Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.07.2015, 17:17   #1
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



- unberechtigte Buchungen auf Online-Konten festgestellt; unberechtigte Rechnungen erhalten;
- unberechtigte Abbuchungen auf Bank-Konto (über Lastschriftermächtigungen);
- teilweise kein Einloggen auf den Online-Konten von diversen Anbietern (mit eMail-Adresse und "altem" Passwort) mehr möglich;
- soweit möglich wurden die entsprechenden Händler kontaktiert und über das Problem informiert mit der Bitte, die Konten zu sperren; Anzeige wg Computerbetrug ua wurde erstattet;
- "normale" Virenprogramme (Avira + Spybot SD) finden keine verdächtigen Daten;
Ich habe nun die Befürchtung, dass sich ein Virus auf dem Computer befindet, der zumindest die Passwörter ausspähen kann.
Für Ihre Hilfe danke ich im Voraus.
mfg
I. Grub

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:01 on 21/07/2015 (i.grub)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by i.grub (administrator) on IGRUB-TOSH on 21-07-2015 17:37:21
Running from C:\Users\i.grub\Downloads
Loaded Profiles: i.grub (Available Profiles: i.grub & a.grub & Sarah & Fabian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Ocs_SM] => C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-01-21] (OCS)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2010-10-15] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RadioRage AppIntegrator 32-bit] => C:\PROGRA~2\RADIOR~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [RadioRage AppIntegrator 64-bit] => C:\PROGRA~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_31\bin\jusched.exe"
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 32-bit] => C:\PROGRA~2\ELITEU~1\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [Elite Unzip AppIntegrator 64-bit] => C:\PROGRA~2\ELITEU~1\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [Arcor Online] => [X]
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6070040 2013-04-23] (Piriform Ltd)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\a.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-14]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-07-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2011-05-19]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk [2013-08-05]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-20]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-4106851975-1791392289-4257475713-1003\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4106851975-1791392289-4257475713-1002\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^man000^YYA^&ptb=0E21E33B-E3EA-4BBB-831D-FBEAD6061710&ind=2015012910&n=781aa82e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414446415F6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D071615-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^man000^YYA^&ptb=0E21E33B-E3EA-4BBB-831D-FBEAD6061710&ind=2015012910&n=781aa82e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {134966F0-C7F4-43FC-98F8-5A4B94504718} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^DE&gct=&itbv=12.23.0.15&apn_uid=0196B0D0-5F4D-4950-983A-53EE0BFC52CD&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^DE&apn_dbr=ie&doi=2015-01-31&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {2938A84F-359F-4435-AA1B-92D2FA1C79CB} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {2BF29A1A-3E9B-4D25-AD63-FC9F39CE968F} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {4DC58A45-E0B8-4E4E-B8B0-6624DE9E611D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414446415F6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {70FB88F2-6A2E-43FD-BDAD-A50A247ABA56} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D34343535362D393430302D392F343F73617469746C653D7B7365617263685465726D737D&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {746DD7C1-EDBA-4D28-BE76-78EBF3CC6045} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F67702F7365617263683F69653D55544638266B6579776F7264733D7B7365617263685465726D737D267461673D746F636869626164652D77696E372D69652D7365617263682D323126696E6465783D626C656E646564266C696E6B436F64653D757232&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&k=0
SearchScopes: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> {F943A04A-4B91-451B-A393-07C2FCAF3E5F} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{02044DE9-D0E8-4D7A-B161-CCCB42A20904}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{07549D3A-D03E-4DF1-B049-BC57FFC4DACB}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4106851975-1791392289-4257475713-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\i.grub\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-26] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\i.grub\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchAnonymizer; C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-01-21] () [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2013-04-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-01-24] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2010-11-11] (GEAR Software Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-01-24] () [File not signed]
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 17:37 - 2015-07-21 17:37 - 00027065 _____ C:\Users\i.grub\Downloads\FRST.txt
2015-07-21 17:37 - 2015-07-21 17:37 - 00000000 ____D C:\FRST
2015-07-21 17:36 - 2015-07-21 17:36 - 02135552 _____ (Farbar) C:\Users\i.grub\Downloads\FRST64.exe
2015-07-21 17:31 - 2015-07-21 17:35 - 00000474 _____ C:\Users\i.grub\Downloads\defogger_disable.log
2015-07-21 17:31 - 2015-07-21 17:31 - 00050477 _____ C:\Users\i.grub\Downloads\Defogger.exe
2015-07-21 17:31 - 2015-07-21 17:31 - 00000000 _____ C:\Users\i.grub\defogger_reenable
2015-07-21 17:07 - 2015-07-21 17:07 - 00000811 _____ C:\Windows\setupact.log
2015-07-21 17:07 - 2015-07-21 17:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-21 07:23 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 07:23 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 07:23 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 07:23 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 07:42 - 2015-07-17 07:42 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-17 07:41 - 2015-07-17 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-17 07:41 - 2015-07-17 07:41 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-17 07:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-17 07:35 - 2015-07-17 07:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (2).exe
2015-07-16 18:42 - 2015-07-16 18:42 - 19198128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-16 18:37 - 2015-07-17 07:32 - 00000102 _____ C:\prefs.js
2015-07-16 18:37 - 2015-07-16 18:37 - 00000000 ____D C:\searchplugins
2015-07-16 18:35 - 2015-07-16 19:08 - 00002968 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-16 18:35 - 2015-07-16 19:08 - 00002968 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-07-16 18:35 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-07-16 18:35 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-07-16 18:30 - 2015-07-17 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-16 18:25 - 2015-07-16 18:25 - 02024048 _____ C:\Users\i.grub\Downloads\AdAware117WebInstaller (1).exe
2015-07-16 18:24 - 2015-07-16 18:25 - 02024048 _____ C:\Users\i.grub\Downloads\AdAware117WebInstaller.exe
2015-07-15 19:40 - 2015-07-15 19:39 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-194050.backup
2015-07-15 17:44 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-15 17:26 - 2015-07-15 17:27 - 35679667 _____ C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209 (1).zip
2015-07-15 17:25 - 2015-07-15 17:25 - 00000000 ____D C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209
2015-07-15 17:24 - 2015-07-15 17:25 - 35679667 _____ C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209.zip
2015-07-15 17:19 - 2015-07-15 17:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4.exe
2015-07-15 17:19 - 2015-07-15 17:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (1).exe
2015-07-15 13:51 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 13:51 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 13:51 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 13:51 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 13:51 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 13:51 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 13:51 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 13:51 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 13:51 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 13:51 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 13:51 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 13:51 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 13:51 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 13:51 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 13:51 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 13:51 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 13:51 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 13:51 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 13:51 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 13:51 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 13:51 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:51 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 13:51 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 13:51 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 13:51 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 13:50 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 13:50 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 13:50 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 13:50 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 13:50 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 13:50 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 13:50 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 13:50 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 13:50 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 13:50 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 13:50 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 13:50 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 13:50 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 13:50 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 13:50 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 13:50 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 13:50 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 13:50 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 13:50 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 13:50 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 13:50 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 13:50 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 13:50 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 13:50 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 13:50 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 13:50 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 13:50 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 13:50 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 13:50 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 13:50 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 13:50 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 13:50 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 13:50 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 13:50 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 13:50 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 13:50 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 13:50 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 13:50 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 13:50 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 13:50 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 13:50 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 13:50 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 13:50 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 13:50 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 13:49 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:49 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 13:49 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 13:49 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 13:49 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 13:49 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 13:49 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 13:49 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 13:49 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 13:49 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 13:49 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 13:49 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 13:49 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 13:49 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 13:49 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 13:49 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 13:49 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:49 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:49 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 13:49 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 13:48 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 13:48 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 13:48 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 13:48 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 13:48 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 13:48 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:48 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 13:48 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 13:48 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 13:48 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 13:48 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 13:48 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 23:04 - 2015-07-14 23:05 - 00000000 ____D C:\Users\i.grub\Documents\Hacker-Angriff
2015-07-14 19:45 - 2015-07-14 19:45 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-14 19:45 - 2015-07-14 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-14 19:43 - 2015-07-14 19:45 - 00000000 ____D C:\Program Files\iTunes
2015-07-14 19:43 - 2015-07-14 19:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-14 19:43 - 2015-07-14 19:43 - 00000000 ____D C:\Program Files\iPod
2015-07-14 19:33 - 2015-07-14 19:34 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-14 19:33 - 2015-07-14 19:33 - 00001852 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-14 19:33 - 2015-07-14 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 17:31 - 2010-06-11 18:37 - 00000000 ____D C:\Users\i.grub
2015-07-21 17:06 - 2013-01-12 20:51 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-21 16:59 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-21 16:59 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-21 16:56 - 2015-05-08 23:19 - 00000000 ____D C:\Users\i.grub\AppData\Roaming\Apple Computer
2015-07-21 16:55 - 2015-06-14 22:33 - 01515126 _____ C:\Windows\WindowsUpdate.log
2015-07-21 16:41 - 2015-01-25 11:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-21 13:16 - 2013-03-10 21:04 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-21 13:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 19:27 - 2011-10-19 15:42 - 00000000 ____D C:\Users\i.grub\AppData\Roaming\Aquamarin Haushaltsbuch
2015-07-20 18:07 - 2012-10-28 10:29 - 00000000 ____D C:\Users\i.grub\Documents\LDW
2015-07-20 18:06 - 2010-11-09 10:02 - 00000000 ____D C:\Users\i.grub\Divers
2015-07-19 10:26 - 2010-06-11 20:20 - 00002854 _____ C:\Users\i.grub\AppData\Roaming\wklnhst.dat
2015-07-17 07:56 - 2013-01-19 19:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-17 07:44 - 2015-01-25 11:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 07:44 - 2015-01-25 11:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-17 07:44 - 2015-01-25 11:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-17 07:43 - 2014-08-21 16:54 - 00000000 ____D C:\Users\i.grub\AppData\Local\Adobe
2015-07-17 07:41 - 2011-02-14 13:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-16 19:00 - 2013-01-21 17:21 - 00013274 _____ C:\Windows\wininit.ini
2015-07-16 06:35 - 2015-04-07 22:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 06:35 - 2015-04-07 22:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 06:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 06:34 - 2014-12-11 07:45 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:34 - 2014-05-06 22:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 01:37 - 2009-09-11 10:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 01:25 - 2013-08-05 09:35 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 20:49 - 2014-12-14 23:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 20:47 - 2015-01-08 16:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:40 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150720-135921.backup
2015-07-14 19:43 - 2015-05-08 23:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-14 16:29 - 2015-01-24 16:52 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422111116
2015-07-14 16:29 - 2013-01-29 22:59 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 12:35 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-193959.backup
2015-07-13 21:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 14:08 - 2009-07-14 19:58 - 06740660 _____ C:\Windows\system32\perfh007.dat
2015-07-10 14:08 - 2009-07-14 19:58 - 02083118 _____ C:\Windows\system32\perfc007.dat
2015-07-10 14:08 - 2009-07-14 07:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 19:59 - 2010-10-11 21:36 - 00000000 ____D C:\Users\i.grub\Infos
2015-07-06 18:13 - 2014-08-08 12:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-06 18:13 - 2013-03-25 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-06 18:12 - 2013-03-25 17:56 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-03 08:43 - 2010-06-14 22:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 17:45 - 2015-05-08 23:16 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-30 00:15 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150714-123550.backup
2015-06-29 15:55 - 2015-04-26 10:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-27 16:17 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-23 13:57 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-22 16:18 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-21 12:06 - 2011-02-09 13:21 - 00000000 ____D C:\Program Files (x86)\LucasArts

==================== Files in the root of some directories =======

2010-06-11 20:20 - 2015-07-19 10:26 - 0002854 _____ () C:\Users\i.grub\AppData\Roaming\wklnhst.dat
2013-01-13 17:50 - 2009-08-27 12:09 - 0013264 _____ (Arcor Online GmbH) C:\Users\i.grub\AppData\Local\cmdial32.dll
2013-01-13 17:52 - 2015-04-26 20:28 - 0000022 _____ () C:\Users\i.grub\AppData\Local\cmdial32.ini
2012-04-15 19:18 - 2012-04-15 19:18 - 0003584 _____ () C:\Users\i.grub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-09 23:15 - 2011-01-09 23:15 - 0000017 _____ () C:\Users\i.grub\AppData\Local\resmon.resmoncfg
2013-08-05 13:48 - 2013-08-05 13:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-14 16:18 - 2015-02-14 16:18 - 0000004 _____ () C:\ProgramData\icw09hbs.inf

Some files in TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\i.grub\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-10 14:25

==================== End of log ============================
         

Geändert von igrub (21.07.2015 um 17:28 Uhr)

Alt 21.07.2015, 17:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Hi,

Addition.txt fehlt noch.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 21.07.2015, 17:30   #3
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil II -



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by i.grub at 2015-07-21 17:38:55
Running from C:\Users\i.grub\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

a.grub (S-1-5-21-4106851975-1791392289-4257475713-1001 - Limited - Enabled) => C:\Users\a.grub
Administrator (S-1-5-21-4106851975-1791392289-4257475713-500 - Administrator - Disabled)
Fabian (S-1-5-21-4106851975-1791392289-4257475713-1003 - Limited - Enabled) => C:\Users\Fabian
Gast (S-1-5-21-4106851975-1791392289-4257475713-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4106851975-1791392289-4257475713-1011 - Limited - Enabled)
i.grub (S-1-5-21-4106851975-1791392289-4257475713-1000 - Administrator - Enabled) => C:\Users\i.grub
Sarah (S-1-5-21-4106851975-1791392289-4257475713-1002 - Limited - Enabled) => C:\Users\Sarah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aquamarin Haushaltsbuch 2.9 (HKLM-x32\...\{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1) (Version:  - makasy.com)
ATI Catalyst Install Manager (HKLM\...\{A0880F03-8480-482E-1606-BC91669B0882}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Benutzerhandbuch EPSON BX635FWD Series (HKLM-x32\...\EPSON BX635FWD Series Useg) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Deinstallation der Arcor Online Software (HKLM-x32\...\{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1) (Version: 5.0.0.8 - Vodafone D2 GmbH)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Geld (HKLM-x32\...\Geld) (Version:  - )
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.17.0 - International GeoGebra Institute)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{F28BD099-9FC0-4A03-A605-E069B8D17D47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ (HKLM-x32\...\InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}) (Version: 1.00.0000 - LucasArts)
LEGO® Indiana Jones™ (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Media Go (HKLM-x32\...\{362AB21A-E2C4-40CE-81C2-8C4D62B0635A}) (Version: 2.4.256 - Sony)
Media Go Video Playback Engine 1.116.104.02020 (HKLM-x32\...\{54215B8A-6212-8DB8-39B4-98EE2BB98BD1}) (Version: 1.116.104.02020 - Sony)
Mein eigener Tierbaby-Zoo (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Mein eigener Tierbaby-Zoo) (Version: V1.000000 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Netzwerkhandbuch EPSON BX635FWD Series (HKLM-x32\...\EPSON BX635FWD Series Netg) (Version:  - )
NWZ-E460 WALKMAN Guide (HKLM-x32\...\{A4D58206-7E8F-41F2-BD94-85009F3AEA28}) (Version: 2.0.2.04130 - Sony Corporation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 5.0.1902 (1902) - Koninklijke Philips Electronics N.V.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
Polar FlowSync Version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Sonic & SEGA All-Stars Racing (HKLM-x32\...\{B1371574-4B13-4D3E-8F47-48C698732B00}) (Version: 1.00.0000 - SEGA)
Sozialrecht 11.1 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 11.1) (Version:  - )
Sozialrecht 11.2 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 11.2) (Version:  - )
Sozialrecht 12.1 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 12.1) (Version:  - )
Sozialrecht 12.2 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 12.2) (Version:  - )
Sozialrecht 13.1 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 13.1) (Version:  - )
Sozialrecht 14.1 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 14.1) (Version:  - )
Sozialrecht 14.2 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 14.2) (Version:  - )
Sozialrecht 9.1 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht 9.1) (Version:  - )
Sozialrecht_15.1 (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Sozialrecht_15.1) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.10.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.05 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden
Unity Web Player (HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WatchGuard Mobile VPN with SSL client 11.7.3 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version:  - WatchGuard)
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4106851975-1791392289-4257475713-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

15-07-2015 01:31:45 Windows Update
16-07-2015 01:17:18 Windows Update
16-07-2015 18:25:19 AA11
16-07-2015 18:31:16 LavasoftWeCompanion
16-07-2015 19:00:52 AA11
16-07-2015 19:12:23 AA11
16-07-2015 19:14:43 AA11
16-07-2015 19:16:06 AA11
16-07-2015 23:43:15 Windows Update
17-07-2015 07:28:15 AA11
17-07-2015 07:32:32 LavasoftWeCompanion
17-07-2015 08:05:29 Windows Update
17-07-2015 19:33:45 Windows Update
19-07-2015 11:23:55 Windows Update
19-07-2015 19:01:13 Windows-Sicherung
19-07-2015 23:50:12 Windows Update
20-07-2015 07:03:37 Windows Update
20-07-2015 23:13:24 Windows Update
21-07-2015 07:38:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-20 13:59 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B89351-0026-4BA7-A681-80D5670EC7DE} - System32\Tasks\{716807EB-8368-499D-B09A-2CC4C1827461} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {067AFE16-C3FF-47BD-B303-88BB82F5F721} - System32\Tasks\{DCD21712-0226-4F0A-ACC0-0CD6B0786FE2} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {0F9617B9-A400-4979-9A95-7DA1CF7BB8E3} - System32\Tasks\{5AC0F2AF-BE67-441A-A88F-B51CE32B330D} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {10B13F24-76A6-4B2B-AAB5-01D31BAD8782} - System32\Tasks\{37EAC187-362C-4D76-9CDB-8EEB3D5AA70B} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {11F8FDA2-805E-4974-93B7-CDE6EDC175A4} - System32\Tasks\{F4A61B63-4DDB-4C1E-AAC0-37BE7FE23FD0} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {120CA1E4-985E-4296-877B-6EF1EB18CAD9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {191D18ED-1C6C-4A4A-925D-BE81FEF44614} - System32\Tasks\{905BA6E9-8694-40B3-94AC-8E4134680080} => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {1AA0D5B0-F150-4FB0-ABDF-6C092E8164B5} - System32\Tasks\{8F82FD94-F321-4A2F-86FD-E2D196CC976F} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-06-02] (Skype Technologies S.A.)
Task: {1DE738FF-D200-4107-BFDB-58CD3538108C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {1FF8017A-9E21-4DF6-B188-9158DA527C61} - System32\Tasks\{1277CA64-4C79-4E47-ACBA-022C1F9CA5EE} => C:\Program Files (x86)\Nobilis\Neue Abenteuer auf der Schatzinsel\DTI.exe
Task: {20AF2DD1-A4D4-4B78-B065-0C55FE3C3DBB} - System32\Tasks\{5E72D426-8270-4AA4-AF80-A618FA263761} => E:\arcor.exe
Task: {23DFD8DC-3C58-4193-9116-285F0F196B5D} - System32\Tasks\{BCC2A144-C79B-4ED9-A23B-55FABED6EDF2} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {28E7DE33-540C-4893-8B36-FEAB9C46BD0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {297ED667-D4B2-476E-9051-67225523185C} - System32\Tasks\{D8D65DB4-A040-4FD1-8E56-DCAEE654C2D5} => pcalua.exe -a E:\setup.exe -d E:\
Task: {3F8AB572-2734-49B3-97EB-E59E7BBB2BE0} - System32\Tasks\{B6C30B05-275B-4EF9-9687-D22560FFB6E3} => E:\arcor.exe
Task: {472B4319-863A-493F-A903-96BFC55380BC} - System32\Tasks\{B15880A6-966C-4EBC-A205-ACA283A43344} => pcalua.exe -a E:\setup.exe -d E:\
Task: {4D2E6BDD-23DC-4A76-B85C-4D6C35E54816} - System32\Tasks\{A2C700F6-4717-474C-913E-BA11C03AA757} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {514D7B71-CE32-417B-8A0E-9274FBCD29DD} - System32\Tasks\{0EC2C55A-375C-48E0-B73F-12FF19BACCC4} => c:\program files (x86)\opera\opera.exe
Task: {61202038-C55A-404D-AF46-A0BA92C94682} - System32\Tasks\{FA5FC7D2-092C-4575-9A4D-1BDF8EDDD44D} => E:\arcor.exe
Task: {6124BA0F-C9F9-4C37-A9F4-B1E32BEF6609} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {69D2A7C6-DD06-40F4-BA49-C1ECCFADDF10} - System32\Tasks\{87886C6A-5B58-4366-B8D9-79EE2E26592E} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {74B2AF87-D9B4-488C-8841-F502DDFF2250} - System32\Tasks\{3DAC613F-AEF4-424D-8926-C250A007E1FC} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {74B42FB7-2417-4472-A0F7-5F2EB0CF1D99} - System32\Tasks\{6E1188EC-1DCA-4F5E-A155-DE857E6E9C8D} => pcalua.exe -a "C:\Tivola\Mein eigener Tierbaby-Zoo\uninst.exe"
Task: {7754C349-B514-43CA-AE61-D9331E471DF1} - System32\Tasks\{13F1D59E-1C1E-42D4-A70B-0D6BA181109B} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {7D01354F-1BFF-4385-B3D6-ECEC45C963E7} - System32\Tasks\{D761630B-0AA8-4DE6-A76E-7FFBF312771B} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {8B70D891-B4AF-4E5B-9864-2E49292E3847} - System32\Tasks\{E3688197-ABCB-4DCB-83BF-6CF577A29378} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {90A0CC42-3516-4FC4-AFE7-5B41C55EEDBA} - System32\Tasks\{01FF4017-236D-472A-94AD-5238DC82A901} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {9145BE0A-CFAF-4625-A850-2F5C3526E7DD} - System32\Tasks\{8CA91869-7309-4F51-83D3-B83BA27A1C2A} => pcalua.exe -a E:\setup_de.exe -d E:\
Task: {97686080-D032-43CF-B744-8CD6A9CC31D2} - System32\Tasks\{F04B8890-F67B-4EE5-AC56-F19F15FD3FD6} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {9897CD30-00DF-47D5-B5E1-E18BCB99CCC1} - System32\Tasks\{8C8FC26D-EB90-488B-B46F-C5404FA6A12A} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {9AAA3E05-ED6F-4574-9BEB-876B5743F4A0} - System32\Tasks\{EA365F06-494C-414F-8B6E-4FB58408F41F} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {A0546E3D-67F9-4C36-9679-640D5693E3CD} - System32\Tasks\{7E7E603D-250C-442E-9B6E-630F52343BDC} => E:\arcor.exe
Task: {A61B2EEC-8FA3-4507-91FB-D42FAB8AB3E3} - System32\Tasks\{CF105D91-A777-4701-9A0C-D33A0CD0AAC2} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{4E074808-1B86-4230-A9EB-0904942EC4AE}\setup.exe" -c -runfromtemp -l0x0407
Task: {A70DB75D-1D74-40C9-BE7F-924108DB0591} - System32\Tasks\{B4BF1F16-12CE-4CBE-B349-748E6B06055C} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {AA9681FE-D761-4099-BCE9-7DC6F01D6BC7} - System32\Tasks\{31C05C18-3A02-41B7-AB2D-D979C786C37F} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {AF3C1E1E-862E-41A4-BA7E-3045E49679C5} - System32\Tasks\{3717C086-F45F-41C2-A7F2-21008401512C} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {B160A6A1-1FEA-47EC-8653-6B89B2FE03A0} - System32\Tasks\{ED132E7D-1F0E-46F5-AD50-D0DACCEFA3BD} => pcalua.exe -a E:\DirectX9\dxsetup.exe -d E:\DirectX9
Task: {B1B26B45-B557-454E-BB03-671143D48FB0} - System32\Tasks\{7BE84AEA-3085-4552-B665-B0C91FEAB012} => pcalua.exe -a "C:\Users\i.grub\Downloads\ADE_4.0_Installer (1).exe" -d C:\Users\i.grub\Downloads
Task: {B36E7A79-0E95-46B9-8719-92FE220684E5} - System32\Tasks\{E6C95A7F-7A75-484F-8FCD-73C6B6D0750D} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {B3EF7921-B7ED-41F6-A051-32C7EAA81AB4} - System32\Tasks\{CE56D7DA-0FED-400A-A9AD-0531845F878B} => C:\Program Files (x86)\Nobilis\Neue Abenteuer auf der Schatzinsel\DTI.exe
Task: {B98D6F1E-CFFE-4D4E-9B52-221DC8974B48} - System32\Tasks\{F8420657-2CD4-496E-A45A-650C4E6D057A} => E:\arcor.exe
Task: {BB3EF488-687D-4CC8-A913-1BE4CC7F97FA} - System32\Tasks\{E6800644-F19E-45A2-8D3F-600D24DF7EE1} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {BF001C38-B5D5-495C-A2B3-209303F13F6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BF588134-A1FF-46E6-8763-2E6F62D0C76B} - System32\Tasks\{A71E7EE9-422C-4CA1-A5F6-F6CE13565FA3} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {C79C479D-0076-46BA-ADEE-F30AF6719E58} - System32\Tasks\{AA72D719-FA3B-4FD8-93D1-EABDB8B5DA0E} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {C8BBDAA1-85A6-4C14-8638-F3E63F37C67E} - System32\Tasks\{C54D14EA-C72D-406C-B817-BF8B1CBBB6B2} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {C96802FD-783F-48F8-8593-A4E295987135} - System32\Tasks\{192B8E63-DEF4-405D-A56B-49FD778FD553} => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {CA8D9188-AFD8-4CB0-A0DA-B3E6DDC08415} - System32\Tasks\{4B14F048-9EDE-4628-B13F-D75418160278} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {CAC54574-C26B-4BF3-ACF7-41EE65EDAFA2} - System32\Tasks\{2B5F90BC-E871-4B4C-A5DD-A8F4E8E88B4A} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {CDEC7BCF-74C6-4462-87D9-BB00F177B3C8} - System32\Tasks\{7924BC16-8AEC-401C-B4E5-36769A2995A1} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {D724EDE7-D9C3-4B4F-BA9A-BBD00583E056} - System32\Tasks\Opera scheduled Autoupdate 1422111116 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {E2F26F68-E2A0-4E5D-94C7-CFC5847AC7DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E4766ADC-7258-4923-A896-18EEE3D6919B} - System32\Tasks\{68BD3A88-30D4-412B-85EE-7B863D541E1E} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {E6E21724-EE13-40DD-8F7D-2125974249FE} - System32\Tasks\{C35B9F3D-3F74-4AE2-B951-0550D2FE0176} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {E80178F1-AF0C-4B7E-9D90-76066B12EC64} - System32\Tasks\{FED0E8DA-337B-4258-A8CD-B27D954CF7E6} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}\setup.exe" -c -runfromtemp -l0x0407
Task: {ECCD1791-A738-4178-8B3B-AE0A72E15FFE} - System32\Tasks\{5658A2AA-FC30-4569-B211-0BE8618C6A55} => C:\Program Files (x86)\ArcorOnline\Arcor.exe [2010-06-08] (Vodafone D2 GmbH)
Task: {F332CD83-A806-4582-8F92-932EDAB533E2} - System32\Tasks\{92D918AD-5A94-4910-A2CA-767BDC57E35D} => C:\Program Files (x86)\HCA\HCA - Die Rettung des Königreichs\release\HCA.exe
Task: {F8E20BC6-94CB-4910-B2C0-AAB3C901AF20} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-21 17:16 - 2013-01-21 17:16 - 00040960 _____ () C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2009-08-26 18:58 - 2009-08-26 18:58 - 00553984 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2014-01-31 20:02 - 2013-04-11 04:00 - 00101376 _____ () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
2009-08-06 14:14 - 2009-08-06 14:14 - 03002728 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-09-11 10:07 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-10-15 17:05 - 2010-10-15 17:05 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
2009-05-04 11:45 - 2009-05-04 11:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-23 23:02 - 2010-03-23 23:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-08-03 19:18 - 2009-08-03 19:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-07-17 07:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-17 07:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-17 07:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-17 07:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-17 07:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-26 10:42 - 2014-11-11 10:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-04-26 10:42 - 2013-08-25 20:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-04-26 10:42 - 2013-08-25 20:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-04-26 10:42 - 2013-08-25 20:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-14 16:29 - 2015-07-14 16:28 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libglesv2.dll
2015-07-14 16:29 - 2015-07-14 16:28 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.125\libegl.dll
2015-07-16 18:42 - 2015-07-17 07:44 - 16307888 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7869 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FBE6E393-4521-49EF-B3E2-CC9C2C299222}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{9F18103E-17CA-45F2-A18A-222E1463AF7D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B4893EBA-8C44-460D-9914-608237F33333}] => (Allow) svchost.exe
FirewallRules: [{4F60F09C-F011-4FA4-90C6-23FCAD2F920F}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{F665056C-15F6-4FF3-ACC4-733B25B9EDBC}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3A4540A3-A504-498C-BAA3-79D68B7EF662}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{52F75F65-4A0A-4CEB-A9A0-29CC5527EB1E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{FE00CCCB-D8B7-4F32-9C3B-585A2620BED7}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B65D2787-914C-4E5C-BFCD-7749A88955CC}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{66E2EF1E-E9BA-4870-A161-39AADAD7FBA5}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{0E6EB130-A80D-471E-8A4C-C4A935956A45}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{573BBA2C-396E-4A39-B653-104C1B454776}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{A0117243-2D0A-4AAC-BFF9-13482995042A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F625DDA3-1CEB-4D2B-B551-675ACC76DE6C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{626F3BC2-DF73-4339-B5F7-CA156550A39D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E80B1FFF-2F1C-4A4E-8672-C541FCA5630C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{9E2C65F8-7E1F-4761-B15C-1309FBBB18AF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B8C7A60B-EE35-4474-84E9-5B0671AB2B8D}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{17B0CE95-D57E-4EBC-840D-69E0D32D7673}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\FaxApplications.exe
FirewallRules: [{D841FE30-1E7C-4588-ADCD-E36E1B29988A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\DigitalWizards.exe
FirewallRules: [{67F0F426-4A3B-4302-920C-DEC1D9CC7757}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\bin\SendAFax.exe
FirewallRules: [{23909215-67F0-45AC-9BD3-D92A46961E74}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{D57BE584-AE37-4B90-8D4E-DC3D7B80FE48}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{948DF8DD-E010-415E-9DF7-FBDC08C2AC31}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{89DCA0B0-ED21-4FDD-8F61-25009AAD2A63}] => (Allow) C:\Users\i.grub\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D8619263-A1E6-4BE1-8EAB-BF9E43EB565F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{2DF5AA00-B80C-4A23-A31B-03F7C30E2F16}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{EA6793F0-3C5F-4BE1-B28A-2AAD5E1E889F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D1DA8B08-C047-4335-AE86-70E5875C6138}] => (Allow) LPort=5354
FirewallRules: [{B352BA02-32D8-4802-98E0-13EB6F635468}] => (Allow) LPort=5354
FirewallRules: [{E3BEE002-8B31-415C-98AF-E24D69DC0C03}] => (Allow) LPort=5354
FirewallRules: [{16EAA567-C089-4B2A-9DAD-2609B2D85893}] => (Allow) LPort=5354
FirewallRules: [{06242955-B50F-4EC0-8FF4-6B89F0EF006B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BCE74431-41B3-4B64-9DF1-3868689C43ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEBE957A-CA50-440E-B326-FE8F541963D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A441DA67-F78D-43D1-AFB7-FE117A7AFD85}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C7BE919-3A90-4E3D-BAF6-D92E57D6D905}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2015 04:45:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2528

Error: (07/21/2015 04:45:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2528

Error: (07/21/2015 04:45:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2015 04:45:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1498

Error: (07/21/2015 04:45:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1498

Error: (07/21/2015 04:45:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2015 04:22:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 896101

Error: (07/21/2015 04:22:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 896101

Error: (07/21/2015 04:22:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/21/2015 04:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6396


System errors:
=============
Error: (07/21/2015 05:34:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (07/21/2015 05:22:33 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (07/21/2015 05:10:33 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (07/21/2015 04:52:06 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/21/2015 04:52:03 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/21/2015 04:22:54 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/21/2015 04:22:56 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/21/2015 03:33:00 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/21/2015 02:31:33 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/21/2015 01:19:49 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office:
=========================
Error: (11/28/2014 07:42:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 379 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (07/02/2013 09:07:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/11/2012 06:06:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/05/2012 10:08:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/12/2012 01:32:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5746 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/30/2011 08:59:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/03/2011 10:06:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/11/2011 01:20:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/05/2010 12:56:12 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52703 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (09/01/2010 06:35:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 27157 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-07-21 13:15:59.323
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 13:15:59.276
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 13:15:54.689
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 13:15:54.205
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 06:59:05.787
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 06:59:05.725
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 06:59:02.667
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-21 06:59:02.573
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 13:18:33.176
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-20 13:18:33.129
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) X2 Dual-Core QL-65
Percentage of memory in use: 60%
Total physical RAM: 3838.36 MB
Available physical RAM: 1520.89 MB
Total Virtual: 7674.93 MB
Available Virtual: 4551 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:154.37 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:52.09 GB) NTFS
Drive f: (LACIE) (Fixed) (Total:232.83 GB) (Free:230.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 87459423)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 12345678)
Partition 1: (Active) - (Size=232.9 GB) - (Type=0C)

==================== End of log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-21 17:58:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 FUJITSU_MJA2500BH_G2 rev.00400018 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\I8613~1.GRU\AppData\Local\Temp\kgddrkog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                            00000000757f1401 2 bytes JMP 75c8b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                              00000000757f1419 2 bytes JMP 75c8b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                            00000000757f1431 2 bytes JMP 75d08f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                            00000000757f144a 2 bytes CALL 75c6489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                     * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                               00000000757f14dd 2 bytes JMP 75d08822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                        00000000757f14f5 2 bytes JMP 75d089f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                               00000000757f150d 2 bytes JMP 75d08718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                        00000000757f1525 2 bytes JMP 75d08ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                              00000000757f153d 2 bytes JMP 75c7fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                   00000000757f1555 2 bytes JMP 75c868ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                            00000000757f156d 2 bytes JMP 75d08fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                              00000000757f1585 2 bytes JMP 75d08b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                 00000000757f159d 2 bytes JMP 75d086dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                              00000000757f15b5 2 bytes JMP 75c7fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                            00000000757f15cd 2 bytes JMP 75c8b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                        00000000757f16b2 2 bytes JMP 75d08ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1768] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                        00000000757f16bd 2 bytes JMP 75d08671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                          00000000757f1401 2 bytes JMP 75c8b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                            00000000757f1419 2 bytes JMP 75c8b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                          00000000757f1431 2 bytes JMP 75d08f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                          00000000757f144a 2 bytes CALL 75c6489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                     * 9
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                             00000000757f14dd 2 bytes JMP 75d08822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                      00000000757f14f5 2 bytes JMP 75d089f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                             00000000757f150d 2 bytes JMP 75d08718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                      00000000757f1525 2 bytes JMP 75d08ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                            00000000757f153d 2 bytes JMP 75c7fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                 00000000757f1555 2 bytes JMP 75c868ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                          00000000757f156d 2 bytes JMP 75d08fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                            00000000757f1585 2 bytes JMP 75d08b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                               00000000757f159d 2 bytes JMP 75d086dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                            00000000757f15b5 2 bytes JMP 75c7fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                          00000000757f15cd 2 bytes JMP 75c8b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                      00000000757f16b2 2 bytes JMP 75d08ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                      00000000757f16bd 2 bytes JMP 75d08671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                             00000000757f1401 2 bytes JMP 75c8b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                               00000000757f1419 2 bytes JMP 75c8b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                             00000000757f1431 2 bytes JMP 75d08f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                             00000000757f144a 2 bytes CALL 75c6489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                     * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                00000000757f14dd 2 bytes JMP 75d08822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                         00000000757f14f5 2 bytes JMP 75d089f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                00000000757f150d 2 bytes JMP 75d08718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                         00000000757f1525 2 bytes JMP 75d08ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                               00000000757f153d 2 bytes JMP 75c7fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                    00000000757f1555 2 bytes JMP 75c868ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                             00000000757f156d 2 bytes JMP 75d08fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                               00000000757f1585 2 bytes JMP 75d08b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                  00000000757f159d 2 bytes JMP 75d086dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                               00000000757f15b5 2 bytes JMP 75c7fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                             00000000757f15cd 2 bytes JMP 75c8b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                         00000000757f16b2 2 bytes JMP 75d08ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4736] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                         00000000757f16bd 2 bytes JMP 75d08671 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Process  C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (*** suspicious ***) @ C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [1984](2013-01-21 15:16:20)  0000000000260000

---- EOF - GMER 2.1 ----
         
__________________

Alt 21.07.2015, 18:35   #4
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Addition.txt und gmer.txt in gesondertem Beitrag ("Teil II")

keine Funde
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.21.05
  rootkit: v2015.07.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
i.grub :: IGRUB-TOSH [administrator]

21.07.2015 18:38:26
mbar-log-2015-07-21 (18-38-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 499178
Time elapsed: 46 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Wie groß ist die Wahrscheinlichkeit, dass sich trotzdem ein Virus auf dem Computer befindet?

Alt 21.07.2015, 19:41   #5
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Bitte nicht immer ein neues Thema eröffnen sondern in diesem Thema bleiben.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.07.2015, 21:10   #6
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Code:
ATTFilter
21:59:07.0185 0x19cc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:59:11.0319 0x19cc  ============================================================
21:59:11.0319 0x19cc  Current date / time: 2015/07/21 21:59:11.0319
21:59:11.0319 0x19cc  SystemInfo:
21:59:11.0319 0x19cc  
21:59:11.0320 0x19cc  OS Version: 6.1.7601 ServicePack: 1.0
21:59:11.0320 0x19cc  Product type: Workstation
21:59:11.0320 0x19cc  ComputerName: IGRUB-TOSH
21:59:11.0325 0x19cc  UserName: i.grub
21:59:11.0325 0x19cc  Windows directory: C:\Windows
21:59:11.0325 0x19cc  System windows directory: C:\Windows
21:59:11.0325 0x19cc  Running under WOW64
21:59:11.0325 0x19cc  Processor architecture: Intel x64
21:59:11.0325 0x19cc  Number of processors: 2
21:59:11.0325 0x19cc  Page size: 0x1000
21:59:11.0325 0x19cc  Boot type: Normal boot
21:59:11.0325 0x19cc  ============================================================
21:59:17.0411 0x19cc  KLMD registered as C:\Windows\system32\drivers\10144696.sys
21:59:18.0561 0x19cc  System UUID: {D0360708-8177-EFFB-4893-E164DDCADD30}
21:59:19.0755 0x19cc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:19.0763 0x19cc  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:19.0768 0x19cc  ============================================================
21:59:19.0768 0x19cc  \Device\Harddisk0\DR0:
21:59:19.0773 0x19cc  MBR partitions:
21:59:19.0773 0x19cc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
21:59:19.0773 0x19cc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
21:59:19.0774 0x19cc  \Device\Harddisk1\DR1:
21:59:19.0775 0x19cc  MBR partitions:
21:59:19.0775 0x19cc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
21:59:19.0775 0x19cc  ============================================================
21:59:19.0832 0x19cc  C: <-> \Device\Harddisk0\DR0\Partition1
21:59:19.0901 0x19cc  D: <-> \Device\Harddisk0\DR0\Partition2
21:59:19.0904 0x19cc  F: <-> \Device\Harddisk1\DR1\Partition1
21:59:19.0905 0x19cc  ============================================================
21:59:19.0906 0x19cc  Initialize success
21:59:19.0906 0x19cc  ============================================================
22:02:59.0461 0x1758  ============================================================
22:02:59.0461 0x1758  Scan started
22:02:59.0461 0x1758  Mode: Manual; SigCheck; TDLFS; 
22:02:59.0461 0x1758  ============================================================
22:02:59.0461 0x1758  KSN ping started
22:03:13.0393 0x1758  KSN ping finished: true
22:03:17.0364 0x1758  ================ Scan system memory ========================
22:03:17.0364 0x1758  System memory - ok
22:03:17.0365 0x1758  ================ Scan services =============================
22:03:17.0678 0x1758  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:03:18.0057 0x1758  1394ohci - ok
22:03:18.0183 0x1758  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:03:18.0246 0x1758  ACPI - ok
22:03:18.0317 0x1758  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:03:18.0579 0x1758  AcpiPmi - ok
22:03:18.0692 0x1758  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:03:18.0736 0x1758  AdobeARMservice - ok
22:03:19.0256 0x1758  [ 011BD8A49AF856E8A8EE32652D1CFC05, 7E45CD5ED185DFCA94069640C19D3079879FD1F3069873D0302ACC372F756F90 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:03:19.0327 0x1758  AdobeFlashPlayerUpdateSvc - ok
22:03:19.0460 0x1758  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:03:19.0535 0x1758  adp94xx - ok
22:03:19.0624 0x1758  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:03:19.0672 0x1758  adpahci - ok
22:03:19.0766 0x1758  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:03:19.0820 0x1758  adpu320 - ok
22:03:19.0856 0x1758  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:03:19.0945 0x1758  AeLookupSvc - ok
22:03:20.0001 0x1758  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:03:20.0118 0x1758  AFD - ok
22:03:20.0387 0x1758  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
22:03:20.0563 0x1758  AgereSoftModem - ok
22:03:20.0615 0x1758  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:03:20.0654 0x1758  agp440 - ok
22:03:20.0703 0x1758  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:03:20.0859 0x1758  ALG - ok
22:03:20.0904 0x1758  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:03:20.0944 0x1758  aliide - ok
22:03:21.0017 0x1758  [ 98A2774D3F18C107874C8C1163EBE484, 2C53F2A4ADCD40EEF6643BD737C337C09A6E1906D3167A25DC0E2246EB6C584A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:03:21.0131 0x1758  AMD External Events Utility - ok
22:03:21.0170 0x1758  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:03:21.0207 0x1758  amdide - ok
22:03:21.0266 0x1758  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:03:21.0334 0x1758  AmdK8 - ok
22:03:21.0398 0x1758  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:03:21.0442 0x1758  AmdPPM - ok
22:03:21.0475 0x1758  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:03:21.0517 0x1758  amdsata - ok
22:03:21.0564 0x1758  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:03:21.0622 0x1758  amdsbs - ok
22:03:21.0657 0x1758  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:03:21.0712 0x1758  amdxata - ok
22:03:22.0316 0x1758  [ 3358CAD1887DDDDD2A36B7796B579292, 40BA1A836276C2AA78914F294661C3C918F2D6DFAA9D6EF3FEB6D1EE3B07F584 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
22:03:22.0419 0x1758  AntiVirMailService - ok
22:03:22.0667 0x1758  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:03:22.0723 0x1758  AntiVirSchedulerService - ok
22:03:22.0981 0x1758  [ 1892E1DB0B6431720B98B52AE9388C28, 141098794D774265662FF0EBB4E938D70ADB8BD54B62B1C9A19F6C3C1F263FEC ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:03:23.0070 0x1758  AntiVirService - ok
22:03:23.0335 0x1758  [ 6FD5165364D88FDABE4FA59E1768376F, B82D11E6FCC297F822E29A49D46C9985955C9F5676D107A397B00D0468F93504 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
22:03:23.0470 0x1758  AntiVirWebService - ok
22:03:23.0544 0x1758  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
22:03:23.0646 0x1758  AppID - ok
22:03:23.0668 0x1758  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:03:23.0737 0x1758  AppIDSvc - ok
22:03:23.0837 0x1758  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
22:03:23.0930 0x1758  Appinfo - ok
22:03:24.0228 0x1758  [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:03:24.0295 0x1758  Apple Mobile Device Service - ok
22:03:24.0364 0x1758  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:03:24.0404 0x1758  arc - ok
22:03:24.0435 0x1758  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:03:24.0485 0x1758  arcsas - ok
22:03:24.0617 0x1758  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:03:24.0673 0x1758  aspnet_state - ok
22:03:24.0740 0x1758  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:03:25.0013 0x1758  AsyncMac - ok
22:03:25.0046 0x1758  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:03:25.0083 0x1758  atapi - ok
22:03:26.0004 0x1758  [ 173F4C05F87085E9BDA3F7037BC9F40E, 8A1AB73F8FC83530A5EBB296C9333075FC26FD32C1E3B26A8354C8AD9D584722 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:03:26.0438 0x1758  atikmdag - ok
22:03:26.0513 0x1758  [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
22:03:26.0560 0x1758  AtiPcie - ok
22:03:26.0699 0x1758  [ 4AEF9EC86818375495FB78CA58DF4E18, 0565888F798FAB86091E7A7D8E1D583DF3CC5756A12ACF04987C67C14E360DFB ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:03:26.0746 0x1758  atksgt - detected UnsignedFile.Multi.Generic ( 1 )
22:03:29.0569 0x1758  Detect skipped due to KSN trusted
22:03:29.0569 0x1758  atksgt - ok
22:03:29.0731 0x1758  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:03:29.0831 0x1758  AudioEndpointBuilder - ok
22:03:29.0948 0x1758  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:03:30.0013 0x1758  AudioSrv - ok
22:03:30.0169 0x1758  [ CC1ABBD9E61B7AA5CCBB45EA87CB033F, 4E5DE485833721E19B36455C017B9D908BAA7D12637A878934A0FAF2326E000B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:03:30.0222 0x1758  avgntflt - ok
22:03:30.0292 0x1758  [ 07C8454D3A94BA478752FAFA2B94E0FE, EB19396D4A6D51D6C33ED55C8EF0259045801D39CCE2945931F9163D6006C133 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:03:30.0361 0x1758  avipbb - ok
22:03:30.0586 0x1758  [ 17348FE28C0A0AB4A6CB86D177770335, 633FEDA61F62504534B47090EA142F73C5D80C0D52A22A6C81DF64CD3EAFDAA8 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
22:03:30.0647 0x1758  Avira.ServiceHost - ok
22:03:30.0738 0x1758  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:03:30.0781 0x1758  avkmgr - ok
22:03:30.0873 0x1758  [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
22:03:30.0912 0x1758  avnetflt - ok
22:03:30.0959 0x1758  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:03:31.0088 0x1758  AxInstSV - ok
22:03:31.0185 0x1758  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:03:31.0297 0x1758  b06bdrv - ok
22:03:31.0392 0x1758  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:03:31.0464 0x1758  b57nd60a - ok
22:03:31.0526 0x1758  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:03:31.0635 0x1758  BDESVC - ok
22:03:31.0701 0x1758  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:03:31.0775 0x1758  Beep - ok
22:03:31.0849 0x1758  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:03:31.0980 0x1758  BFE - ok
22:03:32.0132 0x1758  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:03:32.0633 0x1758  BITS - ok
22:03:32.0678 0x1758  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:03:32.0743 0x1758  blbdrive - ok
22:03:32.0937 0x1758  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:03:33.0011 0x1758  Bonjour Service - ok
22:03:33.0069 0x1758  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:03:33.0162 0x1758  bowser - ok
22:03:33.0200 0x1758  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:03:33.0266 0x1758  BrFiltLo - ok
22:03:33.0290 0x1758  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:03:33.0361 0x1758  BrFiltUp - ok
22:03:33.0437 0x1758  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:03:33.0509 0x1758  Browser - ok
22:03:33.0595 0x1758  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:03:33.0660 0x1758  Brserid - ok
22:03:33.0702 0x1758  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:03:33.0788 0x1758  BrSerWdm - ok
22:03:33.0856 0x1758  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:03:33.0911 0x1758  BrUsbMdm - ok
22:03:33.0941 0x1758  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:03:34.0000 0x1758  BrUsbSer - ok
22:03:34.0030 0x1758  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:03:34.0089 0x1758  BTHMODEM - ok
22:03:34.0124 0x1758  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:03:34.0255 0x1758  bthserv - ok
22:03:34.0327 0x1758  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:03:34.0423 0x1758  cdfs - ok
22:03:34.0492 0x1758  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:03:34.0553 0x1758  cdrom - ok
22:03:34.0608 0x1758  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:03:34.0698 0x1758  CertPropSvc - ok
22:03:34.0887 0x1758  [ 837FF2D497880198C918E6954DBD170C, 249CEEAD3CF864A50BB144B5E376D427BBF985DA9E2FEF02410101248951BBAD ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
22:03:34.0956 0x1758  cfWiMAXService - ok
22:03:34.0988 0x1758  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:03:35.0077 0x1758  circlass - ok
22:03:35.0116 0x1758  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
22:03:35.0177 0x1758  CLFS - ok
22:03:35.0296 0x1758  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:03:35.0344 0x1758  clr_optimization_v2.0.50727_32 - ok
22:03:35.0445 0x1758  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:03:35.0524 0x1758  clr_optimization_v2.0.50727_64 - ok
22:03:35.0632 0x1758  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:03:35.0675 0x1758  clr_optimization_v4.0.30319_32 - ok
22:03:35.0700 0x1758  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:03:35.0744 0x1758  clr_optimization_v4.0.30319_64 - ok
22:03:35.0769 0x1758  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:03:35.0837 0x1758  CmBatt - ok
22:03:35.0890 0x1758  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:03:35.0959 0x1758  cmdide - ok
22:03:36.0037 0x1758  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
22:03:36.0118 0x1758  CNG - ok
22:03:36.0171 0x1758  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:03:36.0221 0x1758  Compbatt - ok
22:03:36.0276 0x1758  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:03:36.0381 0x1758  CompositeBus - ok
22:03:36.0408 0x1758  COMSysApp - ok
22:03:36.0443 0x1758  [ D252C53BCDFC199BBA55EEB10CDB266E, 758E4FE0B20C0F7179BC45CBA50AF11380330DC7597141B00D914450EAC022DF ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
22:03:36.0487 0x1758  ConfigFree Gadget Service - ok
22:03:36.0536 0x1758  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:03:36.0572 0x1758  ConfigFree Service - ok
22:03:36.0612 0x1758  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:03:36.0650 0x1758  crcdisk - ok
22:03:36.0731 0x1758  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:03:36.0833 0x1758  CryptSvc - ok
22:03:36.0955 0x1758  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:03:37.0087 0x1758  DcomLaunch - ok
22:03:37.0126 0x1758  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:03:37.0278 0x1758  defragsvc - ok
22:03:37.0327 0x1758  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:03:37.0428 0x1758  DfsC - ok
22:03:37.0533 0x1758  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:03:37.0648 0x1758  Dhcp - ok
22:03:37.0817 0x1758  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
22:03:37.0957 0x1758  DiagTrack - ok
22:03:38.0017 0x1758  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:03:38.0106 0x1758  discache - ok
22:03:38.0143 0x1758  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:03:38.0183 0x1758  Disk - ok
22:03:38.0273 0x1758  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:03:38.0400 0x1758  Dnscache - ok
22:03:38.0445 0x1758  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:03:38.0550 0x1758  dot3svc - ok
22:03:38.0620 0x1758  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:03:38.0718 0x1758  DPS - ok
22:03:38.0793 0x1758  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:03:38.0904 0x1758  drmkaud - ok
22:03:39.0012 0x1758  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:03:39.0118 0x1758  DXGKrnl - ok
22:03:39.0181 0x1758  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:03:39.0272 0x1758  EapHost - ok
22:03:39.0445 0x1758  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:03:39.0668 0x1758  ebdrv - ok
22:03:39.0732 0x1758  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS             C:\Windows\System32\lsass.exe
22:03:39.0817 0x1758  EFS - ok
22:03:39.0946 0x1758  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:03:40.0072 0x1758  ehRecvr - ok
22:03:40.0181 0x1758  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:03:40.0263 0x1758  ehSched - ok
22:03:40.0697 0x1758  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:03:40.0822 0x1758  elxstor - ok
22:03:41.0072 0x1758  [ 9ED89A533D125C273F93C6A524A1A118, 0CB4282509F455538CF4F9276184CDCC3CF783B0F0D45BB136DB02063983B0C3 ] epp64           C:\EEK\bin\epp64.sys
22:03:41.0121 0x1758  epp64 - ok
22:03:41.0258 0x1758  [ DFEB7EE15BA8BA03E722C375F7E6A379, 6B73561E91D699576FD28AE36FB194443E3807C3696B435224B9D60808803344 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
22:03:41.0314 0x1758  EPSON_PM_RPCV4_05 - ok
22:03:41.0355 0x1758  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:03:41.0424 0x1758  ErrDev - ok
22:03:41.0546 0x1758  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:03:41.0660 0x1758  EventSystem - ok
22:03:41.0698 0x1758  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:03:41.0782 0x1758  exfat - ok
22:03:41.0823 0x1758  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:03:41.0915 0x1758  fastfat - ok
22:03:42.0055 0x1758  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:03:42.0133 0x1758  Fax - ok
22:03:42.0168 0x1758  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:03:42.0212 0x1758  fdc - ok
22:03:42.0296 0x1758  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:03:42.0402 0x1758  fdPHost - ok
22:03:42.0470 0x1758  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:03:42.0596 0x1758  FDResPub - ok
22:03:42.0623 0x1758  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:03:42.0662 0x1758  FileInfo - ok
22:03:42.0695 0x1758  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:03:42.0789 0x1758  Filetrace - ok
22:03:42.0812 0x1758  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:03:42.0873 0x1758  flpydisk - ok
22:03:42.0928 0x1758  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:03:42.0992 0x1758  FltMgr - ok
22:03:43.0191 0x1758  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
22:03:43.0350 0x1758  FontCache - ok
22:03:43.0426 0x1758  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:03:43.0485 0x1758  FontCache3.0.0.0 - ok
22:03:43.0521 0x1758  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:03:43.0599 0x1758  FsDepends - ok
22:03:43.0630 0x1758  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:03:43.0674 0x1758  Fs_Rec - ok
22:03:43.0773 0x1758  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:03:43.0824 0x1758  fvevol - ok
22:03:43.0880 0x1758  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:03:43.0923 0x1758  gagp30kx - ok
22:03:44.0100 0x1758  [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:03:44.0167 0x1758  GameConsoleService - ok
22:03:44.0344 0x1758  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:03:44.0412 0x1758  GEARAspiWDM - ok
22:03:44.0481 0x1758  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:03:44.0591 0x1758  gpsvc - ok
22:03:44.0651 0x1758  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:03:44.0762 0x1758  hcw85cir - ok
22:03:44.0859 0x1758  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:03:44.0962 0x1758  HdAudAddService - ok
22:03:44.0999 0x1758  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:03:45.0077 0x1758  HDAudBus - ok
22:03:45.0118 0x1758  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:03:45.0167 0x1758  HidBatt - ok
22:03:45.0195 0x1758  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:03:45.0274 0x1758  HidBth - ok
22:03:45.0314 0x1758  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:03:45.0461 0x1758  HidIr - ok
22:03:45.0531 0x1758  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:03:45.0609 0x1758  hidserv - ok
22:03:45.0801 0x1758  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:03:45.0941 0x1758  HidUsb - ok
22:03:46.0007 0x1758  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:03:46.0236 0x1758  hkmsvc - ok
22:03:46.0408 0x1758  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:03:46.0519 0x1758  HomeGroupListener - ok
22:03:46.0577 0x1758  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:03:46.0654 0x1758  HomeGroupProvider - ok
22:03:46.0704 0x1758  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:03:46.0753 0x1758  HpSAMD - ok
22:03:46.0870 0x1758  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:03:46.0997 0x1758  HTTP - ok
22:03:47.0045 0x1758  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:03:47.0086 0x1758  hwpolicy - ok
22:03:47.0155 0x1758  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:03:47.0208 0x1758  i8042prt - ok
22:03:47.0345 0x1758  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:03:47.0444 0x1758  iaStorV - ok
22:03:47.0565 0x1758  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:03:47.0666 0x1758  idsvc - ok
22:03:47.0743 0x1758  IEEtwCollectorService - ok
22:03:47.0807 0x1758  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:03:47.0847 0x1758  iirsp - ok
22:03:47.0934 0x1758  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:03:48.0051 0x1758  IKEEXT - ok
22:03:48.0385 0x1758  [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:03:48.0694 0x1758  IntcAzAudAddService - ok
22:03:48.0732 0x1758  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:03:48.0904 0x1758  intelide - ok
22:03:48.0986 0x1758  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:03:49.0049 0x1758  intelppm - ok
22:03:49.0140 0x1758  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:03:49.0250 0x1758  IPBusEnum - ok
22:03:49.0298 0x1758  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:49.0374 0x1758  IpFilterDriver - ok
22:03:49.0440 0x1758  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:03:49.0556 0x1758  iphlpsvc - ok
22:03:49.0598 0x1758  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:03:49.0658 0x1758  IPMIDRV - ok
22:03:49.0706 0x1758  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:03:49.0798 0x1758  IPNAT - ok
22:03:50.0063 0x1758  [ 2208D673C5D4B22EB0235EA1EC6269CC, 3E73032D67B3B740E11CEA0748CDFFBE35619CBF1AC1C3D86EF089CA326D7918 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:03:50.0147 0x1758  iPod Service - ok
22:03:50.0227 0x1758  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:03:50.0320 0x1758  IRENUM - ok
22:03:50.0384 0x1758  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:03:50.0436 0x1758  isapnp - ok
22:03:50.0507 0x1758  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:03:50.0588 0x1758  iScsiPrt - ok
22:03:50.0609 0x1758  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:03:50.0657 0x1758  kbdclass - ok
22:03:50.0748 0x1758  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:03:50.0883 0x1758  kbdhid - ok
22:03:50.0911 0x1758  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso          C:\Windows\system32\lsass.exe
22:03:50.0959 0x1758  KeyIso - ok
22:03:50.0997 0x1758  [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:03:51.0037 0x1758  KSecDD - ok
22:03:51.0062 0x1758  [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:03:51.0117 0x1758  KSecPkg - ok
22:03:51.0155 0x1758  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:03:51.0229 0x1758  ksthunk - ok
22:03:51.0285 0x1758  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:03:51.0402 0x1758  KtmRm - ok
22:03:51.0518 0x1758  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:03:51.0620 0x1758  LanmanServer - ok
22:03:51.0709 0x1758  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:03:51.0807 0x1758  LanmanWorkstation - ok
22:03:51.0891 0x1758  [ B658B7076B1ACAA5876524595630F183, 3B800B81D0966C2B988857847F35FCA5BB446B368063B10094FB4483A1508B8E ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:03:51.0935 0x1758  lirsgt - detected UnsignedFile.Multi.Generic ( 1 )
22:03:54.0845 0x1758  Detect skipped due to KSN trusted
22:03:54.0845 0x1758  lirsgt - ok
22:03:54.0897 0x1758  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:03:54.0977 0x1758  lltdio - ok
22:03:55.0049 0x1758  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:03:55.0181 0x1758  lltdsvc - ok
22:03:55.0222 0x1758  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:03:55.0320 0x1758  lmhosts - ok
22:03:55.0390 0x1758  [ 16679269303613C4CE7C8FF03413410F, 4DECDD4C07878F30670ADB650EA1591EFFF419C0B629C72A5960158890A28BC7 ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
22:03:55.0427 0x1758  LPCFilter - ok
22:03:55.0496 0x1758  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:03:55.0541 0x1758  LSI_FC - ok
22:03:55.0572 0x1758  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:03:55.0614 0x1758  LSI_SAS - ok
22:03:55.0711 0x1758  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:03:55.0765 0x1758  LSI_SAS2 - ok
22:03:55.0829 0x1758  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:03:55.0871 0x1758  LSI_SCSI - ok
22:03:55.0977 0x1758  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:03:56.0111 0x1758  luafv - ok
22:03:56.0159 0x1758  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:03:56.0213 0x1758  Mcx2Svc - ok
22:03:56.0246 0x1758  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:03:56.0285 0x1758  megasas - ok
22:03:56.0372 0x1758  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:03:56.0459 0x1758  MegaSR - ok
22:03:56.0545 0x1758  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:03:56.0802 0x1758  MMCSS - ok
22:03:56.0843 0x1758  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:03:56.0929 0x1758  Modem - ok
22:03:56.0981 0x1758  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:03:57.0059 0x1758  monitor - ok
22:03:57.0128 0x1758  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:03:57.0174 0x1758  mouclass - ok
22:03:57.0235 0x1758  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:03:57.0323 0x1758  mouhid - ok
22:03:57.0373 0x1758  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:03:57.0423 0x1758  mountmgr - ok
22:03:57.0473 0x1758  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:03:57.0523 0x1758  mpio - ok
22:03:57.0623 0x1758  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:03:57.0720 0x1758  mpsdrv - ok
22:03:57.0794 0x1758  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:03:57.0913 0x1758  MpsSvc - ok
22:03:57.0984 0x1758  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:03:58.0094 0x1758  MRxDAV - ok
22:03:58.0159 0x1758  [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:58.0357 0x1758  mrxsmb - ok
22:03:58.0428 0x1758  [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:58.0524 0x1758  mrxsmb10 - ok
22:03:58.0559 0x1758  [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:58.0664 0x1758  mrxsmb20 - ok
22:03:58.0714 0x1758  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:03:58.0814 0x1758  msahci - ok
22:03:58.0870 0x1758  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:03:58.0930 0x1758  msdsm - ok
22:03:58.0952 0x1758  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:03:59.0056 0x1758  MSDTC - ok
22:03:59.0153 0x1758  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:03:59.0247 0x1758  Msfs - ok
22:03:59.0273 0x1758  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:03:59.0378 0x1758  mshidkmdf - ok
22:03:59.0441 0x1758  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:03:59.0493 0x1758  msisadrv - ok
22:03:59.0592 0x1758  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:03:59.0714 0x1758  MSiSCSI - ok
22:03:59.0731 0x1758  msiserver - ok
22:03:59.0789 0x1758  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:03:59.0863 0x1758  MSKSSRV - ok
22:03:59.0926 0x1758  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:00.0020 0x1758  MSPCLOCK - ok
22:04:00.0067 0x1758  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:04:00.0155 0x1758  MSPQM - ok
22:04:00.0245 0x1758  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:04:00.0302 0x1758  MsRPC - ok
22:04:00.0361 0x1758  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:04:00.0429 0x1758  mssmbios - ok
22:04:00.0546 0x1758  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:04:00.0644 0x1758  MSTEE - ok
22:04:00.0674 0x1758  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:00.0721 0x1758  MTConfig - ok
22:04:00.0782 0x1758  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:04:00.0841 0x1758  Mup - ok
22:04:00.0915 0x1758  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:04:01.0023 0x1758  napagent - ok
22:04:01.0149 0x1758  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:04:01.0259 0x1758  NativeWifiP - ok
22:04:01.0395 0x1758  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:04:01.0468 0x1758  NDIS - ok
22:04:01.0533 0x1758  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:01.0609 0x1758  NdisCap - ok
22:04:01.0640 0x1758  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:01.0735 0x1758  NdisTapi - ok
22:04:01.0807 0x1758  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:01.0903 0x1758  Ndisuio - ok
22:04:01.0960 0x1758  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:02.0107 0x1758  NdisWan - ok
22:04:02.0171 0x1758  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:04:02.0290 0x1758  NDProxy - ok
22:04:02.0379 0x1758  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:04:02.0490 0x1758  NetBIOS - ok
22:04:02.0546 0x1758  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:04:02.0663 0x1758  NetBT - ok
22:04:02.0691 0x1758  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon        C:\Windows\system32\lsass.exe
22:04:02.0741 0x1758  Netlogon - ok
22:04:02.0789 0x1758  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:04:02.0898 0x1758  Netman - ok
22:04:02.0963 0x1758  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:03.0022 0x1758  NetMsmqActivator - ok
22:04:03.0044 0x1758  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:03.0103 0x1758  NetPipeActivator - ok
22:04:03.0171 0x1758  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:04:03.0280 0x1758  netprofm - ok
22:04:03.0424 0x1758  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:03.0481 0x1758  NetTcpActivator - ok
22:04:03.0506 0x1758  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:04:03.0550 0x1758  NetTcpPortSharing - ok
22:04:03.0599 0x1758  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:03.0640 0x1758  nfrd960 - ok
22:04:03.0744 0x1758  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:04:03.0874 0x1758  NlaSvc - ok
22:04:03.0944 0x1758  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:04:04.0023 0x1758  Npfs - ok
22:04:04.0096 0x1758  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:04:04.0201 0x1758  nsi - ok
22:04:04.0344 0x1758  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:04:04.0447 0x1758  nsiproxy - ok
22:04:04.0662 0x1758  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:04:04.0796 0x1758  Ntfs - ok
22:04:04.0827 0x1758  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:04:04.0936 0x1758  Null - ok
22:04:05.0004 0x1758  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:04:05.0058 0x1758  nvraid - ok
22:04:05.0124 0x1758  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:04:05.0192 0x1758  nvstor - ok
22:04:05.0243 0x1758  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:04:05.0300 0x1758  nv_agp - ok
22:04:05.0393 0x1758  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:04:05.0471 0x1758  odserv - ok
22:04:05.0515 0x1758  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:04:05.0588 0x1758  ohci1394 - ok
22:04:05.0638 0x1758  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:05.0697 0x1758  ose - ok
22:04:05.0770 0x1758  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:04:05.0892 0x1758  p2pimsvc - ok
22:04:05.0952 0x1758  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:04:06.0049 0x1758  p2psvc - ok
22:04:06.0088 0x1758  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:04:06.0189 0x1758  Parport - ok
22:04:06.0282 0x1758  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:04:06.0325 0x1758  partmgr - ok
22:04:06.0412 0x1758  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:04:06.0594 0x1758  PcaSvc - ok
22:04:06.0660 0x1758  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:04:06.0743 0x1758  pci - ok
22:04:06.0785 0x1758  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:04:06.0835 0x1758  pciide - ok
22:04:06.0881 0x1758  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:06.0934 0x1758  pcmcia - ok
22:04:06.0968 0x1758  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:04:07.0026 0x1758  pcw - ok
22:04:07.0095 0x1758  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:04:07.0244 0x1758  PEAUTH - ok
22:04:07.0347 0x1758  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:04:07.0401 0x1758  PerfHost - ok
22:04:07.0519 0x1758  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
22:04:07.0561 0x1758  PGEffect - ok
22:04:07.0703 0x1758  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:04:07.0878 0x1758  pla - ok
22:04:07.0945 0x1758  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:04:08.0040 0x1758  PlugPlay - ok
22:04:08.0069 0x1758  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:04:08.0144 0x1758  PNRPAutoReg - ok
22:04:08.0181 0x1758  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:04:08.0247 0x1758  PNRPsvc - ok
22:04:08.0348 0x1758  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:04:08.0438 0x1758  PolicyAgent - ok
22:04:08.0491 0x1758  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:04:08.0628 0x1758  Power - ok
22:04:08.0698 0x1758  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:04:08.0814 0x1758  PptpMiniport - ok
22:04:08.0877 0x1758  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:04:08.0954 0x1758  Processor - ok
22:04:09.0008 0x1758  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:04:09.0122 0x1758  ProfSvc - ok
22:04:09.0158 0x1758  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
22:04:09.0221 0x1758  ProtectedStorage - ok
22:04:09.0288 0x1758  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:04:09.0457 0x1758  Psched - ok
22:04:09.0545 0x1758  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:04:09.0713 0x1758  ql2300 - ok
22:04:09.0752 0x1758  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:09.0809 0x1758  ql40xx - ok
22:04:09.0864 0x1758  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:04:09.0938 0x1758  QWAVE - ok
22:04:09.0965 0x1758  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:04:10.0047 0x1758  QWAVEdrv - ok
22:04:10.0076 0x1758  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:04:10.0198 0x1758  RasAcd - ok
22:04:10.0253 0x1758  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:10.0341 0x1758  RasAgileVpn - ok
22:04:10.0390 0x1758  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:04:10.0478 0x1758  RasAuto - ok
22:04:10.0528 0x1758  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:10.0670 0x1758  Rasl2tp - ok
22:04:10.0728 0x1758  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:04:10.0837 0x1758  RasMan - ok
22:04:10.0893 0x1758  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:10.0981 0x1758  RasPppoe - ok
22:04:11.0010 0x1758  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:04:11.0111 0x1758  RasSstp - ok
22:04:11.0157 0x1758  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:04:11.0288 0x1758  rdbss - ok
22:04:11.0317 0x1758  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:11.0416 0x1758  rdpbus - ok
22:04:11.0452 0x1758  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:11.0562 0x1758  RDPCDD - ok
22:04:11.0683 0x1758  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:04:11.0766 0x1758  RDPENCDD - ok
22:04:11.0831 0x1758  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:04:11.0904 0x1758  RDPREFMP - ok
22:04:11.0985 0x1758  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:04:12.0080 0x1758  RDPWD - ok
22:04:12.0157 0x1758  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:04:12.0209 0x1758  rdyboost - ok
22:04:12.0242 0x1758  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:04:12.0322 0x1758  RemoteAccess - ok
22:04:12.0370 0x1758  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:04:12.0488 0x1758  RemoteRegistry - ok
22:04:12.0530 0x1758  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:04:12.0611 0x1758  RpcEptMapper - ok
22:04:12.0655 0x1758  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:04:12.0704 0x1758  RpcLocator - ok
22:04:12.0760 0x1758  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:04:12.0874 0x1758  RpcSs - ok
22:04:12.0937 0x1758  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:04:13.0056 0x1758  rspndr - ok
22:04:13.0097 0x1758  RSUSBSTOR - ok
22:04:13.0162 0x1758  [ 483C537E69FA97C77F7FE0E2E1C1F102, B5DCC1C669126C558057B328F86071F35B2FF55A0C595A05FC16F2E893BA48E4 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:04:13.0213 0x1758  RTHDMIAzAudService - ok
22:04:13.0274 0x1758  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:04:13.0341 0x1758  RTL8167 - ok
22:04:13.0389 0x1758  [ 3EC7911ED886DC5D8A9F70129254679C, 9426615904F65BE49FCE39F52A18A15EDD31A06C0E47440D7AE30C1CB385334A ] RTL8187Se       C:\Windows\system32\DRIVERS\RTL8187Se.sys
22:04:13.0481 0x1758  RTL8187Se - ok
22:04:13.0577 0x1758  [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
22:04:13.0693 0x1758  rtl8192se - ok
22:04:13.0725 0x1758  RtsUIR - ok
22:04:13.0747 0x1758  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs           C:\Windows\system32\lsass.exe
22:04:13.0792 0x1758  SamSs - ok
22:04:13.0835 0x1758  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:04:13.0883 0x1758  sbp2port - ok
22:04:13.0930 0x1758  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:04:14.0051 0x1758  SCardSvr - ok
22:04:14.0100 0x1758  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:04:14.0176 0x1758  scfilter - ok
22:04:14.0275 0x1758  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:04:14.0416 0x1758  Schedule - ok
22:04:14.0468 0x1758  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:04:14.0562 0x1758  SCPolicySvc - ok
22:04:14.0607 0x1758  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:04:14.0669 0x1758  SDRSVC - ok
22:04:14.0841 0x1758  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:04:14.0971 0x1758  SDScannerService - ok
22:04:15.0335 0x1758  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:04:15.0478 0x1758  SDUpdateService - ok
22:04:15.0568 0x1758  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:04:15.0628 0x1758  SDWSCService - ok
22:04:15.0741 0x1758  [ 0F4A80438E7286A0E623582F5F2395BD, 72310FA5A9D3D35ABE6AD65DF8E55D52537C8387AF1A92F677CD31EA8C08D502 ] SearchAnonymizer C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
22:04:15.0752 0x1758  SearchAnonymizer - detected UnsignedFile.Multi.Generic ( 1 )
22:04:25.0907 0x1758  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
22:04:25.0907 0x1758  Force sending object to P2P due to detect: SearchAnonymizer
22:04:30.0928 0x1758  Object send P2P result: true
22:04:33.0825 0x1758  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:04:33.0914 0x1758  secdrv - ok
22:04:33.0954 0x1758  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:04:34.0049 0x1758  seclogon - ok
22:04:34.0102 0x1758  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:04:34.0197 0x1758  SENS - ok
22:04:34.0236 0x1758  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:04:34.0327 0x1758  SensrSvc - ok
22:04:34.0376 0x1758  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:04:34.0429 0x1758  Serenum - ok
22:04:34.0478 0x1758  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:04:34.0546 0x1758  Serial - ok
22:04:34.0582 0x1758  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:04:34.0625 0x1758  sermouse - ok
22:04:34.0718 0x1758  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:04:34.0849 0x1758  SessionEnv - ok
22:04:34.0907 0x1758  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:04:34.0996 0x1758  sffdisk - ok
22:04:35.0029 0x1758  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:04:35.0074 0x1758  sffp_mmc - ok
22:04:35.0134 0x1758  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:04:35.0190 0x1758  sffp_sd - ok
22:04:35.0238 0x1758  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:35.0306 0x1758  sfloppy - ok
22:04:35.0388 0x1758  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:04:35.0487 0x1758  SharedAccess - ok
22:04:35.0547 0x1758  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:04:35.0648 0x1758  ShellHWDetection - ok
22:04:35.0700 0x1758  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:35.0752 0x1758  SiSRaid2 - ok
22:04:35.0780 0x1758  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:35.0827 0x1758  SiSRaid4 - ok
22:04:35.0978 0x1758  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:04:36.0070 0x1758  SkypeUpdate - ok
22:04:36.0126 0x1758  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:04:36.0199 0x1758  Smb - ok
22:04:36.0297 0x1758  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:04:36.0383 0x1758  SNMPTRAP - ok
22:04:36.0408 0x1758  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:04:36.0448 0x1758  spldr - ok
22:04:36.0604 0x1758  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:04:36.0694 0x1758  Spooler - ok
22:04:37.0055 0x1758  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:04:37.0349 0x1758  sppsvc - ok
22:04:37.0432 0x1758  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:04:37.0533 0x1758  sppuinotify - ok
22:04:37.0705 0x1758  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:04:37.0824 0x1758  srv - ok
22:04:37.0911 0x1758  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:04:37.0992 0x1758  srv2 - ok
22:04:38.0054 0x1758  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:04:38.0100 0x1758  srvnet - ok
22:04:38.0143 0x1758  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:04:38.0243 0x1758  SSDPSRV - ok
22:04:38.0304 0x1758  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:04:38.0379 0x1758  SstpSvc - ok
22:04:38.0449 0x1758  [ D21FF3592DAEE244EE8376830A672B52, 8CFD9CD93D3B30D21AE1F25D8F0D78EC2876D85BF622D638BBD3809A3373BAFF ] ss_bus          C:\Windows\system32\DRIVERS\ss_bus.sys
22:04:38.0491 0x1758  ss_bus - ok
22:04:38.0553 0x1758  [ 451DB3D10E6112E06B4506D4A7BECEC1, 18C361E7E478CB9991638EE412C05E40B89BAD542519E62F4CED4055A80F3216 ] ss_mdfl         C:\Windows\system32\DRIVERS\ss_mdfl.sys
22:04:38.0602 0x1758  ss_mdfl - ok
22:04:38.0632 0x1758  [ EF40C8A268A5263A0EF48FED8E57CBED, 253C2B5E5075D01B7E27C6F9548291DADB4C9B635849DDA9E2DA3E5785DE9B75 ] ss_mdm          C:\Windows\system32\DRIVERS\ss_mdm.sys
22:04:38.0673 0x1758  ss_mdm - ok
22:04:38.0719 0x1758  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:04:38.0763 0x1758  stexstor - ok
22:04:38.0868 0x1758  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:04:38.0941 0x1758  stisvc - ok
22:04:38.0998 0x1758  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:04:39.0048 0x1758  swenum - ok
22:04:39.0097 0x1758  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:04:39.0190 0x1758  swprv - ok
22:04:39.0321 0x1758  [ BE7311DA9D6833FA69ED04B744A1C8F8, 19DD5E5DCB7F6B1584B5EEDDA8F7D05D1AB97E40E1B7C1AA29AA79B44EBCA964 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:04:39.0369 0x1758  SynTP - ok
22:04:39.0605 0x1758  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:04:39.0787 0x1758  SysMain - ok
22:04:39.0833 0x1758  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:04:39.0919 0x1758  TabletInputService - ok
22:04:40.0015 0x1758  [ D5462D5C8F4AF904D109C5B41B8CD43A, 7784BDE8E07ACB522582A68B6A2AD3D5AF3221603C09D7AE2DD7B71A13307DB2 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
22:04:40.0073 0x1758  tap0901 - ok
22:04:40.0127 0x1758  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:04:40.0213 0x1758  TapiSrv - ok
22:04:40.0257 0x1758  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:04:40.0385 0x1758  TBS - ok
22:04:40.0659 0x1758  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:04:40.0786 0x1758  Tcpip - ok
22:04:41.0014 0x1758  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:04:41.0145 0x1758  TCPIP6 - ok
22:04:41.0230 0x1758  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:04:41.0286 0x1758  tcpipreg - ok
22:04:41.0379 0x1758  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:04:41.0418 0x1758  tdcmdpst - ok
22:04:41.0465 0x1758  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:04:41.0555 0x1758  TDPIPE - ok
22:04:41.0599 0x1758  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:04:41.0646 0x1758  TDTCP - ok
22:04:41.0706 0x1758  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:04:41.0801 0x1758  tdx - ok
22:04:41.0864 0x1758  [ 63B4F544664DC5154FDA4213E2AF09D0, 7DB50068E4DC669032A0B1F6D1C7BA6B12C90131E6A92BE1465430634B39B1F7 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
22:04:41.0916 0x1758  TemproMonitoringService - ok
22:04:41.0975 0x1758  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:04:42.0018 0x1758  TermDD - ok
22:04:42.0155 0x1758  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
22:04:42.0284 0x1758  TermService - ok
22:04:42.0347 0x1758  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:04:42.0443 0x1758  Themes - ok
22:04:42.0484 0x1758  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:04:42.0644 0x1758  THREADORDER - ok
22:04:42.0766 0x1758  [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:04:42.0810 0x1758  TMachInfo - ok
22:04:42.0877 0x1758  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
22:04:42.0927 0x1758  TODDSrv - ok
22:04:43.0039 0x1758  [ 4DB8C79BCEA76063B83B13410366A1F7, 401521222F2E76D6D2E953006EB7C1DBBEA519306B83592DA0031F8ED656CDDE ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:04:43.0125 0x1758  TosCoSrv - ok
22:04:43.0202 0x1758  [ 707800855AFBD7648375EFB1519B8D6D, 29B572174C9DE4ACA15B8A5AF27038781DA14A158558A648C9EC5CAF096B60CF ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:04:43.0273 0x1758  TOSHIBA eco Utility Service - ok
22:04:43.0314 0x1758  [ DD58E1250F604CBBADDA04575E5E2376, 2A5BF5903BE2CA756124FCC66ED8DFD860EC6B30997962302682BE328F9B1E0F ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:04:43.0355 0x1758  TOSHIBA HDD SSD Alert Service - ok
22:04:43.0437 0x1758  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64       C:\Windows\system32\DRIVERS\tos_sps64.sys
22:04:43.0504 0x1758  tos_sps64 - ok
22:04:43.0585 0x1758  [ DE64C52BD0671165CF2EEBF2A728A3E2, 201E7D2CD34248AEAB961C87C8481FA1CD253621C5F26C121F5017D422C74288 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:04:43.0682 0x1758  TPCHSrv - ok
22:04:43.0724 0x1758  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:04:43.0805 0x1758  TrkWks - ok
22:04:43.0874 0x1758  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:04:43.0991 0x1758  TrustedInstaller - ok
22:04:44.0056 0x1758  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:44.0103 0x1758  tssecsrv - ok
22:04:44.0173 0x1758  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:04:44.0264 0x1758  TsUsbFlt - ok
22:04:44.0332 0x1758  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:04:44.0419 0x1758  tunnel - ok
22:04:44.0478 0x1758  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:04:44.0522 0x1758  TVALZ - ok
22:04:44.0586 0x1758  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
22:04:44.0626 0x1758  TVALZFL - ok
22:04:44.0674 0x1758  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:04:44.0727 0x1758  uagp35 - ok
22:04:44.0783 0x1758  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:04:44.0868 0x1758  udfs - ok
22:04:44.0934 0x1758  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:04:45.0006 0x1758  UI0Detect - ok
22:04:45.0069 0x1758  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:04:45.0110 0x1758  uliagpkx - ok
22:04:45.0150 0x1758  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:04:45.0193 0x1758  umbus - ok
22:04:45.0221 0x1758  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:04:45.0262 0x1758  UmPass - ok
22:04:45.0318 0x1758  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:04:45.0417 0x1758  upnphost - ok
22:04:45.0497 0x1758  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:04:45.0571 0x1758  USBAAPL64 - ok
22:04:45.0653 0x1758  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:04:45.0738 0x1758  usbaudio - ok
22:04:45.0781 0x1758  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:45.0893 0x1758  usbccgp - ok
22:04:45.0919 0x1758  USBCCID - ok
22:04:45.0968 0x1758  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:04:46.0026 0x1758  usbcir - ok
22:04:46.0064 0x1758  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:04:46.0133 0x1758  usbehci - ok
22:04:46.0210 0x1758  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:04:46.0272 0x1758  usbhub - ok
22:04:46.0297 0x1758  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:04:46.0341 0x1758  usbohci - ok
22:04:46.0376 0x1758  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:04:46.0424 0x1758  usbprint - ok
22:04:46.0476 0x1758  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:04:46.0577 0x1758  usbscan - ok
22:04:46.0635 0x1758  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:46.0733 0x1758  USBSTOR - ok
22:04:46.0765 0x1758  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:04:46.0806 0x1758  usbuhci - ok
22:04:46.0870 0x1758  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:04:46.0943 0x1758  usbvideo - ok
22:04:46.0997 0x1758  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:04:47.0080 0x1758  UxSms - ok
22:04:47.0118 0x1758  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc        C:\Windows\system32\lsass.exe
22:04:47.0161 0x1758  VaultSvc - ok
22:04:47.0220 0x1758  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:04:47.0262 0x1758  vdrvroot - ok
22:04:47.0331 0x1758  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:04:47.0473 0x1758  vds - ok
22:04:47.0522 0x1758  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:47.0570 0x1758  vga - ok
22:04:47.0602 0x1758  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:04:47.0697 0x1758  VgaSave - ok
22:04:47.0749 0x1758  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:04:47.0814 0x1758  vhdmp - ok
22:04:47.0861 0x1758  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:04:47.0902 0x1758  viaide - ok
22:04:47.0930 0x1758  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:04:47.0970 0x1758  volmgr - ok
22:04:48.0031 0x1758  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:04:48.0101 0x1758  volmgrx - ok
22:04:48.0172 0x1758  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:04:48.0251 0x1758  volsnap - ok
22:04:48.0297 0x1758  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:48.0340 0x1758  vsmraid - ok
22:04:48.0455 0x1758  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:04:48.0626 0x1758  VSS - ok
22:04:48.0657 0x1758  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:04:48.0702 0x1758  vwifibus - ok
22:04:48.0734 0x1758  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:04:48.0804 0x1758  vwififlt - ok
22:04:48.0857 0x1758  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:04:48.0921 0x1758  vwifimp - ok
22:04:48.0985 0x1758  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:04:49.0104 0x1758  W32Time - ok
22:04:49.0184 0x1758  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:04:49.0252 0x1758  WacomPen - ok
22:04:49.0331 0x1758  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:04:49.0417 0x1758  WANARP - ok
22:04:49.0447 0x1758  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:04:49.0518 0x1758  Wanarpv6 - ok
22:04:49.0652 0x1758  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:04:49.0832 0x1758  wbengine - ok
22:04:49.0905 0x1758  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:04:50.0015 0x1758  WbioSrvc - ok
22:04:50.0075 0x1758  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:04:50.0148 0x1758  wcncsvc - ok
22:04:50.0178 0x1758  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:04:50.0232 0x1758  WcsPlugInService - ok
22:04:50.0265 0x1758  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:04:50.0308 0x1758  Wd - ok
22:04:50.0405 0x1758  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:04:50.0501 0x1758  Wdf01000 - ok
22:04:50.0553 0x1758  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:04:50.0631 0x1758  WdiServiceHost - ok
22:04:50.0651 0x1758  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:04:50.0700 0x1758  WdiSystemHost - ok
22:04:50.0761 0x1758  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:04:50.0851 0x1758  WebClient - ok
22:04:50.0896 0x1758  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:04:50.0991 0x1758  Wecsvc - ok
22:04:51.0034 0x1758  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:04:51.0118 0x1758  wercplsupport - ok
22:04:51.0229 0x1758  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:04:51.0352 0x1758  WerSvc - ok
22:04:51.0470 0x1758  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:51.0549 0x1758  WfpLwf - ok
22:04:51.0660 0x1758  [ 402A0507629B3C608C0A9CB0DC9F0E44, 8578B6D6B9404BEB9833718143E8CB27B64E280180BA8E9300ECD1523E0F6F7D ] wgsslvpnsrc     C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
22:04:51.0715 0x1758  wgsslvpnsrc - detected UnsignedFile.Multi.Generic ( 1 )
22:04:54.0611 0x1758  Detect skipped due to KSN trusted
22:04:54.0611 0x1758  wgsslvpnsrc - ok
22:04:54.0690 0x1758  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:04:54.0750 0x1758  WIMMount - ok
22:04:54.0792 0x1758  WinDefend - ok
22:04:54.0849 0x1758  WinHttpAutoProxySvc - ok
22:04:54.0934 0x1758  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:04:55.0028 0x1758  Winmgmt - ok
22:04:55.0185 0x1758  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
22:04:55.0409 0x1758  WinRM - ok
22:04:55.0522 0x1758  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:04:55.0582 0x1758  WinUsb - ok
22:04:55.0664 0x1758  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:04:55.0742 0x1758  Wlansvc - ok
22:04:55.0795 0x1758  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:04:55.0859 0x1758  WmiAcpi - ok
22:04:55.0925 0x1758  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:04:55.0987 0x1758  wmiApSrv - ok
22:04:56.0043 0x1758  WMPNetworkSvc - ok
22:04:56.0084 0x1758  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:04:56.0171 0x1758  WPCSvc - ok
22:04:56.0216 0x1758  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:04:56.0297 0x1758  WPDBusEnum - ok
22:04:56.0348 0x1758  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:04:56.0454 0x1758  ws2ifsl - ok
22:04:56.0510 0x1758  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:04:56.0614 0x1758  wscsvc - ok
22:04:56.0684 0x1758  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:04:56.0811 0x1758  WSDPrintDevice - ok
22:04:56.0908 0x1758  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:04:56.0956 0x1758  WSDScan - ok
22:04:56.0990 0x1758  WSearch - ok
22:04:57.0183 0x1758  [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:04:57.0430 0x1758  wuauserv - ok
22:04:57.0511 0x1758  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:04:57.0622 0x1758  WudfPf - ok
22:04:57.0705 0x1758  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:57.0819 0x1758  WUDFRd - ok
22:04:57.0891 0x1758  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:04:57.0966 0x1758  wudfsvc - ok
22:04:58.0030 0x1758  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:04:58.0114 0x1758  WwanSvc - ok
22:04:58.0223 0x1758  ================ Scan global ===============================
22:04:58.0250 0x1758  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:04:58.0316 0x1758  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
22:04:58.0359 0x1758  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
22:04:58.0405 0x1758  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:04:58.0455 0x1758  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:04:58.0466 0x1758  [ Global ] - ok
22:04:58.0467 0x1758  ================ Scan MBR ==================================
22:04:58.0479 0x1758  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:04:58.0843 0x1758  \Device\Harddisk0\DR0 - ok
22:04:58.0869 0x1758  [ 4E109E088EF4F29892FB4B77AB48296C ] \Device\Harddisk1\DR1
22:04:59.0095 0x1758  \Device\Harddisk1\DR1 - ok
22:04:59.0096 0x1758  ================ Scan VBR ==================================
22:04:59.0101 0x1758  [ 7E8E4EDD9F8DCCA351CFF6B73194B3E1 ] \Device\Harddisk0\DR0\Partition1
22:04:59.0103 0x1758  \Device\Harddisk0\DR0\Partition1 - ok
22:04:59.0115 0x1758  [ 48EF7649389F93C25642778735EC3EF3 ] \Device\Harddisk0\DR0\Partition2
22:04:59.0118 0x1758  \Device\Harddisk0\DR0\Partition2 - ok
22:04:59.0126 0x1758  [ 7E0D21FA38C0F08B8683A4132A432BEA ] \Device\Harddisk1\DR1\Partition1
22:04:59.0140 0x1758  \Device\Harddisk1\DR1\Partition1 - ok
22:04:59.0141 0x1758  ================ Scan generic autorun ======================
22:04:59.0233 0x1758  [ 2609B39056B07ACB3ACFFB9062D9A5E4, A6FE58220D23223512DD0539301C9FAEE1C4CBA6D992CFA567FA47FF94311670 ] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
22:04:59.0329 0x1758  Toshiba TEMPRO - ok
22:04:59.0333 0x1758  TosNC - ok
22:04:59.0337 0x1758  TosReelTimeMonitor - ok
22:04:59.0341 0x1758  SmoothView - ok
22:04:59.0345 0x1758  TPwrMain - ok
22:04:59.0349 0x1758  00TCrdMain - ok
22:04:59.0717 0x1758  [ 910AFE116ADE17C93E892C38452075F9, E9CBFCF0549CACAC9B40BB67454548F996F1856AAF568D751015A3158F47043A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:05:00.0163 0x1758  RtHDVCpl - ok
22:05:00.0185 0x1758  SynTPEnh - ok
22:05:00.0189 0x1758  SmartFaceVWatcher - ok
22:05:00.0265 0x1758  [ B051321EE9D0318DD07EBEBB2031612E, 9F27B5841027825418CCCB87B6B14D50AEB11B1FD1492018D62450627AE20DDF ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
22:05:00.0348 0x1758  TosSENotify - ok
22:05:00.0362 0x1758  Teco - ok
22:05:00.0363 0x1758  TosWaitSrv - ok
22:05:00.0416 0x1758  [ BF0507C2B765AC0E71E82049650B0953, 3ACC7BBBC2D2B7F8B53EE9AA7431584022FEB370CC2DE4DDE2E2026FC2167A6F ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
22:05:00.0475 0x1758  Toshiba Registration - ok
22:05:00.0615 0x1758  [ BA636F9E95FA09C1F7A0F394B75AC85B, 7996ADA436D80DD7DA8613E9D993838DA2BCED816E21896C8A6F9781DEC2BF4C ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
22:05:00.0775 0x1758  CanonMyPrinter - ok
22:05:00.0894 0x1758  [ 223AD0CA4092AEFFE0D0DE25502A3DB6, D7A0E5639D329C8245515712125C7C489645B70A06A4F6D1DBE06BA7BD3C96DC ] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
22:05:01.0280 0x1758  CanonSolutionMenu - ok
22:05:01.0317 0x1758  [ CC450F79AC71C54FFE48527B9C547259, 8557B9B3E950498559DA2A0336D6BADDC2A63A862319DBDF831D1DDE112B06C1 ] C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
22:05:01.0345 0x1758  Ocs_SM - detected UnsignedFile.Multi.Generic ( 1 )
22:05:04.0314 0x1758  Detect skipped due to KSN trusted
22:05:04.0314 0x1758  Ocs_SM - ok
22:05:04.0412 0x1758  [ 02A27FC0972181EF743160BE9F62F2B4, 0E5B5684E892B1CE83C8A50A23F8478E8D01E2DD283337B5B263FDA4C2654E9F ] C:\Program Files\iTunes\iTunesHelper.exe
22:05:04.0484 0x1758  iTunesHelper - ok
22:05:04.0568 0x1758  [ 8143723D21F4FA9B7AA295A29AE9541C, 3261A2463A5E4D8068964CD9ECCA1B203B21BFA2F8AC8EAA5AF32DC08D03FE38 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:05:04.0619 0x1758  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
22:05:07.0489 0x1758  Detect skipped due to KSN trusted
22:05:07.0489 0x1758  StartCCC - ok
22:05:07.0560 0x1758  [ E579644A3F6196BDD8D1B00EC12FC7E6, A63F2C90FB74518D4DB4DA0381BFFE9509624DB6D9D4573BD24542094567211C ] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
22:05:07.0616 0x1758  SVPWUTIL - detected UnsignedFile.Multi.Generic ( 1 )
22:05:10.0713 0x1758  Detect skipped due to KSN trusted
22:05:10.0713 0x1758  SVPWUTIL - ok
22:05:10.0804 0x1758  [ 8107E3A186C034DDEB14718D71332714, 641AD52C6F624A59648043D6E044B772B76DA1C82C4B3258A109A2FB67AACFA3 ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
22:05:10.0883 0x1758  HWSetup - detected UnsignedFile.Multi.Generic ( 1 )
22:05:13.0992 0x1758  Detect skipped due to KSN trusted
22:05:13.0992 0x1758  HWSetup - ok
22:05:14.0027 0x1758  [ C5B2679B0AE204FDD0415199B7AFEF20, A488839697F72F5E914DC87077F196F355E4AA85A5AC9C555D67BB47CC198750 ] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
22:05:14.0084 0x1758  KeNotify - ok
22:05:14.0146 0x1758  [ CDC5106D846A7006AD3FA099367457C1, D2FC7A9AD30705C5D200D8E3CBBAC9A7C1F9AF82CA397EAFC45A4A587CF00F24 ] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
22:05:14.0202 0x1758  Philips Device Listener - detected UnsignedFile.Multi.Generic ( 1 )
22:05:17.0053 0x1758  Detect skipped due to KSN trusted
22:05:17.0053 0x1758  Philips Device Listener - ok
22:05:17.0158 0x1758  [ 7FA30B0DE75D61B4E8E8734B2BB6CA6C, C545C83A6F7B6CDFA2C0393553AE3CCCE6FCC11CCB4026470D414B06EC679581 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
22:05:17.0242 0x1758  FUFAXRCV - detected UnsignedFile.Multi.Generic ( 1 )
22:05:20.0119 0x1758  Detect skipped due to KSN trusted
22:05:20.0119 0x1758  FUFAXRCV - ok
22:05:20.0213 0x1758  [ E476F00C910C1A96978FB30859E10919, 3F0DDF6DC7DB346BFB8AD9DD76F53143415FEED620A49B35A16168606A1942B4 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
22:05:20.0296 0x1758  FUFAXSTM - detected UnsignedFile.Multi.Generic ( 1 )
22:05:23.0170 0x1758  Detect skipped due to KSN trusted
22:05:23.0170 0x1758  FUFAXSTM - ok
22:05:23.0271 0x1758  [ D3AC38E80E928CC61A22650E04423BB8, 8DB324E5BCC2A721EB0C48F0F3ECC21E49D6172A3BF8ACC55244C08FAEB3101C ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
22:05:23.0367 0x1758  EEventManager - ok
22:05:23.0370 0x1758  RadioRage AppIntegrator 32-bit - ok
22:05:23.0375 0x1758  RadioRage AppIntegrator 64-bit - ok
22:05:23.0432 0x1758  SunJavaUpdateSched - ok
22:05:23.0433 0x1758  Elite Unzip AppIntegrator 32-bit - ok
22:05:23.0436 0x1758  Elite Unzip AppIntegrator 64-bit - ok
22:05:23.0679 0x1758  [ A6ABD4AF02AB03676DEA55F383ABC7C2, 62F838618C78A297D970EC58F97F2D843EBFEF2D81754D658664BEEED79BFB50 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
22:05:23.0750 0x1758  avgnt - ok
22:05:23.0837 0x1758  [ 5120CD65A74A5E054FB2B0577688024C, 2C771743C797ED2F94E4C0CD7472D20532DB6C3E95DEB0DA4D14D6B5469EE273 ] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
22:05:23.0885 0x1758  Avira Systray - ok
22:05:23.0974 0x1758  [ C2CE42005E3381A95460876020518440, 562EB30DA9A1DB58DB221423177C0680E69A4C38EEE2D5FD936633B2EB8A616E ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:05:24.0022 0x1758  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:05:28.0150 0x1758  Detect skipped due to KSN trusted
22:05:28.0150 0x1758  QuickTime Task - ok
22:05:28.0430 0x1758  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
22:05:28.0708 0x1758  SDTray - ok
22:05:28.0816 0x1758  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:05:28.0980 0x1758  Sidebar - ok
22:05:29.0014 0x1758  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:05:29.0067 0x1758  mctadmin - ok
22:05:29.0130 0x1758  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:05:29.0215 0x1758  Sidebar - ok
22:05:29.0230 0x1758  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:05:29.0297 0x1758  mctadmin - ok
22:05:29.0631 0x1758  [ B67F316DE1EEFB0DADC1AF30633A9D83, E0121463E8E9C529A79FB287FA693C48B5659C7EFD059AA9B7661E43CEDB583D ] C:\Program Files\CCleaner\CCleaner64.exe
22:05:30.0016 0x1758  ccleaner - ok
22:05:30.0197 0x1758  [ FC45DD30E97A967664932FD5A124412D, 71E12C9AD9680852D9E492B504ABF334DDD72EE583786F870D9812B0B96B5880 ] C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe
22:05:30.0314 0x1758  Polar FlowSync - detected UnsignedFile.Multi.Generic ( 1 )
22:05:40.0314 0x1758  Polar FlowSync ( UnsignedFile.Multi.Generic ) - warning
22:05:46.0455 0x1758  [ F341DD6145F779CE5B732BC6BC6A3370, 67CE7E6DD5969C8DE34473E01D60D52FABC740B056287C2E261A36F97993ED0D ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
22:05:46.0514 0x1758  iCloudServices - ok
22:05:46.0542 0x1758  [ 944E77A49DBAF8F6BB473118C116E59E, 0DA67736F1841A270AB24C13BA8FF4021A8950EB58B4985774F4B224B832B0DA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
22:05:46.0588 0x1758  ApplePhotoStreams - ok
22:05:46.0718 0x1758  [ 585462051E79B30D0282D246F583977D, 7A2958530C4DC02DA1ACD0A8C5E0D04C63AE26AFA49A5444D4872852778D5F50 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE
22:05:46.0781 0x1758  EPLTarget\P0000000000000000 - ok
22:05:46.0783 0x1758  Web Companion - ok
22:05:47.0103 0x1758  [ BBFED9378719CF8E0C3DEDC979B5D649, CF1E3137325E463A265B78354D938BC8269186D958FEA60FECC5D7BC5A180C6A ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
22:05:47.0505 0x1758  TOSHIBA Online Product Information - ok
22:05:47.0810 0x1758  [ BBFED9378719CF8E0C3DEDC979B5D649, CF1E3137325E463A265B78354D938BC8269186D958FEA60FECC5D7BC5A180C6A ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
22:05:48.0203 0x1758  TOSHIBA Online Product Information - ok
22:05:48.0532 0x1758  [ BBFED9378719CF8E0C3DEDC979B5D649, CF1E3137325E463A265B78354D938BC8269186D958FEA60FECC5D7BC5A180C6A ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
22:05:48.0860 0x1758  TOSHIBA Online Product Information - ok
22:05:48.0884 0x1758  Waiting for KSN requests completion. In queue: 6
22:05:49.0884 0x1758  Waiting for KSN requests completion. In queue: 6
22:05:50.0884 0x1758  Waiting for KSN requests completion. In queue: 6
22:05:52.0005 0x1758  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.11.550 ), 0x41000 ( enabled : updated )
22:05:52.0021 0x1758  Win FW state via NFP2: enabled
22:05:54.0809 0x1758  ============================================================
22:05:54.0809 0x1758  Scan finished
22:05:54.0809 0x1758  ============================================================
22:05:54.0834 0x1888  Detected object count: 2
22:05:54.0834 0x1888  Actual detected object count: 2
22:05:59.0523 0x1888  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
22:05:59.0523 0x1888  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:05:59.0524 0x1888  Polar FlowSync ( UnsignedFile.Multi.Generic ) - skipped by user
22:05:59.0524 0x1888  Polar FlowSync ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Code:
ATTFilter
Emsisoft Emergency Kit - Version 10.0
Letztes Update: 21.07.2015 21:01:17
Benutzerkonto: igrub-TOSH\i.grub

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	21.07.2015 21:07:19
C:\ProgramData\apn 	Gefunden: Application.AppInstall (A)
C:\Users\Fabian\AppData\Local\Temp\apn 	Gefunden: Application.Win32.WebToolbar (A)
C:\Users\Fabian\AppData\Roaming\radiorage_4j 	Gefunden: Application.AppInstall (A)
C:\ProgramData\partner 	Gefunden: Application.AppInstall (A)
C:\Users\i.grub\AppData\Local\iac 	Gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B} 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RADIORAGE_4J.TOOLBARPROTECTOR 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RADIORAGE_4J.TOOLBARPROTECTOR.1 	Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6} 	Gefunden: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1001\SOFTWARE\APN 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APN 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\CIUVO 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CIUVO 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\RADIORAGE_4J 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RADIORAGE_4J 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\SOFTONIC 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ASKPARTNERNETWORK 	Gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\ASKPARTNERNETWORK 	Gefunden: Application.InstallAd (A)

Gescannt:	73284
Gefunden	20

Scan-Ende:	21.07.2015 21:19:04
Scan-Zeit:	0:11:45

Key: HKEY_USERS\S-1-5-18\SOFTWARE\ASKPARTNERNETWORK	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ASKPARTNERNETWORK	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\SOFTONIC	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RADIORAGE_4J	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\RADIORAGE_4J	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CIUVO	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\CIUVO	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APN	Gelöscht Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-4106851975-1791392289-4257475713-1001\SOFTWARE\APN	Gelöscht Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}	Gelöscht Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RADIORAGE_4J.TOOLBARPROTECTOR.1	Gelöscht Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RADIORAGE_4J.TOOLBARPROTECTOR	Gelöscht Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}	Gelöscht Application.AdReg (A)

Gelöscht	14
         
Code:
ATTFilter
Emsisoft Emergency Kit - Version 10.0
Letztes Update: 21.07.2015 21:01:17
Benutzerkonto: igrub-TOSH\i.grub

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	21.07.2015 21:52:21

Gescannt:	73238
Gefunden	0

Scan-Ende:	21.07.2015 22:02:31
Scan-Zeit:	0:10:10
         
Gruß,
igrub

Alt 22.07.2015, 08:14   #7
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Bis jetzt seh ich nur Adware.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.07.2015, 13:43   #8
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Code:
ATTFilter
ComboFix 15-07-20.01 - i.grub 22.07.2015  14:12:15.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3838.1413 [GMT 2:00]
ausgeführt von:: c:\users\i.grub\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\users\i.grub\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\I8613~1.GRU\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-22 bis 2015-07-22  ))))))))))))))))))))))))))))))
.
.
2015-07-21 18:54 . 2015-07-21 20:09	--------	d-----w-	C:\EEK
2015-07-21 16:38 . 2015-07-21 16:38	--------	d-----w-	c:\programdata\Malwarebytes
2015-07-21 16:37 . 2015-07-21 17:27	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-21 16:37 . 2015-07-21 16:37	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-21 16:34 . 2015-07-21 16:34	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-07-21 15:37 . 2015-07-21 15:42	--------	d-----w-	C:\FRST
2015-07-21 05:23 . 2015-07-15 03:19	41984	----a-w-	c:\windows\system32\lpk.dll
2015-07-21 05:23 . 2015-07-15 01:59	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-07-21 05:23 . 2015-07-15 01:52	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-07-21 05:23 . 2015-07-15 03:19	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-07-21 05:23 . 2015-07-15 03:19	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-07-21 05:23 . 2015-07-15 03:19	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-07-21 05:23 . 2015-07-15 02:55	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-07-21 05:23 . 2015-07-15 02:55	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-07-21 05:23 . 2015-07-15 02:55	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-07-21 05:23 . 2015-07-15 02:54	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-07-17 12:32 . 2015-06-23 23:22	12221144	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{28AB2E7E-06CD-4897-B5A5-87B255FB7AEF}\mpengine.dll
2015-07-16 16:42 . 2015-07-16 16:42	19198128	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-07-16 16:37 . 2015-07-16 16:37	--------	d-----w-	C:\searchplugins
2015-07-16 16:35 . 2015-06-08 12:13	428880	----a-w-	c:\windows\system32\LavasoftTcpService64.dll
2015-07-16 16:35 . 2015-06-08 12:13	348488	----a-w-	c:\windows\SysWow64\LavasoftTcpService.dll
2015-07-15 15:44 . 2015-06-23 11:30	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-07-15 11:50 . 2015-06-20 19:57	49664	----a-w-	c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-07-15 11:49 . 2015-07-04 18:07	2087424	----a-w-	c:\windows\system32\ole32.dll
2015-07-15 11:48 . 2015-06-15 21:45	3242496	----a-w-	c:\windows\system32\msi.dll
2015-07-14 17:43 . 2015-07-14 17:44	--------	d-----w-	c:\program files (x86)\iTunes
2015-07-14 17:43 . 2015-07-14 17:43	--------	d-----w-	c:\program files\iPod
2015-07-14 17:43 . 2015-07-14 17:45	--------	d-----w-	c:\program files\iTunes
2015-07-14 17:34 . 2015-07-14 17:34	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-14 17:34 . 2015-07-14 17:34	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-14 17:34 . 2015-07-14 17:34	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-14 17:34 . 2015-07-14 17:34	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-14 17:34 . 2015-07-14 17:34	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-14 17:33 . 2015-07-14 17:34	--------	d-----w-	c:\program files (x86)\QuickTime
2015-06-29 13:43 . 2015-06-29 13:43	229608	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-17 05:44 . 2015-01-25 09:23	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-17 05:44 . 2015-01-25 09:23	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:43 . 2015-07-15 11:51	93184	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-07-09 17:43 . 2015-07-15 11:51	30208	----a-w-	c:\windows\SysWow64\wups.dll
2015-07-09 17:43 . 2015-07-15 11:51	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-07-09 17:43 . 2015-07-15 11:51	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-07-09 17:42 . 2015-07-15 11:51	34816	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-07-03 06:43 . 2010-06-14 20:04	130333168	----a-w-	c:\windows\system32\MRT.exe
2015-06-16 23:01 . 2015-06-16 23:01	1202856	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-06-16 22:23 . 2015-06-16 22:23	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2015-06-16 22:23 . 2015-06-16 22:23	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2015-06-10 21:08 . 2015-06-10 21:08	6112072	----a-w-	c:\windows\system32\usbaaplrc.dll
2015-06-10 21:08 . 2015-06-10 21:08	54784	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2015-06-09 08:01 . 2015-04-13 18:16	153256	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-06-09 08:01 . 2015-04-13 18:16	132656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-25 18:24 . 2015-06-10 08:40	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 08:40	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 08:40	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 08:40	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 08:40	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 08:40	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 08:40	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 08:40	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 08:40	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 08:40	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 08:40	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 08:40	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 08:40	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 08:40	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 08:40	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 08:40	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 08:40	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 08:40	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 08:40	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 08:40	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 08:40	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 08:40	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 08:40	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 08:40	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 08:40	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 08:40	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 08:40	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 08:40	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 08:40	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 08:40	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 08:40	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 08:40	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 08:40	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 08:40	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 08:40	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 08:40	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 08:40	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 08:40	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 08:40	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 08:40	82944	----a-w-	c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 08:40	17408	----a-w-	c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 08:40	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 08:40	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 08:40	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-10 08:40	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 08:40	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-30 15:40	222832	----a-w-	c:\users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-30 15:40	222832	----a-w-	c:\users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-30 15:40	222832	----a-w-	c:\users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-04-23 6070040]
"Polar FlowSync"="c:\program files (x86)\Polar\Polar FlowSync\FlowSync.exe" [2014-11-11 1125376]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-04-26 43816]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE" [2012-07-12 241280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-06-02 134368]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-16 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\a.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6500 E710a-f\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1162246D05JZ;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 epp64;epp64;c:\eek\bin\epp64.sys;c:\eek\bin\epp64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe;c:\users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe;c:\program files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 05:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-30 15:40	261744	----a-w-	c:\users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-30 15:40	261744	----a-w-	c:\users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-30 15:40	261744	----a-w-	c:\users\i.grub\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Ocs_SM"="c:\users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-21 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 170280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.arcor.de
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.arcor.de
mWindow Title = Vodafone AG & Co. KG
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Arcor Online - (no file)
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKLM-Run-RadioRage AppIntegrator 32-bit - c:\progra~2\RADIOR~1\bar\1.bin\AppIntegrator.exe
Wow6432Node-HKLM-Run-RadioRage AppIntegrator 64-bit - c:\progra~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.8.0_31\bin\jusched.exe
Wow6432Node-HKLM-Run-Elite Unzip AppIntegrator 32-bit - c:\progra~2\ELITEU~1\bar\1.bin\AppIntegrator.exe
Wow6432Node-HKLM-Run-Elite Unzip AppIntegrator 64-bit - c:\progra~2\ELITEU~1\bar\1.bin\AppIntegrator64.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-22  14:38:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-22 12:38
.
Vor Suchlauf: 16 Verzeichnis(se), 164.974.362.624 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 164.284.432.384 Bytes frei
.
- - End Of File - - 9C496EDB67010170786FA928E8D083BD
A36C5E4F47E84449FF07ED3517B43A31
         
Danke und Gruß,
igrub

Alt 23.07.2015, 07:09   #9
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2015, 17:22   #10
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



hier die Logfiles:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.07.2015
Suchlaufzeit: 14:47
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.23.02
Rootkit-Datenbank: v2015.07.22.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: i.grub

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 538411
Abgelaufene Zeit: 2 Std., 31 Min., 19 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 15
PUP.Optional.MyWebSearch, HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{110a9ea2-8810-4c04-b916-cfd4e9427fec}, In Quarantäne, [81ad33b2f694181eeb5aa91e4ab8ab55], 
PUP.Optional.MyWebSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}, In Quarantäne, [81ad33b2f694181eeb5aa91e4ab8ab55], 
PUP.Optional.Ask.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, In Quarantäne, [f03e14d17b0fec4adcae5e2bb74b5aa6], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75685C45-50A6-4939-90E6-80B9BA5869E3}, In Quarantäne, [3cf2a144523842f4b962593a64a0a25e], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95969FA6-C35A-4552-A1FE-34C45FE13799}, In Quarantäne, [39f58b5abbcf82b4ca51672c8f75af51], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}, In Quarantäne, [052918cdb5d513231902f69d38ccd52b], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB9EFCEE-B30C-4989-98CC-EE371FA5B355}, In Quarantäne, [151911d4abdf6ec852c94b4864a0ad53], 
PUP.Optional.Ask.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{134966F0-C7F4-43FC-98F8-5A4B94504718}, In Quarantäne, [8da1bd28a1e9ee489d61326555afc937], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1001\SOFTWARE\APPDATALOW\SOFTWARE\EliteUnzip_aa, In Quarantäne, [88a632b3d8b2023416e461ddf90a27d9], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1001\SOFTWARE\APPDATALOW\SOFTWARE\RadioRage_4j, In Quarantäne, [72bc22c341498caa4b7c6bd3b2510cf4], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1002\SOFTWARE\APPDATALOW\SOFTWARE\EliteUnzip_aa, In Quarantäne, [57d7f7ee1e6c8ea8d921d36ba162966a], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1002\SOFTWARE\APPDATALOW\SOFTWARE\RadioRage_4j, In Quarantäne, [0f1fc61f6e1c0f27fbccac9213f030d0], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\APPDATALOW\SOFTWARE\EliteUnzip_aa, In Quarantäne, [de50994c4c3e71c5669453eb867dde22], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\APPDATALOW\SOFTWARE\RadioRage_4j, In Quarantäne, [3af45d880981ef4702c55de109faee12], 
PUP.Optional.Ask.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{39C9771E-95CB-48FD-AAED-FF09CE51CEAD}, In Quarantäne, [a787a93cb5d551e56e908e091ee64ab6], 

Registrierungswerte: 12
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}, In Quarantäne, [0f1ff9ecb6d48ea818c4f2985ea42fd1], 
PUP.Optional.Mindspark.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}, In Quarantäne, [0f1ff9ecb6d48ea818c4f2985ea42fd1], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75685c45-50a6-4939-90e6-80b9ba5869e3}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, In Quarantäne, [3cf2a144523842f4b962593a64a0a25e]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95969fa6-c35a-4552-a1fe-34c45fe13799}|AppPath, C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin, In Quarantäne, [39f58b5abbcf82b4ca51672c8f75af51]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a25aa6e2-1cde-4d0f-a5d4-4898d7fb3c86}|AppPath, C:\Program Files (x86)\RadioRage_4j\bar\1.bin, In Quarantäne, [052918cdb5d513231902f69d38ccd52b]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{db9efcee-b30c-4989-98cc-ee371fa5b355}|AppPath, C:\Program Files (x86)\EliteUnzip_aa\bar\1.bin, In Quarantäne, [151911d4abdf6ec852c94b4864a0ad53]
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{110a9ea2-8810-4c04-b916-cfd4e9427fec}|DisplayName, Ask Web Search, In Quarantäne, [38f67174f6942d09a6d591fcb1537c84]
PUP.Optional.ASK.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{110a9ea2-8810-4c04-b916-cfd4e9427fec}|URL, hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^man000^YYA^&ptb=0E21E33B-E3EA-4BBB-831D-FBEAD6061710&ind=2015012910&n=781aa82e&psa=&st=sb&searchfor={searchTerms}, In Quarantäne, [ce608a5bf397a49297bcdeb121e37789]
PUP.Optional.Ask.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{110a9ea2-8810-4c04-b916-cfd4e9427fec}|DisplayName, Ask Web Search, In Quarantäne, [fd31f8ed25656bcb18621c7119ebcd33]
PUP.Optional.ASK.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{110a9ea2-8810-4c04-b916-cfd4e9427fec}|URL, hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^man000^YYA^&ptb=0E21E33B-E3EA-4BBB-831D-FBEAD6061710&ind=2015012910&n=781aa82e&psa=&st=sb&searchfor={searchTerms}, In Quarantäne, [b678cd186327c86e9ab8a0efc341f30d]
PUP.Optional.Ask.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{134966F0-C7F4-43FC-98F8-5A4B94504718}|SuggestionsURL_JSON, hxxp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}, In Quarantäne, [8da1bd28a1e9ee489d61326555afc937]
PUP.Optional.Ask.A, HKU\S-1-5-21-4106851975-1791392289-4257475713-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{39C9771E-95CB-48FD-AAED-FF09CE51CEAD}|SuggestionsURL_JSON, hxxp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}, In Quarantäne, [a787a93cb5d551e56e908e091ee64ab6]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 2
PUP.Optional.Mindspark, C:\Users\i.grub\Downloads\EliteUnzipSetup2.5.15.9.^BDG^man000^YYA^.exe, In Quarantäne, [101e687d1f6ba09618b5a86b17ee4bb5], 
PUP.Optional.Mindspark, C:\Users\i.grub\Downloads\RadioRageSetup2.5.15.8.^ZX^man000^YYA^.exe, In Quarantäne, [052916cff09aca6cf2dbca49ae572fd1], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 23/07/2015 um 17:48:12
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : i.grub - IGRUB-TOSH
# Gestarted von : C:\Users\i.grub\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SearchAnonymizer

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\i.grub\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\i.grub\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\i.grub\AppData\Roaming\OCS

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\EliteUnzip_aa.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2938A84F-359F-4435-AA1B-92D2FA1C79CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2BF29A1A-3E9B-4D25-AD63-FC9F39CE968F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4DC58A45-E0B8-4E4E-B8B0-6624DE9E611D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70FB88F2-6A2E-43FD-BDAD-A50A247ABA56}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{746DD7C1-EDBA-4D28-BE76-78EBF3CC6045}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F943A04A-4B91-451B-A393-07C2FCAF3E5F}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v


-\\ Opera v30.0.1835.125

[C:\Users\i.grub\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Gelöscht [Search Provider] : hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
[C:\Users\i.grub\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Gelöscht [Search Provider] : hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
[C:\Users\i.grub\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Gelöscht [Search Provider] : hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
[C:\Users\i.grub\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Gelöscht [Search Provider] : hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
[C:\Users\i.grub\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Gelöscht [Search Provider] : hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0
[C:\Users\i.grub\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Gelöscht [Search Provider] : hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9562c6f7-495c-452b-bbb5-cf820767e445&pid=sharewarede&mode=bounce&k=0

*************************

AdwCleaner[R0].txt - [5054 Bytes] - [23/07/2015 17:46:05]
AdwCleaner[S0].txt - [4070 Bytes] - [23/07/2015 17:48:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4129  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by i.grub on 23.07.2015 at 18:01:12,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google



~~~ Chrome


[C:\Users\i.grub\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\i.grub\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\i.grub\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\i.grub\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2015 at 18:16:47,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by i.grub (administrator) on IGRUB-TOSH on 23-07-2015 18:17:23
Running from C:\Users\i.grub\Downloads
Loaded Profiles: i.grub (Available Profiles: i.grub & a.grub & Sarah & Fabian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Ocs_SM] => C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2010-10-15] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6070040 2013-04-23] (Piriform Ltd)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\a.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-14]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-07-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2011-05-19]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk [2013-08-05]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-20]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-4106851975-1791392289-4257475713-1003\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4106851975-1791392289-4257475713-1002\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{02044DE9-D0E8-4D7A-B161-CCCB42A20904}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{07549D3A-D03E-4DF1-B049-BC57FFC4DACB}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4106851975-1791392289-4257475713-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\i.grub\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-26] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\i.grub\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
S2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2013-04-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-01-24] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-07-21] (Emsisoft GmbH)
R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2010-11-11] (GEAR Software Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-01-24] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 18:16 - 2015-07-23 18:16 - 00001224 _____ C:\Users\i.grub\Desktop\JRT.txt
2015-07-23 18:00 - 2015-07-23 18:00 - 01798288 _____ (Malwarebytes Corporation) C:\Users\i.grub\Downloads\JRT.exe
2015-07-23 17:45 - 2015-07-23 17:48 - 00000000 ____D C:\AdwCleaner
2015-07-23 17:44 - 2015-07-23 17:44 - 02248704 _____ C:\Users\i.grub\Downloads\AdwCleaner_4.208.exe
2015-07-23 17:42 - 2015-07-23 17:53 - 00000000 ____D C:\Users\i.grub\Antiviren-Suchlauf-Protokolle
2015-07-23 14:42 - 2015-07-23 14:45 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-23 14:41 - 2015-07-23 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-23 14:41 - 2015-07-23 14:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-23 14:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-23 14:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-23 14:38 - 2015-07-23 14:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\i.grub\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-22 16:06 - 2015-07-22 14:24 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20150722-160620.backup
2015-07-22 14:57 - 2015-07-22 14:57 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-22 14:57 - 2015-07-22 14:57 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-22 14:57 - 2015-07-22 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-22 14:57 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-22 14:55 - 2015-07-22 14:56 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (4).exe
2015-07-22 14:38 - 2015-07-22 14:38 - 00033639 _____ C:\ComboFix.txt
2015-07-22 14:31 - 2015-07-23 17:49 - 00167216 ____N C:\Windows\WindowsUpdate.log
2015-07-22 14:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-22 14:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-22 14:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-22 14:03 - 2015-07-22 14:38 - 00000000 ____D C:\Qoobox
2015-07-22 14:03 - 2015-07-22 14:34 - 00000000 ____D C:\Windows\erdnt
2015-07-22 14:01 - 2015-07-22 14:01 - 05632853 ____R (Swearware) C:\Users\i.grub\Downloads\ComboFix.exe
2015-07-21 21:22 - 2015-07-21 21:22 - 00003148 _____ C:\EamClean.log
2015-07-21 20:55 - 2015-07-21 20:56 - 00000750 _____ C:\Users\i.grub\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-21 20:54 - 2015-07-21 22:09 - 00000000 ____D C:\EEK
2015-07-21 20:47 - 2015-07-21 20:52 - 162103944 _____ C:\Users\i.grub\Downloads\EmsisoftEmergencyKit.exe
2015-07-21 19:28 - 2015-07-21 19:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\i.grub\Downloads\tdsskiller.exe
2015-07-21 18:38 - 2015-07-23 14:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-21 18:37 - 2015-07-23 17:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-21 18:37 - 2015-07-23 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-21 18:34 - 2015-07-21 19:26 - 00000000 ____D C:\Users\i.grub\Desktop\mbar
2015-07-21 18:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-21 18:33 - 2015-07-21 18:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\i.grub\Downloads\mbar-1.09.1.1004.exe
2015-07-21 17:58 - 2015-07-21 17:58 - 00014726 _____ C:\Users\i.grub\Downloads\Gmer.txt
2015-07-21 17:44 - 2015-07-21 17:44 - 00380416 _____ C:\Users\i.grub\Downloads\Gmer-19357.exe
2015-07-21 17:38 - 2015-07-21 17:42 - 00059724 _____ C:\Users\i.grub\Downloads\Addition.txt
2015-07-21 17:37 - 2015-07-23 18:17 - 00019077 _____ C:\Users\i.grub\Downloads\FRST.txt
2015-07-21 17:37 - 2015-07-23 18:17 - 00000000 ____D C:\FRST
2015-07-21 17:36 - 2015-07-21 17:36 - 02135552 _____ (Farbar) C:\Users\i.grub\Downloads\FRST64.exe
2015-07-21 17:31 - 2015-07-21 18:01 - 00000474 _____ C:\Users\i.grub\Downloads\defogger_disable.log
2015-07-21 17:31 - 2015-07-21 17:31 - 00050477 _____ C:\Users\i.grub\Downloads\Defogger.exe
2015-07-21 17:31 - 2015-07-21 17:31 - 00000000 _____ C:\Users\i.grub\defogger_reenable
2015-07-21 07:23 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 07:23 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 07:23 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 07:23 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 07:35 - 2015-07-17 07:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (2).exe
2015-07-16 18:42 - 2015-07-16 18:42 - 19198128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-16 18:37 - 2015-07-16 18:37 - 00000000 ____D C:\searchplugins
2015-07-16 18:35 - 2015-07-16 19:08 - 00002968 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-16 18:35 - 2015-07-16 19:08 - 00002968 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-07-16 18:35 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-07-16 18:35 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-07-16 18:30 - 2015-07-17 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-16 18:25 - 2015-07-16 18:25 - 02024048 _____ C:\Users\i.grub\Downloads\AdAware117WebInstaller (1).exe
2015-07-16 18:24 - 2015-07-16 18:25 - 02024048 _____ C:\Users\i.grub\Downloads\AdAware117WebInstaller.exe
2015-07-15 19:40 - 2015-07-15 19:39 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-194050.backup
2015-07-15 17:44 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-15 17:26 - 2015-07-15 17:27 - 35679667 _____ C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209 (1).zip
2015-07-15 17:25 - 2015-07-15 17:25 - 00000000 ____D C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209
2015-07-15 17:24 - 2015-07-15 17:25 - 35679667 _____ C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209.zip
2015-07-15 17:19 - 2015-07-15 17:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4.exe
2015-07-15 17:19 - 2015-07-15 17:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (1).exe
2015-07-15 13:51 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 13:51 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 13:51 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 13:51 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 13:51 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 13:51 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 13:51 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 13:51 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 13:51 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 13:51 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 13:51 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 13:51 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 13:51 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 13:51 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 13:51 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 13:51 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 13:51 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 13:51 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 13:51 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 13:51 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 13:51 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:51 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 13:51 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 13:51 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 13:51 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 13:50 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 13:50 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 13:50 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 13:50 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 13:50 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 13:50 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 13:50 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 13:50 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 13:50 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 13:50 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 13:50 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 13:50 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 13:50 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 13:50 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 13:50 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 13:50 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 13:50 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 13:50 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 13:50 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 13:50 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 13:50 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 13:50 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 13:50 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 13:50 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 13:50 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 13:50 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 13:50 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 13:50 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 13:50 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 13:50 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 13:50 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 13:50 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 13:50 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 13:50 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 13:50 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 13:50 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 13:50 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 13:50 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 13:50 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 13:50 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 13:50 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 13:50 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 13:50 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 13:50 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 13:49 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:49 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 13:49 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 13:49 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 13:49 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 13:49 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 13:49 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 13:49 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 13:49 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 13:49 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 13:49 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 13:49 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 13:49 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 13:49 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 13:49 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 13:49 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 13:49 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:49 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:49 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 13:49 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 13:48 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 13:48 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 13:48 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 13:48 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 13:48 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 13:48 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:48 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 13:48 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 13:48 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 13:48 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 13:48 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 13:48 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 23:04 - 2015-07-14 23:05 - 00000000 ____D C:\Users\i.grub\Documents\Hacker-Angriff
2015-07-14 19:45 - 2015-07-14 19:45 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-14 19:45 - 2015-07-14 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-14 19:43 - 2015-07-14 19:45 - 00000000 ____D C:\Program Files\iTunes
2015-07-14 19:43 - 2015-07-14 19:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-14 19:43 - 2015-07-14 19:43 - 00000000 ____D C:\Program Files\iPod
2015-07-14 19:33 - 2015-07-14 19:34 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-14 19:33 - 2015-07-14 19:33 - 00001852 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-14 19:33 - 2015-07-14 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 18:11 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 18:11 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 18:04 - 2010-06-11 18:37 - 00000000 ____D C:\Users\i.grub
2015-07-23 17:56 - 2013-01-12 20:51 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-23 17:53 - 2013-03-10 21:04 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-23 17:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 17:41 - 2015-01-25 11:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 17:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-22 16:10 - 2011-10-19 15:42 - 00000000 ____D C:\Users\i.grub\AppData\Roaming\Aquamarin Haushaltsbuch
2015-07-22 15:49 - 2013-01-19 19:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-22 14:57 - 2011-02-14 13:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-22 14:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-22 14:29 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-21 16:56 - 2015-05-08 23:19 - 00000000 ____D C:\Users\i.grub\AppData\Roaming\Apple Computer
2015-07-20 18:07 - 2012-10-28 10:29 - 00000000 ____D C:\Users\i.grub\Documents\LDW
2015-07-20 18:06 - 2010-11-09 10:02 - 00000000 ____D C:\Users\i.grub\Divers
2015-07-19 10:26 - 2010-06-11 20:20 - 00002854 _____ C:\Users\i.grub\AppData\Roaming\wklnhst.dat
2015-07-17 07:44 - 2015-01-25 11:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 07:44 - 2015-01-25 11:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-17 07:44 - 2015-01-25 11:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-17 07:43 - 2014-08-21 16:54 - 00000000 ____D C:\Users\i.grub\AppData\Local\Adobe
2015-07-16 06:35 - 2015-04-07 22:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 06:35 - 2015-04-07 22:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 06:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 06:34 - 2014-12-11 07:45 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:34 - 2014-05-06 22:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 01:37 - 2009-09-11 10:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 01:25 - 2013-08-05 09:35 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 20:49 - 2014-12-14 23:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 20:47 - 2015-01-08 16:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:40 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150720-135921.backup
2015-07-14 19:43 - 2015-05-08 23:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-14 16:29 - 2015-01-24 16:52 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422111116
2015-07-14 16:29 - 2013-01-29 22:59 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 12:35 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-193959.backup
2015-07-13 21:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 14:08 - 2009-07-14 19:58 - 06740660 _____ C:\Windows\system32\perfh007.dat
2015-07-10 14:08 - 2009-07-14 19:58 - 02083118 _____ C:\Windows\system32\perfc007.dat
2015-07-10 14:08 - 2009-07-14 07:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 19:59 - 2010-10-11 21:36 - 00000000 ____D C:\Users\i.grub\Infos
2015-07-06 18:13 - 2014-08-08 12:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-06 18:13 - 2013-03-25 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-06 18:12 - 2013-03-25 17:56 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-03 08:43 - 2010-06-14 22:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 17:45 - 2015-05-08 23:16 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-30 00:15 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150714-123550.backup
2015-06-29 15:55 - 2015-04-26 10:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-27 16:17 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-23 13:57 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2010-06-11 20:20 - 2015-07-19 10:26 - 0002854 _____ () C:\Users\i.grub\AppData\Roaming\wklnhst.dat
2013-01-13 17:50 - 2009-08-27 12:09 - 0013264 _____ (Arcor Online GmbH) C:\Users\i.grub\AppData\Local\cmdial32.dll
2013-01-13 17:52 - 2015-04-26 20:28 - 0000022 _____ () C:\Users\i.grub\AppData\Local\cmdial32.ini
2012-04-15 19:18 - 2012-04-15 19:18 - 0003584 _____ () C:\Users\i.grub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-09 23:15 - 2011-01-09 23:15 - 0000017 _____ () C:\Users\i.grub\AppData\Local\resmon.resmoncfg
2013-08-05 13:48 - 2013-08-05 13:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-14 16:18 - 2015-02-14 16:18 - 0000004 _____ () C:\ProgramData\icw09hbs.inf

Some files in TEMP:
====================
C:\Users\i.grub\AppData\Local\Temp\avgnt.exe
C:\Users\i.grub\AppData\Local\Temp\Quarantine.exe
C:\Users\i.grub\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-22 17:32

==================== End of log ============================
         
Danke und Gruß,
igrub

Alt 24.07.2015, 06:56   #11
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.07.2015, 21:12   #12
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Hallo,
hier schon mal das Eset-Logfile:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=093a53318955d241a89c125300e8ec0e
# end=init
# utc_time=2015-07-24 01:42:22
# local_time=2015-07-24 03:42:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24959
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=093a53318955d241a89c125300e8ec0e
# end=updated
# utc_time=2015-07-24 01:48:40
# local_time=2015-07-24 03:48:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=093a53318955d241a89c125300e8ec0e
# engine=24959
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-24 06:00:01
# local_time=2015-07-24 08:00:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2855 189390651 0 0
# scanned=341299
# found=6
# cleaned=0
# scan_time=15080
sh=64AF96B24ECAB20B2B6073928BB12316DF5256FD ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung" ac=I fn="D:\igrub-TOSH\Backup Set 2015-01-11 210230\Backup Files 2015-02-01 224706\Backup files 1.zip"
sh=4B23EB9C01168038CC11E3E6E21E58506B3081E7 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung" ac=I fn="D:\igrub-TOSH\Backup Set 2015-01-11 210230\Backup Files 2015-02-22 190002\Backup files 2.zip"
sh=D88FB1555574B71242E51513A7E91060B0E7AE9E ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung" ac=I fn="D:\igrub-TOSH\Backup Set 2015-03-02 161608\Backup Files 2015-03-02 161608\Backup files 5.zip"
sh=81280EF1AB464E4D530280B9320D1DB8DEDD1B3D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung" ac=I fn="D:\igrub-TOSH\Backup Set 2015-04-19 191926\Backup Files 2015-04-19 191926\Backup files 4.zip"
sh=71388E55793210A37FD1B4ECCBFAC519111B7A91 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung" ac=I fn="D:\igrub-TOSH\Backup Set 2015-04-19 191926\Backup Files 2015-04-19 191926\Backup files 5.zip"
sh=FEEDA26CBD64B33C3C8D08F98F38E2086298D1EB ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.V evtl. unerwünschte Anwendung" ac=I fn="D:\igrub-TOSH\Backup Set 2015-06-21 190015\Backup Files 2015-06-21 190015\Backup files 5.zip"
         
anderes folgt,
Gruß
igrub

und hier SecurityCheck und FRST

Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Danke und Gruß,
igrub
Weitere Abbuchungen konnte ich (bis jetzt) verhindern

Alt 25.07.2015, 16:47   #13
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



verhindern?

das frische FRST log fehlt noch.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.07.2015, 13:08   #14
igrub
 
unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



hier das frische frst log
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
durchgeführt von i.grub (Administrator) auf IGRUB-TOSH (26-07-2015 14:02:36)
Gestartet von C:\Users\i.grub\Downloads
Geladene Profile: i.grub (Verfügbare Profile: i.grub & a.grub & Sarah & Fabian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.125\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-07-30] (Toshiba Europe GmbH)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Ocs_SM] => C:\Users\i.grub\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2010-10-15] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6070040 2013-04-23] (Piriform Ltd)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\a.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-14]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-07-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2011-05-19]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk [2013-08-05]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\i.grub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-11]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-06-20]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-4106851975-1791392289-4257475713-1003\User: Gruppenrichtline Beschränkung erkannt <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4106851975-1791392289-4257475713-1002\User: Gruppenrichtline Beschränkung erkannt <======= ATTENTION

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4106851975-1791392289-4257475713-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{02044DE9-D0E8-4D7A-B161-CCCB42A20904}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{07549D3A-D03E-4DF1-B049-BC57FFC4DACB}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4106851975-1791392289-4257475713-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\i.grub\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-26] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\i.grub\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2013-04-11] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-01-24] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-07-21] (Emsisoft GmbH)
R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2010-11-11] (GEAR Software Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-01-24] () [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-26 14:02 - 2015-07-26 14:02 - 00000000 ____D C:\Users\i.grub\Downloads\FRST-OlderVersion
2015-07-24 22:00 - 2015-07-24 22:00 - 00852662 _____ C:\Users\i.grub\Downloads\SecurityCheck.exe
2015-07-24 15:40 - 2015-07-24 15:41 - 02870984 _____ (ESET) C:\Users\i.grub\Downloads\esetsmartinstaller_deu.exe
2015-07-23 18:16 - 2015-07-23 18:16 - 00001224 _____ C:\Users\i.grub\Desktop\JRT.txt
2015-07-23 18:00 - 2015-07-23 18:00 - 01798288 _____ (Malwarebytes Corporation) C:\Users\i.grub\Downloads\JRT.exe
2015-07-23 17:45 - 2015-07-23 17:48 - 00000000 ____D C:\AdwCleaner
2015-07-23 17:44 - 2015-07-23 17:44 - 02248704 _____ C:\Users\i.grub\Downloads\AdwCleaner_4.208.exe
2015-07-23 17:42 - 2015-07-24 21:54 - 00000000 ____D C:\Users\i.grub\Antiviren-Suchlauf-Protokolle
2015-07-23 14:42 - 2015-07-23 14:45 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-23 14:41 - 2015-07-23 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-23 14:41 - 2015-07-23 14:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-23 14:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-23 14:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-23 14:38 - 2015-07-23 14:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\i.grub\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-22 16:06 - 2015-07-22 14:24 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20150722-160620.backup
2015-07-22 14:57 - 2015-07-22 14:57 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-22 14:57 - 2015-07-22 14:57 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-07-22 14:57 - 2015-07-22 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-22 14:57 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-07-22 14:55 - 2015-07-22 14:56 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (4).exe
2015-07-22 14:38 - 2015-07-22 14:38 - 00033639 _____ C:\ComboFix.txt
2015-07-22 14:31 - 2015-07-25 15:53 - 00307926 ____N C:\Windows\WindowsUpdate.log
2015-07-22 14:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-22 14:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-22 14:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-22 14:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-22 14:03 - 2015-07-22 14:38 - 00000000 ____D C:\Qoobox
2015-07-22 14:03 - 2015-07-22 14:34 - 00000000 ____D C:\Windows\erdnt
2015-07-22 14:01 - 2015-07-22 14:01 - 05632853 ____R (Swearware) C:\Users\i.grub\Downloads\ComboFix.exe
2015-07-21 21:22 - 2015-07-21 21:22 - 00003148 _____ C:\EamClean.log
2015-07-21 20:55 - 2015-07-21 20:56 - 00000750 _____ C:\Users\i.grub\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-21 20:54 - 2015-07-21 22:09 - 00000000 ____D C:\EEK
2015-07-21 20:47 - 2015-07-21 20:52 - 162103944 _____ C:\Users\i.grub\Downloads\EmsisoftEmergencyKit.exe
2015-07-21 19:28 - 2015-07-21 19:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\i.grub\Downloads\tdsskiller.exe
2015-07-21 18:38 - 2015-07-23 14:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-21 18:37 - 2015-07-26 14:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-21 18:37 - 2015-07-23 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-21 18:34 - 2015-07-21 19:26 - 00000000 ____D C:\Users\i.grub\Desktop\mbar
2015-07-21 18:34 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-21 18:33 - 2015-07-21 18:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\i.grub\Downloads\mbar-1.09.1.1004.exe
2015-07-21 17:58 - 2015-07-21 17:58 - 00014726 _____ C:\Users\i.grub\Downloads\Gmer.txt
2015-07-21 17:44 - 2015-07-21 17:44 - 00380416 _____ C:\Users\i.grub\Downloads\Gmer-19357.exe
2015-07-21 17:38 - 2015-07-21 17:42 - 00059724 _____ C:\Users\i.grub\Downloads\Addition.txt
2015-07-21 17:37 - 2015-07-26 14:02 - 00023387 _____ C:\Users\i.grub\Downloads\FRST.txt
2015-07-21 17:37 - 2015-07-26 14:02 - 00000000 ____D C:\FRST
2015-07-21 17:36 - 2015-07-26 14:02 - 02146816 _____ (Farbar) C:\Users\i.grub\Downloads\FRST64.exe
2015-07-21 17:31 - 2015-07-21 18:01 - 00000474 _____ C:\Users\i.grub\Downloads\defogger_disable.log
2015-07-21 17:31 - 2015-07-21 17:31 - 00050477 _____ C:\Users\i.grub\Downloads\Defogger.exe
2015-07-21 17:31 - 2015-07-21 17:31 - 00000000 _____ C:\Users\i.grub\defogger_reenable
2015-07-21 07:23 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 07:23 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:23 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 07:23 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 07:23 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 07:23 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 07:35 - 2015-07-17 07:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (2).exe
2015-07-16 18:42 - 2015-07-16 18:42 - 19198128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-16 18:37 - 2015-07-16 18:37 - 00000000 ____D C:\searchplugins
2015-07-16 18:35 - 2015-07-16 19:08 - 00002968 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-16 18:35 - 2015-07-16 19:08 - 00002968 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-07-16 18:35 - 2015-06-08 14:13 - 00428880 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-07-16 18:35 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-07-16 18:30 - 2015-07-17 07:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-16 18:25 - 2015-07-16 18:25 - 02024048 _____ C:\Users\i.grub\Downloads\AdAware117WebInstaller (1).exe
2015-07-16 18:24 - 2015-07-16 18:25 - 02024048 _____ C:\Users\i.grub\Downloads\AdAware117WebInstaller.exe
2015-07-15 19:40 - 2015-07-15 19:39 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-194050.backup
2015-07-15 17:44 - 2015-06-23 13:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-15 17:26 - 2015-07-15 17:27 - 35679667 _____ C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209 (1).zip
2015-07-15 17:25 - 2015-07-15 17:25 - 00000000 ____D C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209
2015-07-15 17:24 - 2015-07-15 17:25 - 35679667 _____ C:\Users\i.grub\Downloads\Flashplayer_Windows_18.0.0.209.zip
2015-07-15 17:19 - 2015-07-15 17:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4.exe
2015-07-15 17:19 - 2015-07-15 17:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\i.grub\Downloads\spybot-2.4 (1).exe
2015-07-15 13:51 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 13:51 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 13:51 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 13:51 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 13:51 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 13:51 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 13:51 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 13:51 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 13:51 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 13:51 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 13:51 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 13:51 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 13:51 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 13:51 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 13:51 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 13:51 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 13:51 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 13:51 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 13:51 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 13:51 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 13:51 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 13:51 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 13:51 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:51 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 13:51 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 13:51 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 13:51 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 13:50 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 13:50 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 13:50 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 13:50 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 13:50 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 13:50 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 13:50 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 13:50 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 13:50 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 13:50 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 13:50 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 13:50 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 13:50 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 13:50 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 13:50 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 13:50 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 13:50 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 13:50 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 13:50 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 13:50 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 13:50 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 13:50 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 13:50 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 13:50 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 13:50 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 13:50 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 13:50 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 13:50 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 13:50 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 13:50 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 13:50 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 13:50 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 13:50 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 13:50 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 13:50 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 13:50 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 13:50 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 13:50 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 13:50 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 13:50 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 13:50 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 13:50 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 13:50 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 13:50 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 13:49 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:49 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 13:49 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 13:49 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 13:49 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 13:49 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 13:49 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 13:49 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 13:49 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 13:49 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 13:49 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 13:49 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 13:49 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 13:49 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 13:49 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 13:49 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 13:49 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 13:49 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 13:49 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 13:49 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:49 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:49 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 13:49 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 13:49 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 13:49 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 13:48 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 13:48 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 13:48 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 13:48 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 13:48 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 13:48 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 13:48 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 13:48 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:48 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 13:48 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 13:48 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 13:48 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 13:48 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 13:48 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 23:04 - 2015-07-14 23:05 - 00000000 ____D C:\Users\i.grub\Documents\Hacker-Angriff
2015-07-14 19:45 - 2015-07-14 19:45 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-14 19:45 - 2015-07-14 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-14 19:43 - 2015-07-14 19:45 - 00000000 ____D C:\Program Files\iTunes
2015-07-14 19:43 - 2015-07-14 19:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-14 19:43 - 2015-07-14 19:43 - 00000000 ____D C:\Program Files\iPod
2015-07-14 19:33 - 2015-07-14 19:34 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-14 19:33 - 2015-07-14 19:33 - 00001852 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-14 19:33 - 2015-07-14 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-26 13:55 - 2013-01-12 20:51 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-26 13:52 - 2013-03-10 21:04 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-26 13:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 15:53 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 15:53 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 15:48 - 2015-01-25 11:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 10:34 - 2015-04-07 22:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 15:43 - 2009-07-14 19:58 - 06770244 _____ C:\Windows\system32\perfh007.dat
2015-07-24 15:43 - 2009-07-14 19:58 - 02092590 _____ C:\Windows\system32\perfc007.dat
2015-07-24 15:43 - 2009-07-14 07:13 - 00006492 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-23 19:42 - 2010-06-11 20:20 - 00002854 _____ C:\Users\i.grub\AppData\Roaming\wklnhst.dat
2015-07-23 18:04 - 2010-06-11 18:37 - 00000000 ____D C:\Users\i.grub
2015-07-22 17:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-22 16:10 - 2011-10-19 15:42 - 00000000 ____D C:\Users\i.grub\AppData\Roaming\Aquamarin Haushaltsbuch
2015-07-22 15:49 - 2013-01-19 19:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-22 14:57 - 2011-02-14 13:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-22 14:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-22 14:29 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-21 16:56 - 2015-05-08 23:19 - 00000000 ____D C:\Users\i.grub\AppData\Roaming\Apple Computer
2015-07-20 18:07 - 2012-10-28 10:29 - 00000000 ____D C:\Users\i.grub\Documents\LDW
2015-07-20 18:06 - 2010-11-09 10:02 - 00000000 ____D C:\Users\i.grub\Divers
2015-07-17 07:44 - 2015-01-25 11:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 07:44 - 2015-01-25 11:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-17 07:44 - 2015-01-25 11:23 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-17 07:43 - 2014-08-21 16:54 - 00000000 ____D C:\Users\i.grub\AppData\Local\Adobe
2015-07-16 06:35 - 2015-04-07 22:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 06:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 06:34 - 2014-12-11 07:45 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 06:34 - 2014-05-06 22:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 01:37 - 2009-09-11 10:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 01:25 - 2013-08-05 09:35 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 20:49 - 2014-12-14 23:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 20:47 - 2015-01-08 16:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:40 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150720-135921.backup
2015-07-14 19:43 - 2015-05-08 23:09 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-14 16:29 - 2015-01-24 16:52 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422111116
2015-07-14 16:29 - 2013-01-29 22:59 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 12:35 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-193959.backup
2015-07-13 21:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-09 19:59 - 2010-10-11 21:36 - 00000000 ____D C:\Users\i.grub\Infos
2015-07-06 18:13 - 2014-08-08 12:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-06 18:13 - 2013-03-25 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-06 18:12 - 2013-03-25 17:56 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-03 08:43 - 2010-06-14 22:04 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 17:45 - 2015-05-08 23:16 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-30 00:15 - 2009-07-14 04:34 - 00450933 ____R C:\Windows\system32\Drivers\etc\hosts.20150714-123550.backup
2015-06-29 15:55 - 2015-04-26 10:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-27 16:17 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-06-11 20:20 - 2015-07-23 19:42 - 0002854 _____ () C:\Users\i.grub\AppData\Roaming\wklnhst.dat
2013-01-13 17:50 - 2009-08-27 12:09 - 0013264 _____ (Arcor Online GmbH) C:\Users\i.grub\AppData\Local\cmdial32.dll
2013-01-13 17:52 - 2015-04-26 20:28 - 0000022 _____ () C:\Users\i.grub\AppData\Local\cmdial32.ini
2012-04-15 19:18 - 2012-04-15 19:18 - 0003584 _____ () C:\Users\i.grub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-09 23:15 - 2011-01-09 23:15 - 0000017 _____ () C:\Users\i.grub\AppData\Local\resmon.resmoncfg
2013-08-05 13:48 - 2013-08-05 13:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-14 16:18 - 2015-02-14 16:18 - 0000004 _____ () C:\ProgramData\icw09hbs.inf

Einige Dateien in TEMP:
====================
C:\Users\i.grub\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-22 17:32

==================== Ende von log ============================
         
verhindern insofern, als ich offene Vorgänge auf paypal noch stornieren und das Konto dann sperren lassen konnte.
Gruß,
igrub

Alt 27.07.2015, 06:36   #15
schrauber
/// the machine
/// TB-Ausbilder
 

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - Standard

unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-



Aber es kam nix neues dazu?


Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Alle Zugänge und Passwörter ändern, dann mal beobachten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-
adware, alert, anbieter, antivirus, anzeige, avira, befindet, browser, canon, computer, daten, defender, diverse, einloggen, erhalte, excel, explorer, festgestellt, flash player, gen, grub, help, iexplore.exe, internet, internet explorer, kontaktiert, monitor, officejet, passwort, passwörter, problem, programme, safer networking, scan, security, server, software, sperre, sperren, spybot, system, tcp, udp, unbekannt, usb, verdacht, verdächtige, versandhändler, virus, web companion, windows, wlan




Ähnliche Themen: unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-


  1. Danke an COSINUS betr. "Online-Banking-Account gesperrt - Verdacht auf Trojaner"
    Lob, Kritik und Wünsche - 06.09.2015 (1)
  2. Windows 7 x64, Avast blockiert im sekundentakt werbung, Google chrome erweiterung "Unisiallees" unbekannt nicht löschbar
    Log-Analyse und Auswertung - 22.01.2015 (17)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. netwars Teil 5: "Die Industrie der Angst" auf heise online
    Nachrichten - 27.04.2014 (0)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Online Banking – Sicherheitsabfrage und andere Probleme - laut Kripo "guter Virus"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (17)
  7. Verdacht auf "google redirect virus"
    Log-Analyse und Auswertung - 29.01.2013 (7)
  8. "js/expack.th" gefunden und in quarantäne / dateiendung unbekannt? / weiteres Vorgehen?
    Log-Analyse und Auswertung - 19.10.2012 (5)
  9. Computer von "info@online-cyber-polizei" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  10. Computer von "info@online-cyber-polizei" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (15)
  11. Malware-Code "online-alles.net" in HTML-Seiten - Trojaner? --- Teil 1: Bürorechner
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (8)
  12. Malware-Code "online-alles.net" in HTML-Seiten - Trojaner? --- Teil 2: Laptop
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (5)
  13. Sparkasse Online Banking Meldung "Ihrer Computer wird identifiziert..."
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (6)
  14. Mit "My Computer Online Scan" infiziert?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (25)
  15. Strafanzeige gegen "Unbekannt" bei Vireninfektion?
    Diskussionsforum - 23.12.2009 (10)
  16. "gutmütiger" Trojaner - online in "befreundeten" pc einloggen
    Alles rund um Windows - 19.10.2007 (5)
  17. Hijack zeigt diese Programme als "unbekannt" - Was sind das für welche?
    Plagegeister aller Art und deren Bekämpfung - 01.02.2005 (4)

Zum Thema unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- - - unberechtigte Buchungen auf Online-Konten festgestellt; unberechtigte Rechnungen erhalten; - unberechtigte Abbuchungen auf Bank-Konto (über Lastschriftermächtigungen); - teilweise kein Einloggen auf den Online-Konten von diversen Anbietern (mit eMail-Adresse und "altem" - unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I-...
Archiv
Du betrachtest: unberechtigte Zugriffe von Unbekannt auf Online-Konten bei Versandhändlern; Verdacht auf "Ausspäh-Virus" auf Computer - Teil I- auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.