Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Notebook soll Junkmails verschicken

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.09.2015, 20:15   #1
hanns-robert
 
Windows 7: Notebook soll Junkmails verschicken - Icon17

Windows 7: Notebook soll Junkmails verschicken



hallo,
habe heute einen anruf von windowsoft.net erhalten mit dem hinweis, dass mein notebook als junkmailversender identifiziert wurde. nach 30 minuten indischem englisch habe ich das gespräch abgebrochen.
fakt ist aber, dass ich probleme beim starten meines notebook habe, da es die ersten 15-20 minuten praktisch durch andere prozesse komplett blockiert ist. erst danach ist es nutzbar. scanner nach viren, rootkits und malware blieben bislang ohne ergebnis. darum bin ich jetzt hier.
frage: ist mein notebook ein junkmailsender bzw. verseucht oder nicht?
vielen dank im voraus!
gruß
h-r

Code:
ATTFilter
 1: defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:22 on 01/09/2015 (hanns-robert)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
 2: first
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (01-09-2015 19:25:42)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert & admin (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files\Mozilla Firefox\updated\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-07-30] (SUPERAntiSpyware)
IFEO\excel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\gaaihodoc.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\gpdfdirect.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\iclouddrive.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\offdiag.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\pdfrouter.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1

Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1148431976-1086807397-2611512696-1003_classes] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF user.js: detected! => C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\user.js [2012-05-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
S4 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl1ab0d0d1; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{488E16AD-3C74-43FA-AF65-FF09C78A0ECB}\MpKsl1ab0d0d1.sys [39168 2015-09-01] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [30632 2015-06-04] (TuneUp Software)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-01 19:25 - 2015-09-01 19:25 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:18 - 2015-09-01 19:18 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-01 19:25 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:45 - 2015-09-01 19:04 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4.job
2015-09-01 16:44 - 2015-09-01 19:04 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785.job
2015-09-01 16:44 - 2015-09-01 16:44 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\SUPERAntiSpyware.com
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-01 16:44 - 2015-09-01 16:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-26 21:45 - 2015-08-26 21:45 - 00001376 _____ C:\Windows\PFRO.log
2015-08-25 19:07 - 2015-08-25 19:07 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 18:12 - 2015-09-01 19:04 - 00001187 _____ C:\Windows\setupact.log
2015-08-22 18:12 - 2015-08-22 18:12 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts
2015-08-03 17:15 - 2015-08-03 17:16 - 00000000 ____D C:\Users\hanns-robert\Downloads\hotel

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-09-01 19:21 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 19:20 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 19:19 - 2014-10-15 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 19:19 - 2014-08-20 20:12 - 01078570 _____ C:\Windows\WindowsUpdate.log
2015-09-01 19:16 - 2014-10-15 20:50 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 19:13 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 19:13 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-01 19:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-01 19:05 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-01 19:05 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-01 19:04 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 17:32 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-01 16:08 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-25 19:28 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-08-22 18:16 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 00:27 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 17:05 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995

Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\cct.dll
C:\Users\hanns-robert\AppData\Local\Temp\JavaIC.dll
C:\Users\hanns-robert\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\hanns-robert\AppData\Local\Temp\msscct32.dll
C:\Users\hanns-robert\AppData\Local\Temp\YSearchUtil.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-23 21:06

==================== Ende vom FRST.txt ============================
         
Code:
ATTFilter
 3: additions
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-01 19:27:08)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================


==================== Konten: =============================

admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version:  - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version:  - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version:  - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.353 - TuneUp Software) Hidden
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

10-08-2015 20:33:58 Windows Update
12-08-2015 16:28:02 Windows Update
14-08-2015 19:58:24 Windows Update
18-08-2015 10:07:25 Windows Update
22-08-2015 18:19:04 Windows Update
24-08-2015 11:54:00 Windows Update
27-08-2015 16:44:52 Windows Update
01-09-2015 16:08:07 Windows Update

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {19F7EA9E-EAF3-4149-826A-920CA16E34B1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {A117B4CF-7A58-4505-8288-87176FAC2669} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {FA1DDE7C-0804-4A96-B138-7CAC97E64852} - System32\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4f3e50bf-a388-4efe-8e8a-ae4393e94785.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ad4fad89-b24a-4565-8750-977379f468a4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00586040 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-07-17 19:34 - 2015-07-17 19:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1148431976-1086807397-2611512696-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe                                                                                                                                                                                                    
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"                                                                                                                                                                                                      
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"                                                                                                                                                                                                             

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2015 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 09:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2015 05:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2015 11:47:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 06:14:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 06:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0x6c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (08/18/2015 10:01:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2015 09:01:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (09/01/2015 07:21:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro

Error: (09/01/2015 04:22:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro

Error: (09/01/2015 04:13:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro

Error: (08/27/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/26/2015 10:08:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro

Error: (08/26/2015 09:50:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/25/2015 05:48:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro

Error: (08/24/2015 12:08:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro

Error: (08/24/2015 11:51:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/22/2015 06:23:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 60%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 810.52 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 2826.71 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:105.59 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
Code:
ATTFilter
 4: gmer
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-01 19:50:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 HITACHI_HTS542525K9SA00 rev.BBFZC3HP 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\hanns-robert\AppData\Local\Temp\kwdiipow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwReplaceKey + 1525                                                                                                                                                                                 82C6EB15 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                           82C8EEB2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                                                                                         section is writeable [0x90803340, 0x3EE217, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollRange                                                                                                                                           77608EC5 5 Bytes  JMP 0019A104 C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollInfo                                                                                                                                            77612DA3 5 Bytes  JMP 0019A097 C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollInfo                                                                                                                                            776148DA 5 Bytes  JMP 0019A13B C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollRange                                                                                                                                           7763045A 5 Bytes  JMP 0019A03A C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!SetScrollPos                                                                                                                                             776304BE 5 Bytes  JMP 0019A015 C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!GetScrollPos                                                                                                                                             77630E43 5 Bytes  JMP 0019A072 C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!EnableScrollBar                                                                                                                                          776319CE 5 Bytes  JMP 0019A16F C:\Program Files\CCleaner\CCleaner.exe
.text  C:\Program Files\CCleaner\CCleaner.exe[3468] USER32.dll!ShowScrollBar                                                                                                                                            77633C89 5 Bytes  JMP 0019A0CA C:\Program Files\CCleaner\CCleaner.exe

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1e4623d                                                                                                                                      
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1e4623d (not active ControlSet)                                                                                                                  
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll                                                                                      
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe      0x4C 0xFE 0xDB 0xB3 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\UseNeXT\UseNeXT.exe                            0xC4 0x5B 0xAE 0xC6 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\WINWORD.EXE          0x16 0xAE 0x8F 0x2F ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Duden\Duden Korrektor\WebUpdate.exe            0x80 0x73 0x55 0x3B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Duden\Duden Korrektor\Register.exe             0x81 0xA8 0x61 0x3B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\EXCEL.EXE            0xA3 0xA5 0x70 0xA8 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe                              0x8F 0xE1 0xF0 0x12 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe           0x54 0x3D 0x5F 0x16 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\PROGRA~1\MICROS~3\Office12\EXCEL.EXE                         0x37 0x8D 0x63 0x1D ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe                           0x50 0x90 0x8C 0x09 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe       0xCC 0xB4 0x6A 0xF9 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\mmc.exe                                     0xE8 0x9A 0x10 0x07 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll                                                                                           
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe           0x2B 0x59 0xBE 0xB2 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\KeePass Password Safe 2\KeePass.exe                 0x73 0x4E 0x0D 0x6B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe                                     0x53 0xD7 0xFB 0x02 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe         0xCA 0xA7 0xE1 0x9A ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe                      0x13 0xC5 0xEB 0x7B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe                         0xFC 0xCE 0x05 0xB5 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\CDBurnerXP\cdbxpp.exe                               0xE7 0xC3 0x04 0xF9 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe  0x3E 0xC7 0xA6 0x01 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe                                      0x49 0xDC 0xDC 0x9E ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe               0xAC 0xEE 0x0F 0x67 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe           0x0E 0xEF 0x80 0x88 ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe        0xC1 0xF3 0xBD 0xAB ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Final Draft 9\FDUpdateProgress.exe                  0x0C 0x72 0xC9 0xAC ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\$Windows.~BT\Sources\SetupHost.exe                                0xA9 0x53 0xA6 0x9B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe                              0xA1 0x04 0xE0 0x1F ...
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                                                                                                               
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@C3A57EE5                                                                                                                      511

---- EOF - GMER 2.1 ----
         

Alt 01.09.2015, 21:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



hi,

ich hoffe du hast den Anrufer nicht auf den Rechner gelassen.


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 02.09.2015, 00:48   #3
hanns-robert
 
Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



mbar ohne fund

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org

Database version:
  main:    v2015.09.01.05
  rootkit: v2015.08.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17959
hanns-robert :: hanns-robert-PC [administrator]

01.09.2015 22:03:15
mbar-log-2015-09-01 (22-03-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 385726
Time elapsed: 1 hour(s), 14 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSSKiller 1 suspicious threat: Quicktime

Code:
ATTFilter
00:31:54.0349 0x0dfc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
00:32:04.0255 0x0dfc  ============================================================
00:32:04.0255 0x0dfc  Current date / time: 2015/09/02 00:32:04.0255
00:32:04.0255 0x0dfc  SystemInfo:
00:32:04.0255 0x0dfc  
00:32:04.0255 0x0dfc  OS Version: 6.1.7601 ServicePack: 1.0
00:32:04.0255 0x0dfc  Product type: Workstation
00:32:04.0255 0x0dfc  ComputerName: hanns-robert-PC
00:32:04.0255 0x0dfc  UserName: hanns-robert
00:32:04.0255 0x0dfc  Windows directory: C:\Windows
00:32:04.0255 0x0dfc  System windows directory: C:\Windows
00:32:04.0255 0x0dfc  Processor architecture: Intel x86
00:32:04.0255 0x0dfc  Number of processors: 2
00:32:04.0255 0x0dfc  Page size: 0x1000
00:32:04.0255 0x0dfc  Boot type: Normal boot
00:32:04.0255 0x0dfc  ============================================================
00:32:08.0218 0x0dfc  KLMD registered as C:\Windows\system32\drivers\88498384.sys
00:32:09.0544 0x0dfc  System UUID: {EFBD3F7F-924C-2B15-28AC-CFEC0AAB0116}
00:32:10.0558 0x0dfc  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:32:10.0558 0x0dfc  ============================================================
00:32:10.0558 0x0dfc  \Device\Harddisk0\DR0:
00:32:10.0573 0x0dfc  MBR partitions:
00:32:10.0573 0x0dfc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C5000
00:32:10.0573 0x0dfc  ============================================================
00:32:10.0604 0x0dfc  C: <-> \Device\Harddisk0\DR0\Partition1
00:32:10.0604 0x0dfc  ============================================================
00:32:10.0604 0x0dfc  Initialize success
00:32:10.0604 0x0dfc  ============================================================
00:32:16.0642 0x08b8  ============================================================
00:32:16.0642 0x08b8  Scan started
00:32:16.0642 0x08b8  Mode: Manual; SigCheck; TDLFS; 
00:32:16.0642 0x08b8  ============================================================
00:32:16.0642 0x08b8  KSN ping started
00:32:17.0734 0x08b8  KSN ping finished: true
00:32:19.0294 0x08b8  ================ Scan system memory ========================
00:32:19.0294 0x08b8  System memory - ok
00:32:19.0294 0x08b8  ================ Scan services =============================
00:32:19.0559 0x08b8  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
00:32:19.0652 0x08b8  1394ohci - ok
00:32:19.0746 0x08b8  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:32:19.0762 0x08b8  ACPI - ok
00:32:19.0808 0x08b8  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:32:19.0886 0x08b8  AcpiPmi - ok
00:32:20.0074 0x08b8  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
00:32:20.0089 0x08b8  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
00:32:21.0228 0x08b8  Detect skipped due to KSN trusted
00:32:21.0228 0x08b8  Adobe LM Service - ok
00:32:21.0337 0x08b8  [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:21.0368 0x08b8  AdobeFlashPlayerUpdateSvc - ok
00:32:21.0415 0x08b8  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:32:21.0446 0x08b8  adp94xx - ok
00:32:21.0478 0x08b8  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:32:21.0509 0x08b8  adpahci - ok
00:32:21.0524 0x08b8  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:32:21.0540 0x08b8  adpu320 - ok
00:32:21.0571 0x08b8  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:32:21.0618 0x08b8  AeLookupSvc - ok
00:32:21.0696 0x08b8  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
00:32:21.0743 0x08b8  AFD - ok
00:32:21.0868 0x08b8  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
00:32:21.0930 0x08b8  AgereSoftModem - ok
00:32:21.0977 0x08b8  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
00:32:22.0008 0x08b8  agp440 - ok
00:32:22.0024 0x08b8  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
00:32:22.0039 0x08b8  aic78xx - ok
00:32:22.0102 0x08b8  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
00:32:22.0148 0x08b8  ALG - ok
00:32:22.0180 0x08b8  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:32:22.0195 0x08b8  aliide - ok
00:32:22.0242 0x08b8  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:32:22.0242 0x08b8  amdagp - ok
00:32:22.0258 0x08b8  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:32:22.0273 0x08b8  amdide - ok
00:32:22.0304 0x08b8  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:32:22.0320 0x08b8  AmdK8 - ok
00:32:22.0336 0x08b8  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:32:22.0351 0x08b8  AmdPPM - ok
00:32:22.0414 0x08b8  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:32:22.0429 0x08b8  amdsata - ok
00:32:22.0460 0x08b8  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:32:22.0476 0x08b8  amdsbs - ok
00:32:22.0523 0x08b8  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:32:22.0554 0x08b8  amdxata - ok
00:32:22.0601 0x08b8  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
00:32:22.0648 0x08b8  AppID - ok
00:32:22.0663 0x08b8  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:32:22.0679 0x08b8  AppIDSvc - ok
00:32:22.0710 0x08b8  [ 530195DA0D84D9855020F2B80D6B267F, AB36F05991530437C7B3F25441B13BC085000F07579964A4CCA0BF029DD6DE7E ] Appinfo         C:\Windows\System32\appinfo.dll
00:32:22.0757 0x08b8  Appinfo - ok
00:32:22.0913 0x08b8  [ 2F2BD5EFFA8E91295F4DB493D85534B5, FF6758DC06751028960C9A165767EDAD78B2868599D1A01CAC8108E1699A92DE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:32:22.0928 0x08b8  Apple Mobile Device - ok
00:32:22.0975 0x08b8  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:32:23.0038 0x08b8  AppMgmt - ok
00:32:23.0084 0x08b8  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
00:32:23.0116 0x08b8  arc - ok
00:32:23.0131 0x08b8  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:32:23.0147 0x08b8  arcsas - ok
00:32:23.0318 0x08b8  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:32:23.0334 0x08b8  aspnet_state - ok
00:32:23.0396 0x08b8  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:32:23.0474 0x08b8  AsyncMac - ok
00:32:23.0521 0x08b8  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:32:23.0537 0x08b8  atapi - ok
00:32:23.0615 0x08b8  [ 6F718D6616E50FBCA64249755B7A1D2F, 0D243E50D9BEB23A1F894AAC4F97FB44E81C4377362AAB0394D066CAFA353742 ] ATSwpWDF        C:\Windows\system32\DRIVERS\ATSwpWDF.sys
00:32:23.0662 0x08b8  ATSwpWDF - ok
00:32:23.0740 0x08b8  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:32:23.0786 0x08b8  AudioEndpointBuilder - ok
00:32:23.0802 0x08b8  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:32:23.0833 0x08b8  Audiosrv - ok
00:32:23.0864 0x08b8  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:32:23.0911 0x08b8  AxInstSV - ok
00:32:23.0989 0x08b8  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
00:32:24.0036 0x08b8  b06bdrv - ok
00:32:24.0098 0x08b8  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
00:32:24.0145 0x08b8  b57nd60x - ok
00:32:24.0208 0x08b8  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
00:32:24.0239 0x08b8  BDESVC - ok
00:32:24.0270 0x08b8  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:32:24.0317 0x08b8  Beep - ok
00:32:24.0379 0x08b8  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
00:32:24.0410 0x08b8  BFE - ok
00:32:24.0457 0x08b8  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
00:32:24.0644 0x08b8  BITS - ok
00:32:24.0676 0x08b8  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:32:24.0691 0x08b8  blbdrive - ok
00:32:24.0800 0x08b8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:32:24.0847 0x08b8  Bonjour Service - ok
00:32:24.0910 0x08b8  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:32:24.0972 0x08b8  bowser - ok
00:32:25.0003 0x08b8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:32:25.0019 0x08b8  BrFiltLo - ok
00:32:25.0034 0x08b8  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:32:25.0050 0x08b8  BrFiltUp - ok
00:32:25.0081 0x08b8  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
00:32:25.0097 0x08b8  Browser - ok
00:32:25.0128 0x08b8  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:32:25.0175 0x08b8  Brserid - ok
00:32:25.0190 0x08b8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:32:25.0206 0x08b8  BrSerWdm - ok
00:32:25.0222 0x08b8  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:32:25.0237 0x08b8  BrUsbMdm - ok
00:32:25.0253 0x08b8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:32:25.0268 0x08b8  BrUsbSer - ok
00:32:25.0362 0x08b8  [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
00:32:25.0518 0x08b8  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
00:32:26.0641 0x08b8  Detect skipped due to KSN trusted
00:32:26.0641 0x08b8  BrYNSvc - ok
00:32:26.0704 0x08b8  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
00:32:26.0766 0x08b8  BthEnum - ok
00:32:26.0782 0x08b8  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:32:26.0797 0x08b8  BTHMODEM - ok
00:32:26.0828 0x08b8  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:32:26.0844 0x08b8  BthPan - ok
00:32:26.0875 0x08b8  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
00:32:26.0906 0x08b8  BTHPORT - ok
00:32:26.0938 0x08b8  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
00:32:26.0953 0x08b8  bthserv - ok
00:32:27.0000 0x08b8  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
00:32:27.0000 0x08b8  BTHUSB - ok
00:32:27.0031 0x08b8  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:32:27.0062 0x08b8  cdfs - ok
00:32:27.0140 0x08b8  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:32:27.0172 0x08b8  cdrom - ok
00:32:27.0234 0x08b8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:32:27.0265 0x08b8  CertPropSvc - ok
00:32:27.0281 0x08b8  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:32:27.0296 0x08b8  circlass - ok
00:32:27.0328 0x08b8  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
00:32:27.0359 0x08b8  CLFS - ok
00:32:27.0437 0x08b8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:32:27.0452 0x08b8  clr_optimization_v2.0.50727_32 - ok
00:32:27.0499 0x08b8  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:32:27.0515 0x08b8  clr_optimization_v4.0.30319_32 - ok
00:32:27.0546 0x08b8  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:32:27.0608 0x08b8  CmBatt - ok
00:32:27.0640 0x08b8  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:32:27.0655 0x08b8  cmdide - ok
00:32:27.0827 0x08b8  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
00:32:27.0874 0x08b8  CNG - ok
00:32:27.0920 0x08b8  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:32:27.0952 0x08b8  Compbatt - ok
00:32:28.0014 0x08b8  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:32:28.0061 0x08b8  CompositeBus - ok
00:32:28.0092 0x08b8  COMSysApp - ok
00:32:28.0108 0x08b8  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:32:28.0139 0x08b8  crcdisk - ok
00:32:28.0186 0x08b8  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:32:28.0217 0x08b8  CryptSvc - ok
00:32:28.0310 0x08b8  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
00:32:28.0373 0x08b8  CSC - ok
00:32:28.0420 0x08b8  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
00:32:28.0451 0x08b8  CscService - ok
00:32:28.0529 0x08b8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:32:28.0591 0x08b8  DcomLaunch - ok
00:32:28.0669 0x08b8  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
00:32:28.0778 0x08b8  defragsvc - ok
00:32:28.0810 0x08b8  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:32:28.0841 0x08b8  DfsC - ok
00:32:28.0919 0x08b8  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:32:28.0966 0x08b8  Dhcp - ok
00:32:29.0153 0x08b8  [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack       C:\Windows\system32\diagtrack.dll
00:32:29.0215 0x08b8  DiagTrack - ok
00:32:29.0278 0x08b8  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
00:32:29.0309 0x08b8  discache - ok
00:32:29.0387 0x08b8  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
00:32:29.0418 0x08b8  Disk - ok
00:32:29.0465 0x08b8  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
00:32:29.0496 0x08b8  dmvsc - ok
00:32:29.0558 0x08b8  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:32:29.0590 0x08b8  Dnscache - ok
00:32:29.0605 0x08b8  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:32:29.0652 0x08b8  dot3svc - ok
00:32:29.0668 0x08b8  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
00:32:29.0714 0x08b8  DPS - ok
00:32:29.0746 0x08b8  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:32:29.0777 0x08b8  drmkaud - ok
00:32:29.0824 0x08b8  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:32:29.0870 0x08b8  DXGKrnl - ok
00:32:29.0902 0x08b8  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
00:32:29.0933 0x08b8  EapHost - ok
00:32:30.0089 0x08b8  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
00:32:30.0260 0x08b8  ebdrv - ok
00:32:30.0307 0x08b8  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] EFS             C:\Windows\System32\lsass.exe
00:32:30.0323 0x08b8  EFS - ok
00:32:30.0432 0x08b8  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:32:30.0494 0x08b8  ehRecvr - ok
00:32:30.0510 0x08b8  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
00:32:30.0526 0x08b8  ehSched - ok
00:32:30.0572 0x08b8  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:32:30.0588 0x08b8  elxstor - ok
00:32:30.0619 0x08b8  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:32:30.0635 0x08b8  ErrDev - ok
00:32:30.0682 0x08b8  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
00:32:30.0713 0x08b8  EventSystem - ok
00:32:30.0744 0x08b8  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:32:30.0775 0x08b8  exfat - ok
00:32:30.0806 0x08b8  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:32:30.0838 0x08b8  fastfat - ok
00:32:30.0884 0x08b8  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
00:32:30.0916 0x08b8  Fax - ok
00:32:30.0947 0x08b8  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
00:32:30.0962 0x08b8  fdc - ok
00:32:30.0994 0x08b8  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
00:32:31.0025 0x08b8  fdPHost - ok
00:32:31.0025 0x08b8  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:32:31.0056 0x08b8  FDResPub - ok
00:32:31.0103 0x08b8  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:32:31.0134 0x08b8  FileInfo - ok
00:32:31.0165 0x08b8  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:32:31.0212 0x08b8  Filetrace - ok
00:32:31.0399 0x08b8  [ 21485C51A6C0DC3D096A96428455AE0C, A14E242504B198F3A27F5C6D5CDA467CF0CE52AA723D70CB3A038B7A8716995B ] FlexNet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:32:31.0524 0x08b8  FlexNet Licensing Service - ok
00:32:31.0571 0x08b8  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:32:31.0602 0x08b8  flpydisk - ok
00:32:31.0680 0x08b8  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:32:31.0696 0x08b8  FltMgr - ok
00:32:31.0820 0x08b8  [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache       C:\Windows\system32\FntCache.dll
00:32:31.0883 0x08b8  FontCache - ok
00:32:31.0992 0x08b8  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:32:32.0023 0x08b8  FontCache3.0.0.0 - ok
00:32:32.0039 0x08b8  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:32:32.0054 0x08b8  FsDepends - ok
00:32:32.0086 0x08b8  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:32:32.0086 0x08b8  Fs_Rec - ok
00:32:32.0148 0x08b8  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:32:32.0179 0x08b8  fvevol - ok
00:32:32.0242 0x08b8  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:32:32.0257 0x08b8  gagp30kx - ok
00:32:32.0304 0x08b8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:32:32.0320 0x08b8  GEARAspiWDM - ok
00:32:32.0398 0x08b8  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:32:32.0444 0x08b8  gpsvc - ok
00:32:32.0476 0x08b8  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:32:32.0507 0x08b8  hcw85cir - ok
00:32:32.0569 0x08b8  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:32:32.0585 0x08b8  HdAudAddService - ok
00:32:32.0647 0x08b8  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:32:32.0694 0x08b8  HDAudBus - ok
00:32:32.0710 0x08b8  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:32:32.0725 0x08b8  HidBatt - ok
00:32:32.0756 0x08b8  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:32:32.0788 0x08b8  HidBth - ok
00:32:32.0803 0x08b8  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:32:32.0819 0x08b8  HidIr - ok
00:32:32.0850 0x08b8  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
00:32:32.0881 0x08b8  hidserv - ok
00:32:32.0912 0x08b8  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:32:32.0944 0x08b8  HidUsb - ok
00:32:32.0975 0x08b8  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:32:33.0006 0x08b8  hkmsvc - ok
00:32:33.0022 0x08b8  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:32:33.0053 0x08b8  HomeGroupListener - ok
00:32:33.0084 0x08b8  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:32:33.0115 0x08b8  HomeGroupProvider - ok
00:32:33.0146 0x08b8  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:32:33.0162 0x08b8  HpSAMD - ok
00:32:33.0240 0x08b8  [ 950CC1E6AE3A6CD23E0945CDE089B02C, C242AE9F21FE7FBC269BD11BDD3346936626DA15596561B527EF20CFAEF77055 ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
00:32:33.0240 0x08b8  HTCAND32 - detected UnsignedFile.Multi.Generic ( 1 )
00:32:34.0363 0x08b8  Detect skipped due to KSN trusted
00:32:34.0363 0x08b8  HTCAND32 - ok
00:32:34.0441 0x08b8  [ 339ADEFAD60353F960E3CA67CE468C24, AF0953ACBE2CA6466595A31349DBF96452DEF2633FD279E8F2B59A3767B89AFC ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
00:32:34.0488 0x08b8  htcnprot - ok
00:32:34.0550 0x08b8  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:32:34.0628 0x08b8  HTTP - ok
00:32:34.0691 0x08b8  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:32:34.0738 0x08b8  hwpolicy - ok
00:32:34.0800 0x08b8  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:32:34.0831 0x08b8  i8042prt - ok
00:32:34.0909 0x08b8  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:32:34.0956 0x08b8  iaStorV - ok
00:32:35.0299 0x08b8  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:32:35.0362 0x08b8  idsvc - ok
00:32:35.0408 0x08b8  IEEtwCollectorService - ok
00:32:35.0502 0x08b8  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:32:35.0549 0x08b8  iirsp - ok
00:32:35.0642 0x08b8  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:32:35.0689 0x08b8  IKEEXT - ok
00:32:35.0767 0x08b8  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:32:35.0798 0x08b8  intelide - ok
00:32:35.0861 0x08b8  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:32:35.0908 0x08b8  intelppm - ok
00:32:35.0939 0x08b8  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:32:36.0001 0x08b8  IPBusEnum - ok
00:32:36.0032 0x08b8  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:32:36.0110 0x08b8  IpFilterDriver - ok
00:32:36.0173 0x08b8  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:32:36.0220 0x08b8  iphlpsvc - ok
00:32:36.0235 0x08b8  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:32:36.0251 0x08b8  IPMIDRV - ok
00:32:36.0313 0x08b8  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:32:36.0360 0x08b8  IPNAT - ok
00:32:36.0516 0x08b8  [ 1AA479D2A100ACFDE3A7B7B2D6E53DC0, 487714C233A93F2DCE7AD443CEA61B60B35D6131C79DE0A9C1A614BCB3B97391 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:32:36.0547 0x08b8  iPod Service - ok
00:32:36.0594 0x08b8  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:32:36.0625 0x08b8  IRENUM - ok
00:32:36.0656 0x08b8  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:32:36.0719 0x08b8  isapnp - ok
00:32:36.0766 0x08b8  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:32:36.0797 0x08b8  iScsiPrt - ok
00:32:36.0859 0x08b8  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:32:36.0890 0x08b8  kbdclass - ok
00:32:36.0937 0x08b8  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:32:36.0953 0x08b8  kbdhid - ok
00:32:36.0984 0x08b8  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] KeyIso          C:\Windows\system32\lsass.exe
00:32:37.0000 0x08b8  KeyIso - ok
00:32:37.0078 0x08b8  [ 48732BFA0C692BEC15DBBFE754E594C6, A39DD1181CF51534C18C2ECFE02E961363769482BAF9F206E57B014C5B246921 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:32:37.0109 0x08b8  KSecDD - ok
00:32:37.0140 0x08b8  [ 46B1F590C06AF25BCADCCAE0148C2074, 62447A906E5D7D20B3955A1EF99C971F1E0522A7D68C3D2C88EF174A5A5ECD29 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:32:37.0156 0x08b8  KSecPkg - ok
00:32:37.0234 0x08b8  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:32:37.0280 0x08b8  KtmRm - ok
00:32:37.0312 0x08b8  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:32:37.0343 0x08b8  LanmanServer - ok
00:32:37.0374 0x08b8  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:32:37.0405 0x08b8  LanmanWorkstation - ok
00:32:37.0468 0x08b8  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:32:37.0514 0x08b8  lltdio - ok
00:32:37.0546 0x08b8  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:32:37.0592 0x08b8  lltdsvc - ok
00:32:37.0624 0x08b8  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:32:37.0670 0x08b8  lmhosts - ok
00:32:37.0717 0x08b8  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:32:37.0764 0x08b8  LSI_FC - ok
00:32:37.0795 0x08b8  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:32:37.0811 0x08b8  LSI_SAS - ok
00:32:37.0842 0x08b8  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:32:37.0858 0x08b8  LSI_SAS2 - ok
00:32:37.0873 0x08b8  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:32:37.0889 0x08b8  LSI_SCSI - ok
00:32:37.0936 0x08b8  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:32:38.0014 0x08b8  luafv - ok
00:32:38.0060 0x08b8  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:32:38.0092 0x08b8  Mcx2Svc - ok
00:32:38.0123 0x08b8  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:32:38.0138 0x08b8  megasas - ok
00:32:38.0201 0x08b8  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:32:38.0248 0x08b8  MegaSR - ok
00:32:38.0263 0x08b8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
00:32:38.0294 0x08b8  MMCSS - ok
00:32:38.0341 0x08b8  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
00:32:38.0388 0x08b8  Modem - ok
00:32:38.0435 0x08b8  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:32:38.0450 0x08b8  monitor - ok
00:32:38.0497 0x08b8  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:32:38.0544 0x08b8  mouclass - ok
00:32:38.0575 0x08b8  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:32:38.0591 0x08b8  mouhid - ok
00:32:38.0606 0x08b8  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:32:38.0622 0x08b8  mountmgr - ok
00:32:38.0731 0x08b8  [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:32:38.0762 0x08b8  MozillaMaintenance - ok
00:32:38.0872 0x08b8  [ F112DA773EC3E9D3CDE9221ED300E033, 693C416B281DA3489C096812D0E4E0413C05798D36AF534624C3B29551CE68A4 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
00:32:38.0934 0x08b8  MpFilter - ok
00:32:38.0965 0x08b8  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:32:38.0997 0x08b8  mpio - ok
00:32:39.0418 0x08b8  [ BB7BB66A8DAF16950F83AE7BF498AF8F, A96FC3BE055C52B98E7ECDF68D69081620F829B04B5496C73D87F271E40EA638 ] MpKslf78dad13   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A6CE3B3-8FB2-44FA-9F5E-C490E4AED2A2}\MpKslf78dad13.sys
00:32:39.0449 0x08b8  MpKslf78dad13 - ok
00:32:39.0480 0x08b8  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:32:39.0527 0x08b8  mpsdrv - ok
00:32:39.0636 0x08b8  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:32:39.0683 0x08b8  MpsSvc - ok
00:32:39.0745 0x08b8  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:32:39.0870 0x08b8  MRxDAV - ok
00:32:39.0933 0x08b8  [ FEDAAB6716B44DE8B9EFC14DD9A26215, 765890CDEADF6851C5C9014D12422733D7E7833690F560B94AE2BE9E7E08F130 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:32:39.0995 0x08b8  mrxsmb - ok
00:32:40.0042 0x08b8  [ 77DD652AB8708CDB55FDB7073B868784, AC88E2BFFE3EC62269216FD1B52DA8D85AFD0AF3E69B7B876F531258977BA372 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:32:40.0089 0x08b8  mrxsmb10 - ok
00:32:40.0104 0x08b8  [ 4ACDB6414918D8920875B00B286E1FBC, 404F5AC75DFD7C5CEF08A8D2FC24CD806941BF2B16FF7BC3BECBEABCBFA1B64A ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:32:40.0120 0x08b8  mrxsmb20 - ok
00:32:40.0151 0x08b8  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:32:40.0167 0x08b8  msahci - ok
00:32:40.0198 0x08b8  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:32:40.0229 0x08b8  msdsm - ok
00:32:40.0245 0x08b8  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
00:32:40.0260 0x08b8  MSDTC - ok
00:32:40.0338 0x08b8  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:32:40.0385 0x08b8  Msfs - ok
00:32:40.0447 0x08b8  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:32:40.0525 0x08b8  mshidkmdf - ok
00:32:40.0572 0x08b8  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:32:40.0635 0x08b8  msisadrv - ok
00:32:40.0681 0x08b8  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:32:40.0759 0x08b8  MSiSCSI - ok
00:32:40.0759 0x08b8  msiserver - ok
00:32:40.0806 0x08b8  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:32:40.0853 0x08b8  MSKSSRV - ok
00:32:40.0978 0x08b8  [ CC09BB7FDEFC5763CCB3CF7DAE2D76CF, F8F00900EDBA2F64BF136DD0B6C83CAF07C72F24F3D49C78B7EA24757FDBC6D0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:32:41.0009 0x08b8  MsMpSvc - ok
00:32:41.0056 0x08b8  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:32:41.0087 0x08b8  MSPCLOCK - ok
00:32:41.0087 0x08b8  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:32:41.0118 0x08b8  MSPQM - ok
00:32:41.0165 0x08b8  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:32:41.0181 0x08b8  MsRPC - ok
00:32:41.0212 0x08b8  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:32:41.0212 0x08b8  mssmbios - ok
00:32:41.0243 0x08b8  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:32:41.0259 0x08b8  MSTEE - ok
00:32:41.0290 0x08b8  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:32:41.0305 0x08b8  MTConfig - ok
00:32:41.0337 0x08b8  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:32:41.0352 0x08b8  Mup - ok
00:32:41.0415 0x08b8  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
00:32:41.0446 0x08b8  napagent - ok
00:32:41.0477 0x08b8  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:32:41.0508 0x08b8  NativeWifiP - ok
00:32:41.0602 0x08b8  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:32:41.0664 0x08b8  NDIS - ok
00:32:41.0727 0x08b8  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:32:41.0758 0x08b8  NdisCap - ok
00:32:41.0805 0x08b8  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:32:41.0836 0x08b8  NdisTapi - ok
00:32:41.0883 0x08b8  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:32:41.0914 0x08b8  Ndisuio - ok
00:32:41.0945 0x08b8  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:32:41.0976 0x08b8  NdisWan - ok
00:32:41.0992 0x08b8  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:32:42.0023 0x08b8  NDProxy - ok
00:32:42.0023 0x08b8  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:32:42.0054 0x08b8  NetBIOS - ok
00:32:42.0132 0x08b8  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:32:42.0179 0x08b8  NetBT - ok
00:32:42.0210 0x08b8  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] Netlogon        C:\Windows\system32\lsass.exe
00:32:42.0226 0x08b8  Netlogon - ok
00:32:42.0288 0x08b8  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
00:32:42.0335 0x08b8  Netman - ok
00:32:42.0382 0x08b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0397 0x08b8  NetMsmqActivator - ok
00:32:42.0413 0x08b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0429 0x08b8  NetPipeActivator - ok
00:32:42.0460 0x08b8  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
00:32:42.0507 0x08b8  netprofm - ok
00:32:42.0522 0x08b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0538 0x08b8  NetTcpActivator - ok
00:32:42.0538 0x08b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:32:42.0553 0x08b8  NetTcpPortSharing - ok
00:32:42.0850 0x08b8  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
00:32:43.0162 0x08b8  netw5v32 - ok
00:32:43.0287 0x08b8  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:32:43.0318 0x08b8  nfrd960 - ok
00:32:43.0349 0x08b8  [ 780FF28BCD8470C5FDDEEF69982AA295, 1ED386E87E0AA733F23D554D2BF4EF4168DB9A419B7BA0BA8FBA20F118BE21DF ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:32:43.0365 0x08b8  NisDrv - ok
00:32:43.0396 0x08b8  [ 3FF257F54649D4F19E39263C5D581CD1, 1F201EEE770A452AA30C6270AAA456A77F9F3A102F473E12C22D3B8809932C1B ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
00:32:43.0427 0x08b8  NisSrv - ok
00:32:43.0458 0x08b8  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:32:43.0489 0x08b8  NlaSvc - ok
00:32:43.0521 0x08b8  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:32:43.0552 0x08b8  Npfs - ok
00:32:43.0599 0x08b8  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
00:32:43.0630 0x08b8  nsi - ok
00:32:43.0645 0x08b8  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:32:43.0677 0x08b8  nsiproxy - ok
00:32:43.0817 0x08b8  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:32:43.0879 0x08b8  Ntfs - ok
00:32:43.0926 0x08b8  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
00:32:43.0973 0x08b8  Null - ok
00:32:44.0035 0x08b8  [ 75833D803CD7875506536827ACC31A9A, 2F26967D45C778917A825654294BCBC7796DB3CB7DB3749BCE1AF50D015BD6B4 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
00:32:44.0098 0x08b8  nusb3hub - ok
00:32:44.0145 0x08b8  [ 7DD06524B89DD897CD043A28DB7B610D, EB720B04D6D085D7DCF8BD3CCCDA81FAD8A0958972C0BB72A38CB918754BC52A ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:32:44.0207 0x08b8  nusb3xhc - ok
00:32:44.0550 0x08b8  [ 05B288B25C2EBD9A4E9E5114AE790876, 84EFC4983DC1D679EC19E8A427B96351628CD3ECBF5D22CF1F7E984540D129A2 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:32:45.0003 0x08b8  nvlddmkm - ok
00:32:45.0065 0x08b8  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:32:45.0081 0x08b8  nvraid - ok
00:32:45.0096 0x08b8  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:32:45.0112 0x08b8  nvstor - ok
00:32:45.0159 0x08b8  [ E937A615D4289E83E234C3EC26092431, C7C1BFBBC2592AFC45F71AC6C474000AA4F4D2A1593D5075036EB3201E1E3C19 ] nvsvc           C:\Windows\system32\nvvsvc.exe
00:32:45.0174 0x08b8  nvsvc - ok
00:32:45.0190 0x08b8  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:32:45.0221 0x08b8  nv_agp - ok
00:32:45.0393 0x08b8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:32:45.0424 0x08b8  odserv - ok
00:32:45.0455 0x08b8  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:32:45.0471 0x08b8  ohci1394 - ok
00:32:45.0517 0x08b8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:32:45.0533 0x08b8  ose - ok
00:32:45.0564 0x08b8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:32:45.0611 0x08b8  p2pimsvc - ok
00:32:45.0658 0x08b8  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:32:45.0705 0x08b8  p2psvc - ok
00:32:45.0720 0x08b8  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
00:32:45.0736 0x08b8  Parport - ok
00:32:45.0798 0x08b8  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:32:45.0829 0x08b8  partmgr - ok
00:32:45.0845 0x08b8  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
00:32:45.0861 0x08b8  Parvdm - ok
00:32:45.0939 0x08b8  [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
00:32:45.0954 0x08b8  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
00:32:47.0155 0x08b8  Detect skipped due to KSN trusted
00:32:47.0155 0x08b8  PassThru Service - ok
00:32:47.0202 0x08b8  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:32:47.0280 0x08b8  PcaSvc - ok
00:32:47.0343 0x08b8  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
00:32:47.0374 0x08b8  pci - ok
00:32:47.0389 0x08b8  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:32:47.0405 0x08b8  pciide - ok
00:32:47.0452 0x08b8  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:32:47.0483 0x08b8  pcmcia - ok
00:32:47.0514 0x08b8  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:32:47.0530 0x08b8  pcw - ok
00:32:47.0639 0x08b8  [ 0BBA0B66C14AE56FCB516062395DE0B4, 42D16D9438234227E063ABBBD2A0B96ABEEE5591EAE61B6C4C9DEA334E738CB1 ] PDFProFiltSrv   C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
00:32:47.0655 0x08b8  PDFProFiltSrv - ok
00:32:47.0748 0x08b8  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:32:47.0795 0x08b8  PEAUTH - ok
00:32:47.0873 0x08b8  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:32:47.0920 0x08b8  PeerDistSvc - ok
00:32:48.0029 0x08b8  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
00:32:48.0107 0x08b8  pla - ok
00:32:48.0185 0x08b8  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:32:48.0247 0x08b8  PlugPlay - ok
00:32:48.0279 0x08b8  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:32:48.0294 0x08b8  PNRPAutoReg - ok
00:32:48.0310 0x08b8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:32:48.0341 0x08b8  PNRPsvc - ok
00:32:48.0466 0x08b8  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:32:48.0513 0x08b8  PolicyAgent - ok
00:32:48.0575 0x08b8  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
00:32:48.0622 0x08b8  Power - ok
00:32:48.0684 0x08b8  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:32:48.0731 0x08b8  PptpMiniport - ok
00:32:48.0762 0x08b8  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
00:32:48.0778 0x08b8  Processor - ok
00:32:48.0809 0x08b8  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:32:48.0840 0x08b8  ProfSvc - ok
00:32:48.0856 0x08b8  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] ProtectedStorage C:\Windows\system32\lsass.exe
00:32:48.0871 0x08b8  ProtectedStorage - ok
00:32:48.0934 0x08b8  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:32:48.0981 0x08b8  Psched - ok
00:32:49.0074 0x08b8  [ B6A1692FC131F1FE5162513D78A9B6FC, 193B12508E5D076B178AADDDA9BECB4F397307FB8D96B16540697D6E49D61C28 ] PxHelp20        C:\Windows\system32\drivers\PxHelp20.sys
00:32:49.0105 0x08b8  PxHelp20 - ok
00:32:49.0215 0x08b8  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:32:49.0277 0x08b8  ql2300 - ok
00:32:49.0308 0x08b8  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:32:49.0324 0x08b8  ql40xx - ok
00:32:49.0355 0x08b8  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
00:32:49.0386 0x08b8  QWAVE - ok
00:32:49.0402 0x08b8  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:32:49.0417 0x08b8  QWAVEdrv - ok
00:32:49.0433 0x08b8  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:32:49.0464 0x08b8  RasAcd - ok
00:32:49.0527 0x08b8  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:32:49.0558 0x08b8  RasAgileVpn - ok
00:32:49.0589 0x08b8  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
00:32:49.0620 0x08b8  RasAuto - ok
00:32:49.0636 0x08b8  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:32:49.0651 0x08b8  Rasl2tp - ok
00:32:49.0714 0x08b8  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
00:32:49.0745 0x08b8  RasMan - ok
00:32:49.0776 0x08b8  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:32:49.0807 0x08b8  RasPppoe - ok
00:32:49.0854 0x08b8  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:32:49.0917 0x08b8  RasSstp - ok
00:32:49.0948 0x08b8  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:32:49.0979 0x08b8  rdbss - ok
00:32:49.0995 0x08b8  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:32:50.0010 0x08b8  rdpbus - ok
00:32:50.0010 0x08b8  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:32:50.0041 0x08b8  RDPCDD - ok
00:32:50.0104 0x08b8  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:32:50.0151 0x08b8  RDPDR - ok
00:32:50.0151 0x08b8  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:32:50.0182 0x08b8  RDPENCDD - ok
00:32:50.0197 0x08b8  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:32:50.0213 0x08b8  RDPREFMP - ok
00:32:50.0260 0x08b8  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:32:50.0291 0x08b8  RdpVideoMiniport - ok
00:32:50.0322 0x08b8  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:32:50.0353 0x08b8  RDPWD - ok
00:32:50.0416 0x08b8  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:32:50.0447 0x08b8  rdyboost - ok
00:32:50.0494 0x08b8  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:32:50.0525 0x08b8  RemoteAccess - ok
00:32:50.0556 0x08b8  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:32:50.0587 0x08b8  RemoteRegistry - ok
00:32:50.0619 0x08b8  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:32:50.0634 0x08b8  RFCOMM - ok
00:32:50.0681 0x08b8  [ D65AC8797F0286ED269500747D6290A4, 7E264156FF5B8D9E39FEECC1D905C8E8E6E85206B7BFB7B49172167DA6F32884 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
00:32:50.0743 0x08b8  rimmptsk - ok
00:32:50.0759 0x08b8  [ 49EC82B44EB93374ED9988DA7E0E0151, 4F5C32D20F7B11080688B3E9E84BAF9253D4027C36294FF44661F2ECC4197480 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
00:32:50.0806 0x08b8  rimsptsk - ok
00:32:50.0821 0x08b8  [ 3F400C3CCD0818858602DDB37B5DE719, 2F9045D59A18EA5D0FA9AC8C369C5FFF017147246E078CA0C612854CDFC2F1B4 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
00:32:50.0837 0x08b8  rismxdp - ok
00:32:50.0868 0x08b8  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:32:50.0899 0x08b8  RpcEptMapper - ok
00:32:50.0931 0x08b8  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
00:32:50.0946 0x08b8  RpcLocator - ok
00:32:51.0009 0x08b8  [ DC908AB53016010462F371BBFD3173F5, EBA817F382F49FC698AB98415E7552C2ED031FAEEAB55D34EC77E5EF59860649 ] rpcnet          C:\Windows\system32\rpcnet.exe
00:32:51.0040 0x08b8  rpcnet - ok
00:32:51.0087 0x08b8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
00:32:51.0118 0x08b8  RpcSs - ok
00:32:51.0289 0x08b8  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:32:51.0352 0x08b8  rspndr - ok
00:32:51.0492 0x08b8  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:32:51.0523 0x08b8  s3cap - ok
00:32:51.0539 0x08b8  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] SamSs           C:\Windows\system32\lsass.exe
00:32:51.0570 0x08b8  SamSs - ok
00:32:51.0633 0x08b8  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:32:51.0664 0x08b8  sbp2port - ok
00:32:51.0695 0x08b8  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:32:51.0726 0x08b8  SCardSvr - ok
00:32:51.0742 0x08b8  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:32:51.0773 0x08b8  scfilter - ok
00:32:51.0820 0x08b8  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
00:32:51.0882 0x08b8  Schedule - ok
00:32:51.0898 0x08b8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:32:51.0929 0x08b8  SCPolicySvc - ok
00:32:51.0976 0x08b8  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
00:32:52.0023 0x08b8  sdbus - ok
00:32:52.0054 0x08b8  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:32:52.0116 0x08b8  SDRSVC - ok
00:32:52.0163 0x08b8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:32:52.0225 0x08b8  secdrv - ok
00:32:52.0241 0x08b8  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
00:32:52.0272 0x08b8  seclogon - ok
00:32:52.0303 0x08b8  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
00:32:52.0335 0x08b8  SENS - ok
00:32:52.0366 0x08b8  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:32:52.0381 0x08b8  SensrSvc - ok
00:32:52.0397 0x08b8  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:32:52.0413 0x08b8  Serenum - ok
00:32:52.0428 0x08b8  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
00:32:52.0444 0x08b8  Serial - ok
00:32:52.0475 0x08b8  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:32:52.0491 0x08b8  sermouse - ok
00:32:52.0537 0x08b8  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:32:52.0569 0x08b8  SessionEnv - ok
00:32:52.0584 0x08b8  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:32:52.0600 0x08b8  sffdisk - ok
00:32:52.0615 0x08b8  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:32:52.0631 0x08b8  sffp_mmc - ok
00:32:52.0647 0x08b8  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:32:52.0662 0x08b8  sffp_sd - ok
00:32:52.0693 0x08b8  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:32:52.0709 0x08b8  sfloppy - ok
00:32:52.0756 0x08b8  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:32:52.0803 0x08b8  SharedAccess - ok
00:32:52.0849 0x08b8  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:32:52.0881 0x08b8  ShellHWDetection - ok
00:32:52.0912 0x08b8  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:32:52.0927 0x08b8  sisagp - ok
00:32:52.0959 0x08b8  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:32:52.0974 0x08b8  SiSRaid2 - ok
00:32:52.0990 0x08b8  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:32:53.0005 0x08b8  SiSRaid4 - ok
00:32:53.0099 0x08b8  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
00:32:53.0130 0x08b8  SkypeUpdate - ok
00:32:53.0193 0x08b8  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:32:53.0271 0x08b8  Smb - ok
00:32:53.0302 0x08b8  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:32:53.0317 0x08b8  SNMPTRAP - ok
00:32:53.0349 0x08b8  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:32:53.0364 0x08b8  spldr - ok
00:32:53.0427 0x08b8  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
00:32:53.0458 0x08b8  Spooler - ok
00:32:53.0614 0x08b8  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
00:32:53.0801 0x08b8  sppsvc - ok
00:32:53.0848 0x08b8  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:32:53.0879 0x08b8  sppuinotify - ok
00:32:53.0941 0x08b8  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:32:54.0004 0x08b8  srv - ok
00:32:54.0066 0x08b8  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:32:54.0097 0x08b8  srv2 - ok
00:32:54.0097 0x08b8  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:32:54.0113 0x08b8  srvnet - ok
00:32:54.0160 0x08b8  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:32:54.0222 0x08b8  SSDPSRV - ok
00:32:54.0238 0x08b8  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:32:54.0269 0x08b8  SstpSvc - ok
00:32:54.0285 0x08b8  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:32:54.0300 0x08b8  stexstor - ok
00:32:54.0347 0x08b8  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
00:32:54.0394 0x08b8  StiSvc - ok
00:32:54.0425 0x08b8  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:32:54.0456 0x08b8  storflt - ok
00:32:54.0519 0x08b8  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
00:32:54.0565 0x08b8  StorSvc - ok
00:32:54.0581 0x08b8  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:32:54.0597 0x08b8  storvsc - ok
00:32:54.0628 0x08b8  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:32:54.0643 0x08b8  swenum - ok
00:32:54.0706 0x08b8  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
00:32:54.0753 0x08b8  swprv - ok
00:32:54.0831 0x08b8  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
00:32:54.0893 0x08b8  SysMain - ok
00:32:54.0940 0x08b8  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
00:32:54.0955 0x08b8  TabletInputService - ok
00:32:54.0987 0x08b8  [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
00:32:55.0049 0x08b8  tap0901 - ok
00:32:55.0080 0x08b8  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:32:55.0127 0x08b8  TapiSrv - ok
00:32:55.0143 0x08b8  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
00:32:55.0174 0x08b8  TBS - ok
00:32:55.0283 0x08b8  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:32:55.0345 0x08b8  Tcpip - ok
00:32:55.0423 0x08b8  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:32:55.0470 0x08b8  TCPIP6 - ok
00:32:55.0517 0x08b8  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:32:55.0533 0x08b8  tcpipreg - ok
00:32:55.0564 0x08b8  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:32:55.0626 0x08b8  TDPIPE - ok
00:32:55.0657 0x08b8  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:32:55.0673 0x08b8  TDTCP - ok
00:32:55.0720 0x08b8  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:32:55.0767 0x08b8  tdx - ok
00:32:55.0782 0x08b8  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:32:55.0798 0x08b8  TermDD - ok
00:32:55.0876 0x08b8  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
00:32:55.0923 0x08b8  TermService - ok
00:32:55.0954 0x08b8  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
00:32:55.0969 0x08b8  Themes - ok
00:32:55.0985 0x08b8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:32:56.0016 0x08b8  THREADORDER - ok
00:32:56.0047 0x08b8  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
00:32:56.0094 0x08b8  TrkWks - ok
00:32:56.0141 0x08b8  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:32:56.0172 0x08b8  TrustedInstaller - ok
00:32:56.0203 0x08b8  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:32:56.0219 0x08b8  tssecsrv - ok
00:32:56.0266 0x08b8  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:32:56.0297 0x08b8  TsUsbFlt - ok
00:32:56.0328 0x08b8  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:32:56.0344 0x08b8  TsUsbGD - ok
00:32:56.0531 0x08b8  [ 58CA8A3052E36ACEF2026BC968CFE6B3, C3CA1BF88432279D1E77E3FBD038C507D50BF92EEE34210E55D206F0952A0843 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
00:32:56.0687 0x08b8  TuneUp.UtilitiesSvc - ok
00:32:56.0749 0x08b8  [ 9F0B34E0B903B803309552C3DB267451, EA3F23F7C2551DCACB8118A36355E03A6A26F693AEB1D39E0F9B8F391BA40E96 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys
00:32:56.0781 0x08b8  TuneUpUtilitiesDrv - ok
00:32:56.0827 0x08b8  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:32:56.0874 0x08b8  tunnel - ok
00:32:56.0921 0x08b8  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:32:56.0937 0x08b8  uagp35 - ok
00:32:56.0952 0x08b8  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:32:57.0015 0x08b8  udfs - ok
00:32:57.0046 0x08b8  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:32:57.0061 0x08b8  UI0Detect - ok
00:32:57.0108 0x08b8  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:32:57.0124 0x08b8  uliagpkx - ok
00:32:57.0186 0x08b8  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:32:57.0217 0x08b8  umbus - ok
00:32:57.0264 0x08b8  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:32:57.0295 0x08b8  UmPass - ok
00:32:57.0327 0x08b8  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:32:57.0358 0x08b8  UmRdpService - ok
00:32:57.0389 0x08b8  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
00:32:57.0451 0x08b8  upnphost - ok
00:32:57.0483 0x08b8  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
00:32:57.0498 0x08b8  USBAAPL - detected UnsignedFile.Multi.Generic ( 1 )
00:32:58.0621 0x08b8  Detect skipped due to KSN trusted
00:32:58.0621 0x08b8  USBAAPL - ok
00:32:58.0668 0x08b8  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:32:58.0746 0x08b8  usbccgp - ok
00:32:58.0777 0x08b8  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:32:58.0809 0x08b8  usbcir - ok
00:32:58.0855 0x08b8  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:32:58.0887 0x08b8  usbehci - ok
00:32:58.0965 0x08b8  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:32:59.0027 0x08b8  usbhub - ok
00:32:59.0089 0x08b8  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:32:59.0121 0x08b8  usbohci - ok
00:32:59.0136 0x08b8  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:32:59.0152 0x08b8  usbprint - ok
00:32:59.0214 0x08b8  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:32:59.0245 0x08b8  usbscan - ok
00:32:59.0261 0x08b8  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:32:59.0323 0x08b8  USBSTOR - ok
00:32:59.0370 0x08b8  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:32:59.0401 0x08b8  usbuhci - ok
00:32:59.0479 0x08b8  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:32:59.0511 0x08b8  usbvideo - ok
00:32:59.0542 0x08b8  [ AF77716205C97E902E6C5B78DECE2CCA, ED99EABED1C7F323EE2A76413E2B260F8EE1D76FDF1E60EE35136D060E756735 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
00:32:59.0573 0x08b8  usb_rndisx - ok
00:32:59.0604 0x08b8  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
00:32:59.0620 0x08b8  UxSms - ok
00:32:59.0698 0x08b8  [ 6C6395DB3AADD8815F8077C4511B5979, 4405FD248F7E6CCD682388537ADD09539289C81E917E470B386D3F06248B197D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
00:32:59.0729 0x08b8  UxTuneUp - ok
00:32:59.0745 0x08b8  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] VaultSvc        C:\Windows\system32\lsass.exe
00:32:59.0760 0x08b8  VaultSvc - ok
00:32:59.0823 0x08b8  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:32:59.0854 0x08b8  vdrvroot - ok
00:32:59.0916 0x08b8  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
00:32:59.0963 0x08b8  vds - ok
00:32:59.0979 0x08b8  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:32:59.0994 0x08b8  vga - ok
00:33:00.0025 0x08b8  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:33:00.0057 0x08b8  VgaSave - ok
00:33:00.0103 0x08b8  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:33:00.0119 0x08b8  vhdmp - ok
00:33:00.0150 0x08b8  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:33:00.0166 0x08b8  viaagp - ok
00:33:00.0213 0x08b8  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
00:33:00.0228 0x08b8  ViaC7 - ok
00:33:00.0259 0x08b8  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:33:00.0259 0x08b8  viaide - ok
00:33:00.0306 0x08b8  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:33:00.0322 0x08b8  vmbus - ok
00:33:00.0337 0x08b8  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:33:00.0353 0x08b8  VMBusHID - ok
00:33:00.0384 0x08b8  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:33:00.0400 0x08b8  volmgr - ok
00:33:00.0415 0x08b8  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:33:00.0447 0x08b8  volmgrx - ok
00:33:00.0462 0x08b8  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:33:00.0493 0x08b8  volsnap - ok
00:33:00.0556 0x08b8  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:33:00.0587 0x08b8  vsmraid - ok
00:33:00.0649 0x08b8  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
00:33:00.0712 0x08b8  VSS - ok
00:33:00.0743 0x08b8  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:33:00.0759 0x08b8  vwifibus - ok
00:33:00.0774 0x08b8  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
00:33:00.0805 0x08b8  W32Time - ok
00:33:00.0837 0x08b8  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:33:00.0868 0x08b8  WacomPen - ok
00:33:00.0930 0x08b8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:33:00.0961 0x08b8  WANARP - ok
00:33:00.0961 0x08b8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:33:00.0993 0x08b8  Wanarpv6 - ok
00:33:01.0133 0x08b8  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:33:01.0196 0x08b8  WatAdminSvc - ok
00:33:01.0259 0x08b8  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
00:33:01.0337 0x08b8  wbengine - ok
00:33:01.0384 0x08b8  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:33:01.0430 0x08b8  WbioSrvc - ok
00:33:01.0477 0x08b8  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:33:01.0493 0x08b8  wcncsvc - ok
00:33:01.0508 0x08b8  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:33:01.0540 0x08b8  WcsPlugInService - ok
00:33:01.0571 0x08b8  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
00:33:01.0602 0x08b8  Wd - ok
00:33:01.0680 0x08b8  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:33:01.0727 0x08b8  Wdf01000 - ok
00:33:01.0774 0x08b8  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:33:01.0805 0x08b8  WdiServiceHost - ok
00:33:01.0805 0x08b8  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:33:01.0820 0x08b8  WdiSystemHost - ok
00:33:01.0867 0x08b8  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
00:33:01.0898 0x08b8  WebClient - ok
00:33:01.0930 0x08b8  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:33:01.0961 0x08b8  Wecsvc - ok
00:33:01.0992 0x08b8  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:33:02.0023 0x08b8  wercplsupport - ok
00:33:02.0039 0x08b8  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
00:33:02.0070 0x08b8  WerSvc - ok
00:33:02.0117 0x08b8  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:33:02.0148 0x08b8  WfpLwf - ok
00:33:02.0195 0x08b8  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:33:02.0210 0x08b8  WIMMount - ok
00:33:02.0320 0x08b8  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
00:33:02.0366 0x08b8  WinDefend - ok
00:33:02.0382 0x08b8  WinHttpAutoProxySvc - ok
00:33:02.0476 0x08b8  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:33:02.0538 0x08b8  Winmgmt - ok
00:33:02.0616 0x08b8  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:33:02.0678 0x08b8  WinRM - ok
00:33:02.0756 0x08b8  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
00:33:02.0788 0x08b8  WinUsb - ok
00:33:02.0834 0x08b8  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:33:02.0881 0x08b8  Wlansvc - ok
00:33:02.0912 0x08b8  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:33:02.0928 0x08b8  WmiAcpi - ok
00:33:02.0975 0x08b8  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:33:03.0006 0x08b8  wmiApSrv - ok
00:33:03.0178 0x08b8  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
00:33:03.0224 0x08b8  WMPNetworkSvc - ok
00:33:03.0256 0x08b8  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:33:03.0287 0x08b8  WPCSvc - ok
00:33:03.0302 0x08b8  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:33:03.0318 0x08b8  WPDBusEnum - ok
00:33:03.0365 0x08b8  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:33:03.0396 0x08b8  ws2ifsl - ok
00:33:03.0427 0x08b8  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
00:33:03.0474 0x08b8  wscsvc - ok
00:33:03.0474 0x08b8  WSearch - ok
00:33:03.0614 0x08b8  [ A7A67674E51F2B050AAC4C477297EEE2, FA6DA2AA7869A99AB3D19509D7F2411E5E2C9ADB6D8DB97D7B8FAF1F6E160687 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:33:03.0755 0x08b8  wuauserv - ok
00:33:03.0786 0x08b8  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:33:03.0802 0x08b8  WudfPf - ok
00:33:03.0848 0x08b8  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:33:03.0864 0x08b8  WUDFRd - ok
00:33:03.0895 0x08b8  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:33:03.0911 0x08b8  wudfsvc - ok
00:33:03.0958 0x08b8  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:33:03.0989 0x08b8  WwanSvc - ok
00:33:04.0004 0x08b8  ================ Scan global ===============================
00:33:04.0036 0x08b8  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
00:33:04.0082 0x08b8  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
00:33:04.0098 0x08b8  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
00:33:04.0114 0x08b8  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
00:33:04.0145 0x08b8  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
00:33:04.0160 0x08b8  [ Global ] - ok
00:33:04.0160 0x08b8  ================ Scan MBR ==================================
00:33:04.0176 0x08b8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:33:04.0644 0x08b8  \Device\Harddisk0\DR0 - ok
00:33:04.0644 0x08b8  ================ Scan VBR ==================================
00:33:04.0644 0x08b8  [ 05E21A6F9392B194BE6DF9899EE1EC38 ] \Device\Harddisk0\DR0\Partition1
00:33:04.0660 0x08b8  \Device\Harddisk0\DR0\Partition1 - ok
00:33:04.0660 0x08b8  ================ Scan generic autorun ======================
00:33:04.0753 0x08b8  [ 20DE1CDD37A5D3D4177B8D9FEF907D81, F6CE80984852595A677C92B8C555F9B0D398BAE36768E0D6FC7F8C7211D962D2 ] c:\Program Files\Microsoft Security Client\msseces.exe
00:33:04.0800 0x08b8  MSC - ok
00:33:04.0800 0x08b8  NvCplDaemon - ok
00:33:04.0816 0x08b8  NvMediaCenter - ok
00:33:04.0878 0x08b8  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
00:33:04.0909 0x08b8  NUSB3MON - ok
00:33:05.0034 0x08b8  [ 9D54F3E5E4D102AB27E190CBEC14B355, AECF6C3634557937F8CE2D353A3C3B1FC31E33CB66C2926ADD2C99756EB09F88 ] C:\Program Files\Everything\Everything.exe
00:33:05.0065 0x08b8  Everything - detected UnsignedFile.Multi.Generic ( 1 )
00:33:06.0204 0x08b8  Detect skipped due to KSN trusted
00:33:06.0204 0x08b8  Everything - ok
00:33:06.0282 0x08b8  [ 053E2A1DAA1AE4171A863BDE73872DB3, 644E70AE998E7115F7452949BB5FAFD3939FD54C89E9E742FF535AE9131AAF49 ] C:\Program Files\ControlCenter4\BrCcBoot.exe
00:33:06.0298 0x08b8  ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
00:33:07.0437 0x08b8  Detect skipped due to KSN trusted
00:33:07.0437 0x08b8  ControlCenter4 - ok
00:33:07.0734 0x08b8  [ FBE2F33BBFF0F9592F552FD3BA41F8AC, 7126FBEEB4CD5A1B6F084503598E616905957FD364E4576BDFF4DB75FE660B17 ] C:\Program Files\Browny02\Brother\BrStMonW.exe
00:33:08.0061 0x08b8  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
00:33:09.0231 0x08b8  Detect skipped due to KSN trusted
00:33:09.0231 0x08b8  BrStsMon00 - ok
00:33:09.0450 0x08b8  [ F1021BD18F1F726DAD6E00398FD1CCB6, A76FC4DFB1E9BFE0B920C78E36C1E77D4AA2224D37A26B26AD843D60949D2214 ] C:\Program Files\KeePass Password Safe 2\KeePass.exe
00:33:09.0606 0x08b8  KeePass 2 PreLoad - ok
00:33:09.0731 0x08b8  [ D1B2FADBF98C2B7A53893B939802004B, 0E4B97F24C4204B2905AE5AF489C0144CD6997330135C48C487EE27CD395452E ] C:\Program Files\iTunes\iTunesHelper.exe
00:33:09.0746 0x08b8  iTunesHelper - ok
00:33:09.0824 0x08b8  [ F655E4A1AED366E96E5D5AA397E0F255, F8573CCA72FA25079B8CE2FC5D30379487E2905B109C73C741FAB31589FA49E1 ] C:\Program Files\QuickTime\QTTask.exe
00:33:09.0840 0x08b8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
00:33:11.0088 0x08b8  QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
00:33:12.0336 0x08b8  [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
00:33:12.0367 0x08b8  SunJavaUpdateSched - ok
00:33:12.0523 0x08b8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
00:33:12.0601 0x08b8  Sidebar - ok
00:33:12.0617 0x08b8  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
00:33:12.0648 0x08b8  mctadmin - ok
00:33:12.0710 0x08b8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
00:33:12.0741 0x08b8  Sidebar - ok
00:33:12.0757 0x08b8  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
00:33:12.0773 0x08b8  mctadmin - ok
00:33:13.0053 0x08b8  [ 3D01BD151A423F6B7D89970E42E31E46, CA1B7619A387E94A033D3143B782DEEC30C9F9E528B52822E7CB35D1C617F349 ] C:\Program Files\CCleaner\CCleaner.exe
00:33:13.0225 0x08b8  CCleaner Monitoring - ok
00:33:13.0241 0x08b8  Waiting for KSN requests completion. In queue: 6
00:33:14.0255 0x08b8  Waiting for KSN requests completion. In queue: 6
00:33:15.0284 0x08b8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
00:33:15.0284 0x08b8  Win FW state via NFP2: enabled ( trusted )
00:33:16.0454 0x08b8  ============================================================
00:33:16.0454 0x08b8  Scan finished
00:33:16.0454 0x08b8  ============================================================
00:33:16.0470 0x04e4  Detected object count: 1
00:33:16.0470 0x04e4  Actual detected object count: 1
00:33:26.0220 0x04e4  QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
00:33:26.0220 0x04e4  QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
bis jetzt nichts aufälliges. ich vermute mal, dass das notebook einfach zu alt für itunes & co ist und es von dieser software (cloud ahoi) in die knie gezwungen wird.
__________________

Alt 02.09.2015, 19:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



Hast Du den Anrufer nun auf den Rechner gelassen oder nicht? Ich denke nicht.

Neben Ich -mach-den-PC-Kaputt TUne Up ist da aber noch Adware die runter muss.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.09.2015, 11:43   #5
hanns-robert
 
Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



hallo schrauber,
sorry: der anrufer war via teamviewer ca. 5-10 minuten auf dem pc. nachdem ein fenster aufblitzte und wieder verschwand, wusste ich, dass das nichts gutes ist und brach die verbindung ab. anschließend auch das telefonat. dank google weiß ich jetzt, worauf ich (fast?) reingefallen bin.

tune-up ist gelöscht.

hier die logs

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 03.09.2015
Suchlaufzeit: 09:34
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.03.02
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: hanns-robert

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 384774
Abgelaufene Zeit: 48 Min., 48 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.005 - Bericht erstellt am 03/09/2015 um 10:39:17
# Aktualisiert am 31/08/2015 von Xplode
# Datenbank : 2015-08-31.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : hanns-robert - hanns-robert-PC
# Gestartet von : C:\Users\hanns-robert\Downloads\trojaner-board\AdwCleaner_5.005.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Users\hanns-robert\Documents\Updater

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\foxydeal.sqlite
[-] Datei Gelöscht : C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\user.js

***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1044 Bytes] ##########
         
--- --- ---


JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Professional x86
Ran by hanns-robert on 03.09.2015 at 10:45:17,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\hanns-robert\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\hanns-robert\Documents\add-in express



~~~ FireFox

Emptied folder: C:\Users\hanns-robert\AppData\Roaming\mozilla\firefox\profiles\q2cfpw2h.default\minidumps [25 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2015 at 10:47:20,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


beim first kam kein addition.txt mit. folgt.


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (03-09-2015 11:29:13)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1

Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-03 10:47 - 2015-09-03 10:47 - 00000891 _____ C:\Users\hanns-robert\Desktop\JRT.txt
2015-09-03 10:36 - 2015-09-03 10:39 - 00000000 ____D C:\AdwCleaner
2015-09-03 09:22 - 2015-09-03 09:22 - 00001064 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-09-03 09:22 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-03 09:22 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-02 00:51 - 2015-09-02 00:51 - 06667640 _____ (Piriform Ltd) C:\Users\hanns-robert\Downloads\ccsetup509.exe
2015-09-01 22:03 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 22:02 - 2015-09-03 09:33 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 22:02 - 2015-09-02 00:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-01 22:01 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-01 22:00 - 2015-09-01 22:01 - 00000000 ____D C:\Users\admin\Downloads\mbar
2015-09-01 21:57 - 2015-09-01 21:57 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 21:56 - 2015-09-01 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 21:56 - 2015-09-01 21:55 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 21:03 - 2015-09-01 21:03 - 00000000 ____D C:\Users\hanns-robert\AppData\Local\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\Program Files\Microsoft Research
2015-09-01 19:25 - 2015-09-03 11:29 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-03 10:57 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-26 21:45 - 2015-09-03 09:30 - 00002588 _____ C:\Windows\PFRO.log
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 18:12 - 2015-09-03 10:50 - 00001467 _____ C:\Windows\setupact.log
2015-08-22 18:12 - 2015-08-22 18:12 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-03 11:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 10:59 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 10:59 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 10:54 - 2014-08-20 20:12 - 01168923 _____ C:\Windows\WindowsUpdate.log
2015-09-03 10:52 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-09-03 10:51 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-03 10:51 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-03 10:51 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 09:37 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 09:29 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-03 09:01 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-09-02 00:52 - 2015-07-23 19:54 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 00:52 - 2014-04-13 17:46 - 00000000 ____D C:\Users\admin
2015-09-02 00:52 - 2014-04-11 01:04 - 00000000 ____D C:\Program Files\CCleaner
2015-09-01 21:58 - 2014-04-15 21:28 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 21:54 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 21:41 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 21:00 - 2014-04-11 00:56 - 00000000 ____D C:\Users\hanns-robert\Software
2015-09-01 20:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-01 20:07 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-22 18:16 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995

Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\hanns-robert\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\hanns-robert\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\hanns-robert\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-01 20:40

==================== Ende vom FRST.txt ============================
         
--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-03 11:29:41)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================


==================== Konten: =============================

admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version:  - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version:  - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Image Composite Editor (HKLM\...\{B29E2C62-496A-4F4F-9ED0-239FA15E1CB8}) (Version: 2.0.3 - Microsoft Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version:  - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

14-08-2015 19:58:24 Windows Update
18-08-2015 10:07:25 Windows Update
22-08-2015 18:19:04 Windows Update
24-08-2015 11:54:00 Windows Update
27-08-2015 16:44:52 Windows Update
01-09-2015 16:08:07 Windows Update
01-09-2015 21:01:17 Installed Image Composite Editor
03-09-2015 09:11:01 TuneUp Utilities 2014 wird entfernt
03-09-2015 09:12:57 TuneUp Utilities 2014 (de-DE) wird entfernt
03-09-2015 10:45:22 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 21:12 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-08-24 20:28 - 2015-08-24 20:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe                                                                                                                                                                                                    
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"                                                                                                                                                                                                      
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"                                                                                                                                                                                                             

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/03/2015 10:52:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 10:42:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 09:32:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 08:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 09:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 04:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2015 04:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2015 09:47:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2015 05:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (09/03/2015 10:45:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2015 10:45:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Remote Procedure Call (RPC) Net" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDFProFiltSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Internet Pass-Through Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2015 10:45:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/03/2015 10:45:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/03/2015 10:39:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 1305.89 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 3290.16 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:94.94 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
--- --- ---

betr. tune-up: wie sinnvoll ist der einsatz von CCleaner? ich nutze die free edition.


Alt 03.09.2015, 19:24   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



Ccleaner ist gut für die Temps, aber Finger weg von der Registry .


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 7: Notebook soll Junkmails verschicken

Alt 04.09.2015, 20:50   #7
hanns-robert
 
Windows 7: Notebook soll Junkmails verschicken - Icon17

Windows 7: Notebook soll Junkmails verschicken



hallo schrauber, geschafft!
ESET ist ja ein monster von einer software... lohnt sich die anschaffung als antiviren scanner?
aber ich vermute mal, dass du Emsisoft empfehlen wirst...


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# end=init
# utc_time=2015-09-04 08:48:06
# local_time=2015-09-04 10:48:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# end=init
# utc_time=2015-09-04 08:50:56
# local_time=2015-09-04 10:50:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25601
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# end=updated
# utc_time=2015-09-04 08:57:24
# local_time=2015-09-04 10:57:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d23bf2b8d226344d8c2370a28dc5122f
# engine=25601
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-04 12:16:01
# local_time=2015-09-04 02:16:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9870833 64352955 0 0
# scanned=472102
# found=16
# cleaned=0
# scan_time=11916
sh=74B20D85BC69DB90D8DA4E0A9F4F79EEE0057E6D ft=1 fh=05fe150a8019ad38 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe"
sh=DD77E4612577A4178DEA50B50512C90030B8DFAD ft=1 fh=a2e12fdcf9a4bc1e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe"
sh=65779416CECE0926A7C1DEEC1B87ACC9854B70FE ft=1 fh=0c7419563129743e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe"
sh=EBC0F08FD723F0BED0DB6B1B5495DDAABEFEF4D0 ft=1 fh=7b29519702006b9c vn="Variante von Win32/Injector.RRI Trojaner" ac=I fn="C:\Users\hanns-robert\Software\nolimits\Monsoon.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe"
sh=9B06B72A09E080D37C9D84A67B552B6050667D90 ft=1 fh=aa0cb7e2bcfc9fbc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\software\FreeAudioConverter.exe"
sh=078754E88485A37F673AC14E18B95DBC85A9FDA4 ft=1 fh=f509302feaa8a887 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\software\FreeAudioDub.exe"
sh=FDC2EA51B5536494AF21F857A14411077B58EDBB ft=1 fh=04b58d39a0502cf7 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="E:\software\zaSetup_92_106_000_en.exe"
sh=C3547D582A9CEF1F8D4BB4D11D13CE439EFFFC88 ft=1 fh=61ae612f12e7a3af vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe"
sh=740E73A9271E01CFEEBFE54E0156D374A7AEFD7F ft=1 fh=c71c001177bf4673 vn="Win32/BadJoke.AN Trojaner" ac=I fn="G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe"
sh=620A10BFF150F1A2E28ABA89C04466B153DA7DCD ft=1 fh=938b60ab58a7f6a3 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\software\freedownloadmanager_30852.exe"
sh=9C7EC8EB5D7CA43214E25369CBFE1A35E25245FA ft=1 fh=ac1b0e7e2ef325c4 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="G:\software\unlocker1.8.7.exe"
sh=44C75F2F955CFE8650932D5D600397C0712CD10A ft=1 fh=1ed1429be76b2d59 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="G:\software\audio\audiograbber\agsetup183se.exe"
sh=74B20D85BC69DB90D8DA4E0A9F4F79EEE0057E6D ft=1 fh=05fe150a8019ad38 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\software\cam\icuii\icuii805.exe"
sh=DD77E4612577A4178DEA50B50512C90030B8DFAD ft=1 fh=a2e12fdcf9a4bc1e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\software\cam\icuii\icuii806.exe"
sh=EBC0F08FD723F0BED0DB6B1B5495DDAABEFEF4D0 ft=1 fh=7b29519702006b9c vn="Variante von Win32/Injector.RRI Trojaner" ac=I fn="G:\software\nolimits\Monsoon.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 60  
 Adobe Flash Player 	18.0.0.232  
 Mozilla Firefox (40.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
durchgeführt von hanns-robert (Administrator) auf hanns-robert-PC (04-09-2015 20:02:22)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert (Verfügbare Profile: hanns-robert & admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-01-27] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2013-12-19] (Brother Industries, Ltd.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{0119FB2D-7C7E-4258-954F-5A33F8A32915}: [DhcpNameServer] 192.168.123.81 192.168.123.124
Tcpip\..\Interfaces\{677857D5-A830-483C-866D-A51015D17ED7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{83DC2806-26AE-4D68-B2D8-8A10872F72A9}: [DhcpNameServer] 192.168.192.1

Internet Explorer:
==================
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {17521AD6-C195-4576-B69C-9A60834CDE99} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000 -> {219D42F1-35A3-4625-8532-82EF0313D5C8} URL = hxxp://ecosia.org/search?q={searchTerms}&addon=opsensearch-ie
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1148431976-1086807397-2611512696-1000: www.mydlink.com/Uplayer -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hanns-robert\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\duckduckgo.xml [2014-01-18]
FF SearchPlugin: C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\searchplugins\ecosia.xml [2015-06-10]
FF Extension: German Dictionary - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-10]
FF Extension: United States English Spellchecker - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-11]
FF Extension: FireFTP - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-31]
FF Extension: Add Bookmark Here ² - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\abhere2@moztw.org.xpi [2014-04-11]
FF Extension: Copy Plain Text 2 - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\copyplaintext@teo.pl.xpi [2014-04-11]
FF Extension: Facebook Disconnect - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\facebook@disconnect.me.xpi [2014-12-15]
FF Extension: Mailvelope - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-04-22]
FF Extension: DuckDuckGo Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-11]
FF Extension: Print/Print Preview - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2014-04-11]
FF Extension: Image Zoom - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-04-11]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
FF Extension: Tab Mix Plus - C:\Users\hanns-robert\AppData\Roaming\Mozilla\Firefox\Profiles\q2cfpw2h.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-10-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-02-19] (Adobe Systems) [Datei ist nicht signiert]
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-07-21] (Flexera Software LLC.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 eapihdrv; C:\Users\hanns-robert\AppData\Local\Temp\ehdrv.sys [135760 2015-09-04] (ESET)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-04 10:47 - 2015-09-04 10:47 - 00000000 ____D C:\Program Files\ESET
2015-09-04 10:43 - 2015-09-04 10:43 - 00000056 _____ C:\Windows\setupact.log
2015-09-04 10:43 - 2015-09-04 10:43 - 00000000 _____ C:\Windows\setuperr.log
2015-09-03 11:38 - 2015-09-03 11:38 - 00000000 ____D C:\Users\hanns-robert\Documents\Add-in Express
2015-09-03 10:36 - 2015-09-03 10:39 - 00000000 ____D C:\AdwCleaner
2015-09-03 09:22 - 2015-09-03 09:22 - 00001064 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-03 09:22 - 2015-09-03 09:22 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-09-03 09:22 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-03 09:22 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-02 00:51 - 2015-09-02 00:51 - 06667640 _____ (Piriform Ltd) C:\Users\hanns-robert\Downloads\ccsetup509.exe
2015-09-01 22:03 - 2015-09-03 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 22:02 - 2015-09-03 09:33 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 22:02 - 2015-09-02 00:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-01 22:01 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-01 22:00 - 2015-09-01 22:01 - 00000000 ____D C:\Users\admin\Downloads\mbar
2015-09-01 21:57 - 2015-09-01 21:57 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 21:56 - 2015-09-01 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 21:56 - 2015-09-01 21:55 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 21:03 - 2015-09-01 21:03 - 00000000 ____D C:\Users\hanns-robert\AppData\Local\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2015-09-01 21:02 - 2015-09-01 21:02 - 00000000 ____D C:\Program Files\Microsoft Research
2015-09-01 19:25 - 2015-09-04 20:02 - 00000000 ____D C:\FRST
2015-09-01 19:22 - 2015-09-01 19:22 - 00000000 _____ C:\Users\hanns-robert\defogger_reenable
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Sun
2015-09-01 19:17 - 2015-09-01 19:17 - 00000000 ____D C:\Users\hanns-robert\.oracle_jre_usage
2015-09-01 19:13 - 2015-09-04 20:02 - 00000000 ____D C:\Users\hanns-robert\Downloads\trojaner-board
2015-09-01 19:12 - 2015-09-01 19:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-01 16:40 - 2015-09-01 16:41 - 23273424 _____ (SUPERAntiSpyware) C:\Users\hanns-robert\Downloads\SUPERAntiSpywarePro.exe
2015-09-01 16:20 - 2015-09-01 16:20 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TeamViewer
2015-08-25 19:07 - 2015-08-25 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 19:06 - 2015-08-25 19:07 - 00000000 ____D C:\Program Files\QuickTime
2015-08-24 11:54 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-24 11:54 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-18 11:39 - 2015-08-18 11:39 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-18 11:39 - 2015-08-18 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 11:38 - 2015-08-18 11:39 - 00000000 ____D C:\Program Files\iTunes
2015-08-18 11:38 - 2015-08-18 11:38 - 00000000 ____D C:\Program Files\iPod
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-14 20:07 - 2015-08-14 20:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-13 21:15 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 21:15 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 21:15 - 2015-07-30 18:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 21:15 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 21:15 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 21:15 - 2015-07-16 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 21:15 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 21:15 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 21:15 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 21:15 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 21:15 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 21:15 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 21:15 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 21:15 - 2015-07-16 21:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 21:15 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 21:15 - 2015-07-16 21:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 21:15 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 21:15 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 21:15 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 21:15 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 21:15 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 21:15 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 21:15 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 21:15 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 21:15 - 2015-07-16 21:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 21:15 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 21:15 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 21:15 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 21:15 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 21:15 - 2015-07-16 17:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 21:15 - 2015-07-15 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 21:15 - 2015-07-15 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 21:15 - 2015-07-15 19:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 21:15 - 2015-07-15 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 21:15 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 21:15 - 2015-07-15 19:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 21:15 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 21:15 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 21:15 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 21:15 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 21:15 - 2015-07-15 18:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 21:15 - 2015-07-15 18:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 21:14 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 21:14 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 21:11 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 21:10 - 2015-07-15 04:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 21:09 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 21:09 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 16:28 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 16:27 - 2015-07-28 22:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 16:27 - 2015-07-28 22:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 16:27 - 2015-07-28 22:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 16:27 - 2015-07-28 21:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 16:27 - 2015-07-20 19:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 16:27 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 16:27 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 16:27 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 16:16 - 2015-08-12 16:17 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Nvu
2015-08-12 16:15 - 2015-08-12 16:16 - 00001477 _____ C:\Users\hanns-robert\Desktop\nvu.lnk
2015-08-11 15:28 - 2015-08-11 15:30 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KompoZer
2015-08-11 15:25 - 2015-08-11 15:28 - 00000000 ____D C:\Program Files\KompoZer 0.7.10
2015-08-10 20:44 - 2015-08-10 20:44 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\dlink
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-04 19:10 - 2014-05-06 21:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 10:58 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 10:58 - 2009-07-14 06:34 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 10:46 - 2014-08-20 20:12 - 01247885 _____ C:\Windows\WindowsUpdate.log
2015-09-04 10:44 - 2014-04-13 12:01 - 00381440 ___SH C:\Users\hanns-robert\Desktop\Thumbs.db
2015-09-04 10:43 - 2014-04-13 17:50 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-04 10:43 - 2014-04-13 17:45 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-04 10:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 10:28 - 2014-10-15 22:47 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Everything
2015-09-04 10:28 - 2014-05-10 22:04 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\XnView
2015-09-04 09:01 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-04 07:41 - 2014-10-17 22:15 - 00000000 ___RD C:\Users\hanns-robert\iCloudDrive
2015-09-02 00:52 - 2015-07-23 19:54 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-02 00:52 - 2014-04-13 17:46 - 00000000 ____D C:\Users\admin
2015-09-02 00:52 - 2014-04-11 01:04 - 00000000 ____D C:\Program Files\CCleaner
2015-09-01 21:58 - 2014-04-15 21:28 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 21:54 - 2014-04-15 21:31 - 00000000 ____D C:\Program Files\Java
2015-09-01 21:41 - 2014-04-10 22:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-01 21:00 - 2014-04-11 00:56 - 00000000 ____D C:\Users\hanns-robert\Software
2015-09-01 20:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-01 20:07 - 2014-05-10 00:19 - 02420736 ___SH C:\Users\hanns-robert\Downloads\Thumbs.db
2015-09-01 19:22 - 2014-04-10 21:37 - 00000000 ____D C:\Users\hanns-robert
2015-08-27 16:42 - 2014-11-04 22:38 - 00000000 ____D C:\Users\hanns-robert\usb
2015-08-26 23:18 - 2014-04-13 11:23 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\KeePass
2015-08-25 23:15 - 2014-04-16 00:55 - 00000000 ____D C:\ProgramData\TEMP
2015-08-25 20:58 - 2014-07-21 20:38 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\UseNeXT
2015-08-25 20:50 - 2015-03-08 10:33 - 00000000 ____D C:\Users\hanns-robert\Downloads\usenext
2015-08-18 11:38 - 2014-09-18 21:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-18 10:19 - 2014-04-10 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-08-18 10:10 - 2014-04-10 22:43 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 21:00 - 2014-04-11 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:00 - 2009-07-14 06:33 - 00429392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 20:57 - 2011-04-12 03:29 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-14 20:57 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-14 20:53 - 2015-07-03 22:52 - 00014873 _____ C:\Users\hanns-robert\Downloads\Reiseplan ZA 2015.xlsx
2015-08-14 20:14 - 2014-04-11 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 20:13 - 2014-04-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 21:45 - 2014-04-15 21:28 - 00000000 ____D C:\Users\hanns-robert\bilder
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\Notepad++
2015-08-12 21:13 - 2014-04-26 22:41 - 00000000 ____D C:\Program Files\Notepad++
2015-08-12 20:47 - 2014-05-25 14:07 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\vlc
2015-08-12 20:33 - 2014-06-04 22:50 - 00000000 ____D C:\Users\hanns-robert\video
2015-08-12 17:10 - 2014-04-15 20:29 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 17:10 - 2014-04-15 20:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-12 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-12 16:39 - 2015-04-15 11:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 16:39 - 2014-05-06 22:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 16:05 - 2015-04-15 21:43 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-11 16:21 - 2015-04-08 16:09 - 00000000 ____D C:\Windows\system32\data
2015-08-11 15:31 - 2015-05-25 22:13 - 00000000 ____D C:\Users\hanns-robert\Downloads\print
2015-08-11 15:13 - 2014-04-13 11:37 - 00000000 ____D C:\Users\hanns-robert\linus
2015-08-10 20:41 - 2014-04-13 10:49 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-08-10 20:41 - 2014-04-13 10:49 - 00000000 ____D C:\Program Files\KeePass Password Safe 2
2015-08-05 21:39 - 2014-05-10 19:50 - 00000000 ____D C:\Users\hanns-robert\AppData\Roaming\TV-Browser
2015-08-05 11:50 - 2015-06-22 00:11 - 00000093 _____ C:\Users\hanns-robert\Desktop\links.txt

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-15 20:56 - 2014-04-15 20:56 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2015-05-03 11:55 - 2015-05-03 11:55 - 0007610 _____ () C:\Users\hanns-robert\AppData\Local\Resmon.ResmonCfg
2014-04-15 22:56 - 2014-04-15 22:56 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995

Einige Dateien in TEMP:
====================
C:\Users\hanns-robert\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-01 20:40

==================== Ende vom FRST.txt ============================
         
--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-04 20:03:15)
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Start-Modus: Normal
==========================================================


==================== Konten: =============================

admin (S-1-5-21-1148431976-1086807397-2611512696-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1148431976-1086807397-2611512696-500 - Administrator - Disabled)
Gast (S-1-5-21-1148431976-1086807397-2611512696-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1148431976-1086807397-2611512696-1002 - Limited - Enabled)
hanns-robert (S-1-5-21-1148431976-1086807397-2611512696-1000 - Administrator - Enabled) => C:\Users\hanns-robert

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Anti-Twin (Installation 02.10.2014) (HKLM\...\Anti-Twin 2014-10-02 12.49.50) (Version:  - Joerg Rosenthal, Germany)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 0.0.20.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CUEcards 2000 (HKLM\...\CUEcards 2000) (Version:  - Marcus Humann Software-Technik)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Duden Home (HKLM\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Final Draft (HKLM\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Final Draft (HKLM\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.7.184 - Final Draft, Inc.)
Free YouTube Download version 3.2.46.923 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Image Composite Editor (HKLM\...\{B29E2C62-496A-4F4F-9ED0-239FA15E1CB8}) (Version: 2.0.3 - Microsoft Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.4 Help Pack (German) (HKLM\...\{CCC30EC0-253C-4CF3-9A5D-5DE2601CD760}) (Version: 4.4.3.2 - The Document Foundation)
LibreOffice 4.4.3.2 (HKLM\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mp3tag v2.70 (HKLM\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Nuance PDF Converter Professional 8 (HKLM\...\{35D85791-82E5-443B-B051-8FD85D9D5155}) (Version: 8.10.3267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x86 (HKLM\...\{7E6CA782-AA41-4E4C-A948-232B7FD82696}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 6.50 - Philipp Winterberg)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
Scansoft PDF Professional (Version:  - ) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
TimeComX Basic (32-Bit) (HKLM\...\TimeComX Basic 32-Bit) (Version: 1.3.2.7 - Bitdreamers)
TV-Browser 3.3.3 (HKLM\...\tvbrowser) (Version: 3.3.3 - TV-Browser Team)
Twep4Word (HKLM\...\{4A053D91-95D8-42E2-9DC6-6BAA250EFEF6}) (Version: 2.0.0 - Pintexx GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplayer (HKLM\...\{89827CE5-AA89-4242-8294-CF1238D5B537}) (Version: 1.0.0.33 - D-LINK CORPORATION)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{05E7B7BB-C07B-359E-BBE4-75840AC0DC75}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1C5F6CE5-A4D6-36EF-8943-FFF2DC1DC63C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{1E5A9280-8948-30E9-A3B4-46FE260A2460}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll (D-LINK CORPORATION)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{35CC930B-6AE9-3190-BF11-D5568CFB31B7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{397F7E23-D5C5-3471-A7A0-5A327913178F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4001ED3C-6915-3607-9E11-E9C256C31518}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{4E64FE28-607C-34D5-A724-5AA3F7B78CBE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{51D240C2-930F-3CDF-978F-D8FDBAE6BD4B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{532DF24E-1732-32A2-8FD5-BB628B37C592}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{58BE98A0-BD2F-3569-A762-B8DB59D816D6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5AC266CE-2096-3C3D-AE0E-9C225E92C91F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{5FE32F50-9508-3CF5-9E7D-F40990EF6677}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{78910A5C-31FD-3A43-A4C2-E0AF103F8E5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{7DA6AAC3-DE8B-371C-85CD-9DA44DA48936}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{81844449-F2E9-3741-B170-81FBA7D062F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8342197C-FC40-3036-9C2B-3367ED383160}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{8DC91D79-68FD-3C50-BDED-74A0832E6953}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{A27B667C-DB21-3643-A491-20265D781784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AA7A8973-9BC9-335D-B2B9-1B9C245EA1EA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files\Duden\Duden Korrektor\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B0B7FB30-21B7-30A1-81F5-27B95C842ABB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{B2280F25-0EFD-3884-AE38-F7D356055E54}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BE24893C-CB61-3529-9ED7-03AC59F9C1B0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{BF30E74C-47D7-32F1-95C0-C9E71AB494EB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C027615C-6DDA-3D90-84A7-179190AF48F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C1DFFCCC-6218-3219-A120-AD500A0F3A8D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{C9223138-E681-3DD6-A571-57B02AE398E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF41E812-1AE1-332D-9FD2-1E7D0ABCE125}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{CF73B1DC-C662-3F5B-BD96-1A162AABAC23}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D604058F-0290-327D-BA2C-732FFAC723DA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{D8B0B600-3293-33B8-9C70-2C68EB83154A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{F2EBCBE9-FF20-4373-A2A7-526CD06E345F}\InprocServer32 -> C:\Users\hanns-robert\AppData\Roaming\Pintexx GmbH\Twep4Word\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1148431976-1086807397-2611512696-1000_Classes\CLSID\{FB6B7F0B-A4A7-3343-83DF-6A692FFBA0BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

04-09-2015 14:40:29 Geplanter Prüfpunkt

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0761B118-79A1-4E76-91BE-3302D3CAF0CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {3D01BD9C-980C-4C83-A5C6-80713863A444} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {80C06151-618B-41E8-9C17-97187C1FD2F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {BE0B4DB3-0094-44E0-A89B-5A41CFD14F6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C83AFC1B-8DE0-4D7F-8F80-1FFC26CD2EF5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {EDBDD5DD-7B92-4456-A5E8-86B8F9C1D6CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-08 21:12 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-15 22:47 - 2014-08-06 03:01 - 01048576 _____ () C:\Program Files\Everything\Everything.exe
2015-08-24 20:28 - 2015-08-24 20:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1148431976-1086807397-2611512696-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hanns-robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^Users^hanns-robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe                                                                                                                                                                                                    
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files\Nuance\PDF Professional 8\RegistryController.exe"                                                                                                                                                                                                      
MSCONFIG\startupreg: PDFProHook => "C:\Program Files\Nuance\PDF Professional 8\pdfpro8hook.exe"                                                                                                                                                                                                             

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{569F55E5-E4F1-4890-B6D2-54E0182D4511}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D04A8605-B5D7-41C1-8988-CA7AC65AFB30}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{4B5468E8-65B2-4C9B-97FA-B4AA3D0FB974}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{41F6B5F8-BEA1-4557-9DB2-E31FF7E04315}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{3A8C2DF6-E86E-4503-8DB2-1A9200C84C2D}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{9A6A1099-41DE-44BB-AF59-976C6D17580F}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{7882A56C-ED67-46E9-A039-CB5AB4939E52}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{26564071-D266-4553-BE97-88C2D966BA03}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{1C6B0B8F-D34F-4D4B-AEA9-30E0B89A0F44}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{3BDE1EFA-DE06-4EC3-88F4-2214C4BC4777}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{CD617E50-791F-48C6-87DE-FF12D90680B8}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{ADA8436A-2330-44A1-A8E6-788CB6D984D0}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{033BE22F-A422-4061-A2CF-E6EE742E52D2}] => (Allow) C:\Program Files\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{EF014C62-6D09-4EEA-96AF-A9247E9E9B11}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{75F1F5F1-1369-4A08-9DE3-3998C2FBFF37}] => (Allow) C:\Program Files\TV-Browser\tvbrowser.exe
FirewallRules: [{0A39FC57-F100-4E10-81BF-B20F87E34DD3}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{CD523873-ED27-454D-A7C2-3873F06F4447}] => (Allow) C:\Program Files\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{803F0232-96E2-4DF1-A53D-5692B58BCFA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5A7DEF-8953-45A8-9A6C-ABBD90493E8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C23AD7B8-731C-4559-93A5-40CC87FA681F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0E619DA5-42F0-4408-ADDA-2F14C7BE603F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E5E3FF1A-3E5B-4B15-8047-F0161348BFB4}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0486A61B-02CA-45CE-AEE1-6EF63A1E0F26}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{71C1EF93-BB5E-4F9B-9EC9-9492B2A0C0D4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1D90E857-42CC-4D31-9311-72B8E89E50F1}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{1608D51A-CFD0-4754-9968-4041BEB77EBE}] => (Allow) D:\Advanced\autorun.exe
FirewallRules: [{647677E9-56C2-4E06-A8F5-FA084693CCAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/04/2015 10:44:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0xdf4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (09/04/2015 10:44:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: PDFCore8.dll, Version: 8.0.0.70, Zeitstempel: 0x512d656e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a366c
ID des fehlerhaften Prozesses: 0xb88
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (09/04/2015 10:43:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 07:40:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 10:52:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 10:42:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 09:32:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2015 08:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 09:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 07:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (09/04/2015 09:36:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:36:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:36:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:36:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:36:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:33:22 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:33:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:33:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:33:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (09/04/2015 09:33:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 2046.43 MB
Verfügbarer physikalischer RAM: 1133.14 MB
Summe virtueller Speicher: 4092.86 MB
Verfügbarer virtueller Speicher: 3199.4 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:112.99 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (*****) (Fixed) (Total:931.51 GB) (Free:230.1 GB) NTFS
Drive f: (*****) (Fixed) (Total:931.51 GB) (Free:540.13 GB) NTFS
Drive g: (*****) (Fixed) (Total:1863.01 GB) (Free:1539.55 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 945F2211)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 873307EF)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 01808E23)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 66452DF5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         

Alt 05.09.2015, 14:56   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



Was ich empfehle tut ja nix zur Sache
ESET ist kein schlechtes AV Programm.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe

C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe

C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe

C:\Users\hanns-robert\Software\nolimits\Monsoon.exe

C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe

E:\software\FreeAudioConverter.exe

E:\software\FreeAudioDub.exe

E:\software\zaSetup_92_106_000_en.exe

E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe

G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe

G:\software\freedownloadmanager_30852.exe

G:\software\unlocker1.8.7.exe

G:\software\audio\audiograbber\agsetup183se.exe

G:\software\cam\icuii\icuii805.exe

G:\software\cam\icuii\icuii806.exe

G:\software\nolimits\Monsoon.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2015, 20:36   #9
hanns-robert
 
Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:31-08-2015
durchgeführt von hanns-robert (2015-09-05 19:07:10) Run:2
Gestartet von C:\Users\hanns-robert\Downloads\trojaner-board
Geladene Profile: hanns-robert (Verfügbare Profile: hanns-robert & admin)
Start-Modus: Normal

==============================================

fixlist Inhalt:
*****************
C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe

C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe

C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe

C:\Users\hanns-robert\Software\nolimits\Monsoon.exe

C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe

E:\software\FreeAudioConverter.exe

E:\software\FreeAudioDub.exe

E:\software\zaSetup_92_106_000_en.exe

E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe

G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe

G:\software\freedownloadmanager_30852.exe

G:\software\unlocker1.8.7.exe

G:\software\audio\audiograbber\agsetup183se.exe

G:\software\cam\icuii\icuii805.exe

G:\software\cam\icuii\icuii806.exe

G:\software\nolimits\Monsoon.exe
Emptytemp:
*****************

C:\Users\hanns-robert\Software\cam\icuii\icuii805.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\cam\icuii\icuii806.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\cd\daten_verteilen_auf_dvds_ignition.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\nolimits\Monsoon.exe => erfolgreich verschoben
C:\Users\hanns-robert\Software\tools\Unlocker1.9.1.exe => erfolgreich verschoben
E:\software\FreeAudioConverter.exe => erfolgreich verschoben
E:\software\FreeAudioDub.exe => erfolgreich verschoben
E:\software\zaSetup_92_106_000_en.exe => erfolgreich verschoben
E:\software\internet\ashampoo_clipfinder_hd_e2.18.exe => erfolgreich verschoben
G:\pc_alt\jokes\neu\opt_taeuschung\oups.exe => erfolgreich verschoben
G:\software\freedownloadmanager_30852.exe => erfolgreich verschoben
G:\software\unlocker1.8.7.exe => erfolgreich verschoben
G:\software\audio\audiograbber\agsetup183se.exe => erfolgreich verschoben
G:\software\cam\icuii\icuii805.exe => erfolgreich verschoben
G:\software\cam\icuii\icuii806.exe => erfolgreich verschoben
G:\software\nolimits\Monsoon.exe => erfolgreich verschoben
EmptyTemp: => 448.3 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende vom Fixlog 19:07:13 ====
         
Code:
ATTFilter
defogger_enable by jpshortstuff (23.02.10.1)
Log created at 19:10 on 05/09/2015 (hanns-robert)

Parsing file...


-=E.O.F=-
         
Code:
ATTFilter
# DelFix v1.011 - Datei am 05/09/2015 um 19:20:00 erstellt
# Aktualisiert am 18/08/2015 von Xplode
# Benutzer : hanns-robert - hanns-robert-PC
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\TDSSKiller.3.1.0.5_02.09.2015_00.31.54_log.txt
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #224 [Geplanter Prüfpunkt | 09/04/2015 12:40:29]
Gelöscht : RP #225 [Installed LibreOffice 5.0.1.2 | 09/04/2015 18:53:40]
Gelöscht : RP #226 [Installed LibreOffice 5.0 Help Pack (German) | 09/04/2015 19:02:46]
Gelöscht : RP #227 [Windows Update | 09/05/2015 16:43:39]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
         
ich denke mal, wir sind durch. ich sollte alles wie gewünscht gemacht haben - und die software auch. sogar die UAC ist wieder eingeschalten *heul* ;-)

dankeschön!

alles weitere steht unter Lob. :-)

Alt 06.09.2015, 08:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Notebook soll Junkmails verschicken - Standard

Windows 7: Notebook soll Junkmails verschicken



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Notebook soll Junkmails verschicken
blockiert, bonjour, converter, cpu, desktop, dnsapi.dll, firefox, flash player, homepage, iexplore.exe, installation, junkmail, launch, malware, mozilla, prozesse, registry, rundll, scan, security, software, starten, svchost.exe, system, udp, usb, verseucht?, viren, windows, windowsoft



Ähnliche Themen: Windows 7: Notebook soll Junkmails verschicken


  1. Emailadresse versendet Junkmails
    Log-Analyse und Auswertung - 05.09.2015 (21)
  2. Trojaner? Mailkonto versucht Spam zu verschicken
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (13)
  3. Anwaltschaft-Schreiben (Zu dumm um Virus zu verschicken?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2014 (6)
  4. Windows 7 Notebook friert nach Windows boot für 30-60sekunden ein
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (3)
  5. Thunderbird kann keine Mails verschicken
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (21)
  6. yahoo email-accounts verschicken spammails
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (1)
  7. Windows XP Home Edition SP2-Windows fährt runter - nach Neustart soll 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (10)
  8. selbstständiges verschicken von emails
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (26)
  9. Ich soll angeblich Spam verschicken
    Plagegeister aller Art und deren Bekämpfung - 24.09.2009 (1)
  10. E-Mails verschicken Riesen-DAtenmengen
    Log-Analyse und Auswertung - 11.09.2009 (8)
  11. services.exe und iexplorer.exe verschicken E-mails???
    Plagegeister aller Art und deren Bekämpfung - 13.12.2007 (5)
  12. Virus versucht e-mails zu verschicken
    Log-Analyse und Auswertung - 22.10.2006 (4)
  13. Virus verschicken! woher??
    Mülltonne - 11.12.2005 (2)
  14. Virus verschicken
    Antiviren-, Firewall- und andere Schutzprogramme - 22.01.2004 (9)
  15. SmS verschicken?
    Netzwerk und Hardware - 05.01.2003 (3)

Zum Thema Windows 7: Notebook soll Junkmails verschicken - hallo, habe heute einen anruf von windowsoft.net erhalten mit dem hinweis, dass mein notebook als junkmailversender identifiziert wurde. nach 30 minuten indischem englisch habe ich das gespräch abgebrochen. fakt ist - Windows 7: Notebook soll Junkmails verschicken...
Archiv
Du betrachtest: Windows 7: Notebook soll Junkmails verschicken auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.