive e: (E-Platte) (Fixed) (Total:87.88 GB) (Free:50.63 GB) NTFS
Drive f: (F-Platte) (Fixed) (Total:62.7 GB) (Free:39.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3DA700CC)
Partition 1: (Active) - (Size=43 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.7 GB) - (Type=OF Extended)

==================== End of log ============================
         
--- --- ---

Alt 27.06.2015, 08:41   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Versuchen wir mal was:

Windows Repair Tool laufen lassen:
Windows reparieren - so geht's - Anleitungen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.06.2015, 16:04   #13
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Hallo, Schrauber,

vielen Dank für die Mail.

Ich habe nun "Windows Repair (All-in-one) von Tweaking.com" (mit viel Vertrauen) komplett mit allen Bereinigungs-Optionen durchlaufen lassen.
Da werden zwar etliche Einstellungen resettet, aber verbessert hat sich dadurch nichts.
(Leider gibt es keine Protokolle.)

Zusätzlich noch das dort empfohlene "Superantispyware"-Programm - ebenfalls keine Wirkung.

Es bleibt dabei: Kein Avast, Update zickt, kein abgesicherter Modus und vor allem kein Patch für bis 64GB Ram für WIN 7 / 32 Bit.
Letzteres ist besonders frustran. Was soll ich mit 12 GB RAM und SSD, wenn WIN ab knapp 4GB anfängt, wie wild zu pagen (Auslagerungsdatei)...

Gibt es denn eventuell noch etwas, was ich unternehmen kann ?

Schöne Grüße
Rabanus
--------------------------------------------------------------

Alt 28.06.2015, 12:17   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Zitat:
und vor allem kein Patch für bis 64GB Ram für WIN 7 / 32 Bit
Ok, du hast viele Probleme, aber das hier ist kein Problem, sondern völlig normal. Du willst mehr als 4GB Ram nutzen? Dann musst Du ein 64Bit Betriebssystem installieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.06.2015, 13:39   #15
rabanus
 
Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Standard

Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.



Hallo, Schrauber,

klar, mit diesem Hinweis hatte ich zu rechnen.

Das Thema wird ja im Netz SEHR kontrovers diskutiert...

Ich hatte jedenfalls gepatched, sodaß sogar der Taskmanager voll verfügbare 12 GB RAM auswies. Und der muß es ja wissen...
Keine Auslagerungsdatei mehr nötig, trotzdem nie Hinweis auf Speichermangel.
Alles lief flotter und die SSD wurde geschont.

Ich hatte ursprünglich die 64bit-Version, aber da war der Kompatibilitätsmodus für 32- und 16-bit Anwendungen völlig unbefriedigend. Und Dosbox, virtuelle Maschinen und so, dazu hatte ich einfach keine Lust.

(Es ist übrigens zu lesen, daß Microsoft seit 2003 intern mit 36bit operiert und die Geschichte ab 32bit blockiert. Also 2hoch36=64GB theoretisch - und eben auch praktisch - möglich sind. Das findet sogar auf den MS-Seiten selbst Erwähnung.)

Aber wie gesagt, da kann man natürlich auch anderer Meinung sein...

Wenn es nun wirklich keine weiteren diagnostischen Möglichkeiten mehr gibt, dann möchte ich mich auf jeden Fall ganz herzlich für die Mühewaltung bedanken.
Perfekt !

Es ist wirklich beruhigend, zu wissen, daß hier keine bösartigen Objekte ihr Unwesen treiben.

Schöne Grüße
Rabanus

P.S.:
Die Tattoos sind wirklich sehr beeindruckend !

Antwort

Themen zu Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.
.dll, aktivieren, avast, boot, bytes, c:\windows, gelöscht, gleichzeitig, guten, microsoft, modus, nicht mehr, photoshop, ram, software, system, system32, trojaner, updates, verdacht, verseucht, version, win7, windows, windows 7



Ähnliche Themen: Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.


  1. Windows 8 startet nicht mehr und auch kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 09.11.2015 (7)
  2. Windows XP: GVU Sperrbildschirm, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.05.2014 (17)
  3. Immer wieder Bluescreen Windows XP / kein abgesicherter Modus möglich
    Alles rund um Windows - 26.01.2014 (3)
  4. Windows Xp *BKA*-Trojaner kein Abgesicherter Modus möglich
    Log-Analyse und Auswertung - 15.09.2013 (5)
  5. GVU Trojaner Windows XP - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  6. Bundespolizei, Trojaner, Windows XP, Kein Taskmanager, kein abgesicherter Modus
    Log-Analyse und Auswertung - 14.04.2013 (20)
  7. nach fast fertiger xp reperaturinstallation kein abgesicherter modus und keine windows anmeldung möglich
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (0)
  8. GVU Trojaner auf Windows XP, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 17.03.2013 (4)
  9. GVU Trojaner - Windows XP SP3 - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (14)
  10. GVU Trojaner auf Windows XP, kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (18)
  11. BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (40)
  12. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 08.08.2012 (9)
  13. Windows XP Verschlüsselungstrojaner blockert das System - kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 11.05.2012 (17)
  14. Avast- kein Avast Internet Security-Programm Update möglich 29.02.2012
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (3)
  15. BKA Virus - kein abgesicherter Modus möglich - Windows XP
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (4)
  16. Kein Antiviren-Programm und auch kein abgesicherter Modus mehr möglich
    Log-Analyse und Auswertung - 12.02.2007 (1)
  17. kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 01.11.2004 (1)

Zum Thema Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. - Guten Tag. Ich habe den Verdacht auf einen Trojaner: 1.) Der abgesicherte Modus geht nicht per F8, es kommt kein Menü. (Mit Gewalt, per MSCONFIG, läuft er aber einwandfrei,) 2.) - Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW....
Archiv
Du betrachtest: Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.