Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.09.2015, 11:35   #1
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Hallo,

beim Betrieb mit meinem PC kommt zwischendurch die Frage ob die Datei : "js/js Mahtong" geöffnet werden soll.

Dann bekommen ca. 20-30 private Email Adressen von meinem Windows Live Mail die Email wie folgt :

"Hey!

Important message, please visit hxxp://pomodoriitalissima.com/finished.php

mein Vorname, Nachname"



Es sind in dieser Email für alle die Kontakte sichtbar welche die Email bekommen haben.

Bitte um Hilfe, danke.

Alt 28.09.2015, 11:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 28.09.2015, 21:11   #3
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:23-09-2015
durchgeführt von Martin (2015-09-28 22:04:26)
Gestartet von C:\Users\Martin\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2012-04-04 11:50:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2133417941-1419742229-307992088-500 - Administrator - Disabled)
Gast (S-1-5-21-2133417941-1419742229-307992088-501 - Limited - Enabled) => C:\Users\Gast
Gast 2 (S-1-5-21-2133417941-1419742229-307992088-1004 - Administrator - Enabled) => C:\Users\Gast 2
HomeGroupUser$ (S-1-5-21-2133417941-1419742229-307992088-1002 - Limited - Enabled)
Martin (S-1-5-21-2133417941-1419742229-307992088-1000 - Administrator - Enabled) => C:\Users\Martin
Natphimol (S-1-5-21-2133417941-1419742229-307992088-1005 - Limited - Enabled) => C:\Users\Natphimol
Papa (S-1-5-21-2133417941-1419742229-307992088-1003 - Limited - Enabled) => C:\Users\Papa

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
3D Kartenspiele - Skat Edition 1.0 (HKLM\...\{D0FA47E3-86B3-4F20-BFAA-ABC2027E56BD}_is1) (Version: 1.0 - rokapublish GmbH)
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Siedler 7 (HKLM\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
EasySaver B9.1214.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
e-Sword (HKLM\...\{319A3399-200D-4A89-BDC2-C55808D09298}) (Version: 10.03.0000 - Rick Meyers)
Etron USB3.0 Host Controller (Version: 0.104 - Etron Technology) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden
HP Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{A3875CED-8B9B-47F5-9AB9-0C36DD2D8D18}) (Version: 12.2.0.145 - Apple Inc.)
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\MyFreeCodec) (Version:  - )
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{68489672-5569-0100-5868-390287226704}\InprocServer32 -> C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll Keine Datei

==================== Wiederherstellungspunkte =========================

25-08-2015 21:01:27 Windows Update
01-09-2015 19:26:57 Windows Update
05-09-2015 13:56:01 Windows Update
08-09-2015 22:03:27 Windows Update
08-09-2015 22:39:16 Windows Update
15-09-2015 13:01:25 Windows Update
18-09-2015 23:37:55 Windows Update
22-09-2015 12:02:36 Windows Update
25-09-2015 18:21:06 Windows Update

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2013-06-14 19:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {19CFA31F-B1E0-4655-AE25-1C2C66619A01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2F78FEB5-86C1-4097-A18A-73A5D8AF0499} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2133417941-1419742229-307992088-1004
Task: {39894BB2-6F0F-403C-AF1A-DBDD8E23471F} - System32\Tasks\{AD60EFBB-F19D-4554-8BCE-D9311BCE7247} => pcalua.exe -a "G:\Programme\Outlook Express\setup50.exe" -d "G:\Programme\Outlook Express"
Task: {54A1C004-9F16-4EF3-8F9D-68719F51BF8A} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Martin) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {5FBEC40B-A11A-40B0-A4A3-73B52D960952} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {6B0CE0D7-0FBC-4873-897C-A13F783A0F47} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24] (Facebook Inc.)
Task: {9E48622B-A382-48EE-955A-1DF135654DE1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24] (Facebook Inc.)
Task: {A7DFF141-22FE-405B-B239-6161BC48C282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {C03040D1-8172-42E2-9BDF-6C3F551962C8} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D5501EE5-ACB8-4446-AF3D-428291AC34E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D72307FF-3833-4A3D-8FE6-76C8656DEFEE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2133417941-1419742229-307992088-1000
Task: {DA1B61CE-C215-4F0F-BE64-607AC9B596ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E88F4ED9-FD45-4A67-AE82-E10029385684} - System32\Tasks\Papa NBAgent 5 4 => C:\program files\nero\nero 10\nero backitup\NBAgent.exe [2010-03-26] (Nero AG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core.job => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA.job => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Martin).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-03-28 22:29 - 2013-03-28 22:29 - 00200192 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:49 - 2012-09-23 13:49 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-09-23 13:49 - 2012-09-23 13:49 - 00573440 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-04 13:53 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
2012-04-04 13:53 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL
2015-06-30 21:21 - 2015-06-30 21:21 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\dad2d239e916f2f7f092555fb65a3dab\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-06-30 21:21 - 2015-06-30 21:21 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\32d4f2be870454a47a3f38435486162a\Kies.Theme.ni.dll
2015-09-15 22:45 - 2015-09-15 22:45 - 01878016 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\6a5cacc63a560647ed6c850a0844949c\Kies.UI.ni.dll
2015-06-30 21:21 - 2015-06-30 21:21 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\3f5a116b152b170b6d73db31c1fd0449\Kies.MVVM.ni.dll
2014-10-17 10:24 - 2014-10-17 10:24 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6815ff93472d008087880a6462931188\ASF_cSharpAPI.ni.dll
2013-03-28 22:29 - 2013-03-28 22:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-01-17 16:19 - 2012-05-05 15:13 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Martin\Desktop\fiasko.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Martin\Desktop\fiasko.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{EF121BFC-0F32-421F-AC12-536957B7A85A}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C128875D-013A-42AB-81D5-1148434FD8B3}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD9.EXE
FirewallRules: [{131F4C89-4F50-4E4E-8BB3-8E594C96B857}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8BE1E243-96E0-4CC5-AF51-58E44FA8586F}] => (Allow) LPort=2869
FirewallRules: [{E71C4FB6-0B93-4568-9AFB-0E1CB72DD590}] => (Allow) LPort=1900
FirewallRules: [{B6C8FCEE-7ED2-4EE8-AC1B-4409831A4B48}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D82C6D8E-F9BF-4C82-B710-BBAF6457BC85}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{48D22570-0C59-4DF2-AA9B-A9BD082072E6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7078D6B8-37D4-4E1F-A3C9-0A8BAF6DB2C7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1490937B-9918-4D86-803F-0F43AC4F0517}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AACC85F0-FE15-4C41-AC28-773AC009556C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F31EE4BF-63D6-4EA0-8624-5C18CB58D4EF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{2BB41EAB-4A95-47CA-9CFD-331A26DD3836}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D6429DDB-A808-47DF-AD6C-1C839122C420}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{6205A7AC-56B7-44B0-B6F6-B9CDC4F35050}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{EFD26E93-7767-47F1-AA2F-8820A613B29A}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{2BAD32B3-8587-44FA-B800-7568DAAA74A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD86E6DA-C466-41D5-874B-2DDCB614FED7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{9DE85800-5E0B-4DC8-A28A-6583AAEB5761}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{EC5B4E84-D7E7-437E-8DEC-B77B9B07C096}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{0F6177BA-581F-45F0-ADC1-2FF3DD1B0CE2}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{860C22F2-34C9-4D30-AB93-FEDE98CBEC5F}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{7A2EB3F2-5A90-4A93-8CB6-D0B3FAA06C89}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{0429DEFE-1DE7-4818-81ED-3EF443931911}C:\users\natphimol\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\natphimol\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{62F5235F-4CDC-4A1B-8804-312A3D33013B}C:\users\natphimol\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\natphimol\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{E9594016-CE0A-4E2E-86FA-5AD3266CA215}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{04D7C2CA-E6A6-4DB7-A15E-9016451DB145}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F5AA1A4D-3B94-4B9C-8449-8582C3BCEEE5}] => (Allow) C:\Program Files\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{6D573373-0D20-4BEB-B815-77A2640AE204}] => (Allow) C:\Program Files\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{C4AD84C1-790E-427C-BF71-8EE2EC659431}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C9B1008A-7FC8-4E80-98F4-C1B23F0C5B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/28/2015 10:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 02:20:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2015 01:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXDetector.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945703
Name des fehlerhaften Moduls: GWXDetector.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945703
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c305
ID des fehlerhaften Prozesses: 0x154c
Startzeit der fehlerhaften Anwendung: 0xGWXDetector.exe0
Pfad der fehlerhaften Anwendung: GWXDetector.exe1
Pfad des fehlerhaften Moduls: GWXDetector.exe2
Berichtskennung: GWXDetector.exe3

Error: (09/28/2015 01:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/27/2015 06:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 06:26:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2015 10:37:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXDetector.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945703
Name des fehlerhaften Moduls: GWXDetector.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945703
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c305
ID des fehlerhaften Prozesses: 0x1510
Startzeit der fehlerhaften Anwendung: 0xGWXDetector.exe0
Pfad der fehlerhaften Anwendung: GWXDetector.exe1
Pfad des fehlerhaften Moduls: GWXDetector.exe2
Berichtskennung: GWXDetector.exe3

Error: (09/27/2015 10:33:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2015 03:53:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.18015 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ffc

Startzeit: 01d0f85817dea7f5

Endzeit: 0

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:


Systemfehler:
=============
Error: (09/28/2015 03:21:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (09/28/2015 03:21:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (09/28/2015 01:39:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/28/2015 01:39:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/27/2015 06:44:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/27/2015 06:44:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/27/2015 06:44:32 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/27/2015 06:44:31 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/27/2015 06:40:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (09/27/2015 06:40:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 3325.23 MB
Verfügbarer physikalischer RAM: 2383.36 MB
Summe virtueller Speicher: 6648.77 MB
Verfügbarer virtueller Speicher: 5612.61 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:334.75 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0009A0C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
durchgeführt von Martin (Administrator) auf MARTIN-PC (28-09-2015 22:03:26)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin & Papa & Gast 2 & Natphimol & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll Keine Datei
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-05-05]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Natphimol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-05-14]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-08-30]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{773459D0-783F-4BF8-91C0-9C473D5298BB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {1D524249-0171-476E-B159-E30154D509AD} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {AE1EB930-1F9C-4649-8F59-BA2F9A03D6B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {DAA24761-96F3-47F0-83F5-02E3EB434119} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {EE94B913-A440-4251-BFE6-0F1ABA012C11} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-25] (Oracle Corporation)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2133417941-1419742229-307992088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2133417941-1419742229-307992088-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-30] ()

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-30]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-30]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [Datei ist nicht signiert]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [44928 2011-07-29] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64256 2011-07-29] (Etron Technology Inc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [Datei ist nicht signiert]
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-09-28] (Windows (R) 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Martin\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-28 22:03 - 2015-09-28 22:03 - 00016080 _____ C:\Users\Martin\Desktop\FRST.txt
2015-09-28 22:02 - 2015-09-28 22:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{F01A94AF-A6E7-4325-BDB6-307A25F24F0E}
2015-09-26 14:07 - 2015-09-26 14:07 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{8BBB6791-64D4-47E4-9F4D-EC3DFDCA1EBD}
2015-09-26 14:05 - 2015-09-26 14:05 - 00166816 _____ C:\Windows\Minidump\092615-32573-01.dmp
2015-09-25 18:29 - 2015-09-25 18:29 - 01695744 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2015-09-25 18:24 - 2015-09-25 18:49 - 00000000 ____D C:\Users\Martin\Desktop\Virus
2015-09-24 19:33 - 2015-09-24 19:33 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{4C95E2AF-49F7-4BD8-A6CC-86C4BF20CC62}
2015-09-23 20:06 - 2015-09-23 20:06 - 00641064 _____ C:\Windows\Minidump\092315-35942-01.dmp
2015-09-21 21:43 - 2015-09-21 21:44 - 00000000 ____D C:\Users\Martin\AppData\Local\{C91F9742-E299-4E1F-BD42-594F836A1AED}
2015-09-21 13:10 - 2015-09-21 13:10 - 00000000 ____D C:\Users\Papa\AppData\Local\{FE6DE9CE-1DCF-4229-B75D-8883AD3A9744}
2015-09-20 10:18 - 2015-09-20 10:19 - 00000752 _____ C:\Users\Martin\Desktop\Problem PC 20.09.2015.txt
2015-09-20 10:16 - 2015-09-20 10:16 - 01133296 _____ C:\Windows\Minidump\092015-24414-01.dmp
2015-09-19 14:37 - 2015-09-19 14:38 - 00000000 ____D C:\Users\Martin\AppData\Local\{A811A925-8A41-41BC-85FD-E9783564ACC9}
2015-09-18 19:41 - 2015-09-18 19:41 - 00000000 ____D C:\Users\Martin\AppData\Local\{53DCEBD8-D090-4C97-B261-AB2795BE247D}
2015-09-16 21:56 - 2015-09-16 21:57 - 00000000 ____D C:\Users\Martin\AppData\Local\{8BA8BAA1-7716-4B99-9705-0DC667683A57}
2015-09-15 23:18 - 2015-09-15 23:18 - 00001210 _____ C:\Users\Martin\Desktop\150915.txt
2015-09-14 18:01 - 2015-09-14 18:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{5FF0EE74-9718-4673-B93F-6ADD265939ED}
2015-09-13 20:47 - 2015-09-13 20:47 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{D0F7DCE4-82D5-447F-B50F-12A9D5ADC16A}
2015-09-13 14:41 - 2015-09-13 14:41 - 00000000 ____D C:\Users\Martin\AppData\Local\{9577156D-B7A1-43D6-BE9C-0A1D52D13832}
2015-09-12 16:53 - 2015-09-12 16:53 - 00000000 ____D C:\Users\Martin\AppData\Local\{44BAA058-A725-4034-AB2B-7EBD7B5EA559}
2015-09-12 14:49 - 2015-09-12 14:50 - 00000000 ____D C:\Users\Papa\AppData\Local\{7272F3D3-E445-4B88-AC73-6746CE3EF366}
2015-09-09 19:48 - 2015-09-09 19:48 - 00000000 ____D C:\Users\Papa\AppData\Local\{8A911815-9B2D-4575-87B7-A6597D9C0CE4}
2015-09-08 22:08 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 22:08 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 22:08 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 22:08 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 22:08 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 22:08 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 22:08 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 22:08 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 22:08 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 22:08 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 22:08 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 22:08 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 22:08 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 22:08 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 22:08 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 22:08 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 22:08 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 22:08 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 22:08 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 22:08 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 22:08 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 22:08 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 22:08 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 22:08 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 22:08 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 22:08 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 22:08 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 22:08 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 22:08 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 22:08 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 22:08 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 22:08 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 22:08 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 22:08 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 22:08 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 22:08 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 22:08 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 22:08 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 22:08 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 22:08 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 22:08 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 22:08 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 22:08 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 22:08 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 22:08 - 2015-08-05 19:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 22:08 - 2015-08-04 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 22:08 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 22:08 - 2015-08-04 19:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 22:08 - 2015-08-04 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 22:08 - 2015-08-04 19:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 22:08 - 2015-08-04 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 22:08 - 2015-07-22 19:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-08 22:08 - 2015-07-22 19:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 22:08 - 2015-07-22 19:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 22:08 - 2015-07-22 19:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 22:08 - 2015-07-22 19:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 22:08 - 2015-07-22 19:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 22:08 - 2015-07-22 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 22:08 - 2015-07-22 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 22:08 - 2015-07-22 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 22:08 - 2015-07-22 19:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 22:08 - 2015-07-22 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 22:08 - 2015-07-22 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 22:08 - 2015-07-22 19:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 22:08 - 2015-07-22 19:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 22:08 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 22:08 - 2015-07-22 18:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 22:08 - 2015-07-22 18:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 22:08 - 2015-07-22 18:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 22:08 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 22:08 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 22:06 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 22:06 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 22:06 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 22:06 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 22:06 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 22:06 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 22:06 - 2015-06-25 11:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 22:06 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 22:06 - 2015-06-25 11:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 21:58 - 2015-09-08 21:58 - 00000000 ____D C:\Users\Martin\AppData\Local\{D2FAE400-E707-4FE8-8DDD-CAE79CB92CBD}
2015-09-07 13:05 - 2015-09-07 13:05 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{25A18B41-C5A3-44B9-BE58-4A2CB2A52E0B}
2015-09-05 13:55 - 2015-09-05 13:56 - 00000000 ____D C:\Users\Martin\AppData\Local\{C7277FE6-0201-478A-9FA3-BF867C5D4498}
2015-09-05 13:55 - 2015-09-05 13:55 - 00000000 ____D C:\Users\Martin\AppData\Local\{22F21C48-AFCC-41D0-8846-286130912270}
2015-08-31 21:01 - 2015-08-31 21:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{55500206-CCBA-460F-BB2B-09BDB84EEDC9}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-28 22:03 - 2013-03-26 21:36 - 00000000 ____D C:\FRST
2015-09-28 22:01 - 2012-04-04 15:50 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-28 22:01 - 2012-04-04 14:01 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-09-28 22:01 - 2012-04-04 13:53 - 00000144 _____ C:\service.log
2015-09-28 22:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-28 22:01 - 2009-07-14 06:39 - 00187693 _____ C:\Windows\setupact.log
2015-09-28 16:24 - 2012-04-04 13:40 - 01086962 _____ C:\Windows\WindowsUpdate.log
2015-09-28 15:51 - 2012-04-04 15:50 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-28 15:37 - 2012-04-04 20:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-28 15:21 - 2014-04-24 15:16 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA.job
2015-09-28 15:21 - 2014-04-24 15:16 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core.job
2015-09-28 14:27 - 2009-07-14 06:34 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-28 14:27 - 2009-07-14 06:34 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-28 14:19 - 2015-06-12 20:47 - 00000000 ___RD C:\Users\Natphimol\iCloudDrive
2015-09-27 18:25 - 2012-04-05 14:39 - 00000000 ____D C:\Users\Papa\AppData\Local\Google
2015-09-27 11:31 - 2013-05-01 16:53 - 00000000 ____D C:\Users\Natphimol\AppData\Local\Google
2015-09-27 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-26 14:05 - 2012-04-24 19:47 - 334396311 _____ C:\Windows\MEMORY.DMP
2015-09-26 14:05 - 2012-04-24 19:47 - 00000000 ____D C:\Windows\Minidump
2015-09-23 13:37 - 2012-04-04 20:25 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-23 13:37 - 2012-04-04 20:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 14:41 - 2012-05-19 16:01 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Apple Computer
2015-09-17 14:34 - 2010-11-20 23:48 - 00826030 _____ C:\Windows\PFRO.log
2015-09-15 23:17 - 2015-07-14 23:17 - 00000368 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Martin).job
2015-09-15 22:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-15 22:25 - 2014-07-26 13:30 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-15 22:24 - 2014-07-26 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-15 22:24 - 2014-07-26 13:30 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-09-15 22:24 - 2012-04-04 14:09 - 00001060 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-09 10:52 - 2010-11-20 23:01 - 00006292 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 10:46 - 2009-07-14 06:33 - 00286992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 10:44 - 2011-04-12 03:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 10:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-09-08 22:45 - 2013-08-15 10:32 - 00000000 ____D C:\Windows\system32\MRT
2015-09-03 19:10 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-07-05 21:28 - 2012-07-05 21:28 - 0005632 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-07 09:46 - 2012-04-07 13:44 - 0000711 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\Gast 2\AppData\Local\temp\WEB.DE_Toolbar_IE_Setup.exe
C:\Users\Gast 2\AppData\Local\temp\webde_onlinespeicher_setup_a201412.exe
C:\Users\Martin\AppData\Local\temp\AskSLib.dll
C:\Users\Martin\AppData\Local\temp\Execute2App.exe
C:\Users\Martin\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Martin\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Martin\AppData\Local\temp\jre-8u51-windows-au.exe
C:\Users\Martin\AppData\Local\temp\Kies2RemoveAll.exe
C:\Users\Martin\AppData\Local\temp\msvcp90.dll
C:\Users\Martin\AppData\Local\temp\msvcr90.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-02 21:30

==================== Ende vom FRST.txt ============================
         
__________________

Alt 29.09.2015, 19:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2015, 21:21   #5
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.09.29.06
  rootkit: v2015.09.22.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18015
Martin :: MARTIN-PC [administrator]

29.09.2015 21:25:42
mbar-log-2015-09-29 (21-25-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 536531
Time elapsed: 45 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKU\S-1-5-21-2133417941-1419742229-307992088-1003_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [d2d87db8e4a754e237fd15ec6f91a858]
HKU\S-1-5-21-2133417941-1419742229-307992088-1003_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.ZAccess) -> Delete on reboot. [28820a2bfe8d53e3e7b76372996ba65a]

Registry Values Detected: 1
HKU\S-1-5-21-2133417941-1419742229-307992088-1003_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.ZAccess) -> Data: C:\$Recycle.Bin\S-1-5-21-2133417941-1419742229-307992088-1003\$cafa63bdef4d71208049fc9a2050f4cd\n. -> Delete on reboot. [28820a2bfe8d53e3e7b76372996ba65a]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Die andere Log folgt morgen/übermorgen,...


Alt 30.09.2015, 19:33   #6
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



ok
__________________
--> mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"

Alt 30.09.2015, 21:16   #7
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Code:
ATTFilter
22:13:11.0966 0x157c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
22:13:18.0426 0x157c  ============================================================
22:13:18.0426 0x157c  Current date / time: 2015/09/30 22:13:18.0426
22:13:18.0426 0x157c  SystemInfo:
22:13:18.0426 0x157c  
22:13:18.0426 0x157c  OS Version: 6.1.7601 ServicePack: 1.0
22:13:18.0426 0x157c  Product type: Workstation
22:13:18.0426 0x157c  ComputerName: MARTIN-PC
22:13:18.0426 0x157c  UserName: Martin
22:13:18.0426 0x157c  Windows directory: C:\Windows
22:13:18.0426 0x157c  System windows directory: C:\Windows
22:13:18.0426 0x157c  Processor architecture: Intel x86
22:13:18.0426 0x157c  Number of processors: 4
22:13:18.0426 0x157c  Page size: 0x1000
22:13:18.0426 0x157c  Boot type: Normal boot
22:13:18.0426 0x157c  ============================================================
22:13:19.0781 0x157c  KLMD registered as C:\Windows\system32\drivers\62852613.sys
22:13:20.0251 0x157c  System UUID: {DF7F410A-448C-A71D-F58B-4901273FD3C9}
22:13:20.0721 0x157c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:13:20.0731 0x157c  ============================================================
22:13:20.0731 0x157c  \Device\Harddisk0\DR0:
22:13:20.0731 0x157c  MBR partitions:
22:13:20.0731 0x157c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:13:20.0731 0x157c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:13:20.0731 0x157c  ============================================================
22:13:20.0811 0x157c  C: <-> \Device\Harddisk0\DR0\Partition2
22:13:20.0851 0x157c  ============================================================
22:13:20.0851 0x157c  Initialize success
22:13:20.0851 0x157c  ============================================================
22:14:29.0307 0x0890  ============================================================
22:14:29.0307 0x0890  Scan started
22:14:29.0307 0x0890  Mode: Manual; SigCheck; TDLFS; 
22:14:29.0307 0x0890  ============================================================
22:14:29.0307 0x0890  KSN ping started
22:14:31.0984 0x0890  KSN ping finished: true
22:14:33.0372 0x0890  ================ Scan system memory ========================
22:14:33.0372 0x0890  System memory - ok
22:14:33.0382 0x0890  ================ Scan services =============================
22:14:33.0862 0x0890  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:14:33.0922 0x0890  1394ohci - ok
22:14:33.0952 0x0890  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:14:33.0972 0x0890  ACPI - ok
22:14:33.0982 0x0890  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:14:34.0002 0x0890  AcpiPmi - ok
22:14:34.0162 0x0890  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:14:34.0172 0x0890  AdobeARMservice - ok
22:14:34.0262 0x0890  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:14:34.0272 0x0890  AdobeFlashPlayerUpdateSvc - ok
22:14:34.0302 0x0890  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:14:34.0312 0x0890  adp94xx - ok
22:14:34.0322 0x0890  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:14:34.0332 0x0890  adpahci - ok
22:14:34.0352 0x0890  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:14:34.0362 0x0890  adpu320 - ok
22:14:34.0402 0x0890  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:14:34.0432 0x0890  AeLookupSvc - ok
22:14:34.0512 0x0890  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
22:14:34.0562 0x0890  AFD - ok
22:14:34.0562 0x0890  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:14:34.0572 0x0890  agp440 - ok
22:14:34.0602 0x0890  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:14:34.0612 0x0890  aic78xx - ok
22:14:34.0682 0x0890  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
22:14:34.0712 0x0890  ALG - ok
22:14:34.0752 0x0890  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:14:34.0772 0x0890  aliide - ok
22:14:34.0832 0x0890  [ 17806DC9487A0731F82D7B81A2C3287C, 52C7767DE29EAE1EBE252D51C5FAAD9B0F90286311D72D9B5BCD458165694AD5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:14:34.0872 0x0890  AMD External Events Utility - ok
22:14:34.0912 0x0890  AMD FUEL Service - ok
22:14:34.0932 0x0890  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:14:34.0982 0x0890  amdagp - ok
22:14:35.0052 0x0890  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:14:35.0072 0x0890  amdide - ok
22:14:35.0092 0x0890  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:14:35.0102 0x0890  AmdK8 - ok
22:14:35.0364 0x0890  [ 1FDC2B137008627BD11195706231EEF6, B93F675591B5DBE25FAD5BE694DFFB7171AD38C89EA7EBEAC48AF87A7308E3D9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:14:35.0678 0x0890  amdkmdag - ok
22:14:35.0718 0x0890  [ 5FF6ADC3DE4FFF320FFB1DD53850602F, 32EB51EDD43F1BE4561A9E4C42B7C06DBD38DCCB23F35055961F97F646F1834F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:14:35.0738 0x0890  amdkmdap - ok
22:14:35.0768 0x0890  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:14:35.0778 0x0890  AmdPPM - ok
22:14:35.0798 0x0890  [ 04B2587C961C084634054D60D3EB385B, D7237C3894FE76FEB5CCD2D898A62165A9A13AABD209E1576B6C9225927EB63D ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
22:14:35.0808 0x0890  amdsata - ok
22:14:35.0838 0x0890  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:14:35.0878 0x0890  amdsbs - ok
22:14:35.0888 0x0890  [ C078B06811670B90A52AE51AC3808E1E, 2E16C376361FC42D079A95DC49A1ABCE2639B3FFF80D46C18A0559FE37E4904E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:14:35.0898 0x0890  amdxata - ok
22:14:35.0968 0x0890  [ 2F8616646215EEDB28C2E40994DB8E38, CD8F58FF13896500367DC3179D60A8DFA5DD17D371664B643E4FDC2C9EA697D0 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
22:14:36.0008 0x0890  androidusb - ok
22:14:36.0028 0x0890  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF, 2194C4323081E30E93DCA3602F276CBD6BE25256094E62332FA03B397962CE28 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
22:14:36.0055 0x0890  AODDriver4.2 - ok
22:14:36.0105 0x0890  [ C532028F7EFF8831BE6B5E3C417E07FA, 9D3C91F4DE0456F2BD4BAB044A3281F895A8EBF259F15E3BA6299965F5B8ABED ] AppID           C:\Windows\system32\drivers\appid.sys
22:14:36.0155 0x0890  AppID - ok
22:14:36.0215 0x0890  [ 7A152F43A6B25D63D1279511258FE381, 416B592DAB9ECA4AEBD336F35AC622FA240E229F31BFB52E6084BAA48CC6F397 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:14:36.0255 0x0890  AppIDSvc - ok
22:14:36.0285 0x0890  [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo         C:\Windows\System32\appinfo.dll
22:14:36.0325 0x0890  Appinfo - ok
22:14:36.0395 0x0890  [ 2F2BD5EFFA8E91295F4DB493D85534B5, FF6758DC06751028960C9A165767EDAD78B2868599D1A01CAC8108E1699A92DE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:14:36.0415 0x0890  Apple Mobile Device - ok
22:14:36.0475 0x0890  [ E592751036C1D0A74EC3E57302A03745, CDFC146BE505672C166C3497BB5AF27FA0DF5290AB2705157B6352A6CE972D43 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
22:14:36.0495 0x0890  AppleCharger - ok
22:14:36.0525 0x0890  [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
22:14:36.0545 0x0890  AppleChargerSrv - ok
22:14:36.0605 0x0890  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
22:14:36.0635 0x0890  arc - ok
22:14:36.0635 0x0890  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:14:36.0645 0x0890  arcsas - ok
22:14:36.0755 0x0890  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:14:36.0795 0x0890  aspnet_state - ok
22:14:36.0815 0x0890  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:14:36.0845 0x0890  AsyncMac - ok
22:14:36.0875 0x0890  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:14:36.0885 0x0890  atapi - ok
22:14:36.0915 0x0890  [ 9E65DC266E8289116790599DD7D69087, DB84BD9F88878248D05C6DBCC61D701B296BEE154B9CCF2FF9F1EADE84CE6F10 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
22:14:36.0935 0x0890  AtiHDAudioService - ok
22:14:37.0005 0x0890  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:14:37.0088 0x0890  AudioEndpointBuilder - ok
22:14:37.0108 0x0890  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:14:37.0128 0x0890  Audiosrv - ok
22:14:37.0218 0x0890  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:14:37.0248 0x0890  AxInstSV - ok
22:14:37.0278 0x0890  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
22:14:37.0308 0x0890  b06bdrv - ok
22:14:37.0338 0x0890  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:14:37.0368 0x0890  b57nd60x - ok
22:14:37.0438 0x0890  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
22:14:37.0478 0x0890  BDESVC - ok
22:14:37.0578 0x0890  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:14:37.0618 0x0890  Beep - ok
22:14:37.0678 0x0890  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
22:14:37.0718 0x0890  BFE - ok
22:14:37.0748 0x0890  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
22:14:37.0768 0x0890  BITS - ok
22:14:37.0788 0x0890  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:14:37.0798 0x0890  blbdrive - ok
22:14:37.0848 0x0890  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:14:37.0858 0x0890  Bonjour Service - ok
22:14:37.0878 0x0890  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:14:37.0888 0x0890  bowser - ok
22:14:37.0898 0x0890  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:14:37.0918 0x0890  BrFiltLo - ok
22:14:37.0928 0x0890  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:14:37.0938 0x0890  BrFiltUp - ok
22:14:37.0998 0x0890  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:14:38.0068 0x0890  BridgeMP - ok
22:14:38.0100 0x0890  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
22:14:38.0120 0x0890  Browser - ok
22:14:38.0130 0x0890  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:14:38.0160 0x0890  Brserid - ok
22:14:38.0170 0x0890  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:14:38.0180 0x0890  BrSerWdm - ok
22:14:38.0200 0x0890  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:14:38.0210 0x0890  BrUsbMdm - ok
22:14:38.0220 0x0890  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:14:38.0230 0x0890  BrUsbSer - ok
22:14:38.0230 0x0890  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:14:38.0250 0x0890  BTHMODEM - ok
22:14:38.0280 0x0890  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
22:14:38.0350 0x0890  bthserv - ok
22:14:38.0640 0x0890  catchme - ok
22:14:38.0670 0x0890  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:14:38.0740 0x0890  cdfs - ok
22:14:38.0760 0x0890  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:14:38.0770 0x0890  cdrom - ok
22:14:38.0830 0x0890  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:14:38.0880 0x0890  CertPropSvc - ok
22:14:38.0890 0x0890  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:14:38.0910 0x0890  circlass - ok
22:14:38.0960 0x0890  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
22:14:38.0970 0x0890  CLFS - ok
22:14:39.0150 0x0890  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:14:39.0180 0x0890  clr_optimization_v2.0.50727_32 - ok
22:14:39.0240 0x0890  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:14:39.0270 0x0890  clr_optimization_v4.0.30319_32 - ok
22:14:39.0290 0x0890  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:14:39.0310 0x0890  CmBatt - ok
22:14:39.0340 0x0890  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:14:39.0350 0x0890  cmdide - ok
22:14:39.0450 0x0890  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
22:14:39.0490 0x0890  CNG - ok
22:14:39.0500 0x0890  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:14:39.0510 0x0890  Compbatt - ok
22:14:39.0530 0x0890  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:14:39.0550 0x0890  CompositeBus - ok
22:14:39.0560 0x0890  COMSysApp - ok
22:14:40.0020 0x0890  cpuz135 - ok
22:14:40.0040 0x0890  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:14:40.0060 0x0890  crcdisk - ok
22:14:40.0145 0x0890  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:14:40.0215 0x0890  CryptSvc - ok
22:14:40.0245 0x0890  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:14:40.0275 0x0890  DcomLaunch - ok
22:14:40.0305 0x0890  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
22:14:40.0325 0x0890  defragsvc - ok
22:14:40.0345 0x0890  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:14:40.0365 0x0890  DfsC - ok
22:14:40.0435 0x0890  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:14:40.0455 0x0890  Dhcp - ok
22:14:40.0595 0x0890  [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack       C:\Windows\system32\diagtrack.dll
22:14:40.0635 0x0890  DiagTrack - ok
22:14:40.0645 0x0890  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
22:14:40.0675 0x0890  discache - ok
22:14:40.0715 0x0890  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
22:14:40.0745 0x0890  Disk - ok
22:14:40.0785 0x0890  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:14:40.0825 0x0890  Dnscache - ok
22:14:40.0865 0x0890  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:14:40.0925 0x0890  dot3svc - ok
22:14:40.0965 0x0890  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:14:40.0985 0x0890  Dot4 - ok
22:14:41.0015 0x0890  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:14:41.0035 0x0890  Dot4Print - ok
22:14:41.0055 0x0890  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:14:41.0075 0x0890  dot4usb - ok
22:14:41.0085 0x0890  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
22:14:41.0120 0x0890  DPS - ok
22:14:41.0150 0x0890  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:14:41.0160 0x0890  drmkaud - ok
22:14:41.0250 0x0890  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:14:41.0280 0x0890  DXGKrnl - ok
22:14:41.0290 0x0890  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
22:14:41.0320 0x0890  EapHost - ok
22:14:41.0430 0x0890  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
22:14:41.0550 0x0890  ebdrv - ok
22:14:41.0580 0x0890  [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] EFS             C:\Windows\System32\lsass.exe
22:14:41.0590 0x0890  EFS - ok
22:14:41.0720 0x0890  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:14:41.0760 0x0890  ehRecvr - ok
22:14:41.0770 0x0890  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
22:14:41.0780 0x0890  ehSched - ok
22:14:41.0810 0x0890  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:14:41.0830 0x0890  elxstor - ok
22:14:41.0840 0x0890  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:14:41.0860 0x0890  ErrDev - ok
22:14:41.0900 0x0890  [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
22:14:41.0910 0x0890  ES lite Service - ok
22:14:41.0950 0x0890  [ 1E478A9ED0DC626ABEFC29EF8A02F46F, C4336AC5EC782B7E1D3B5E19B235DB59D9F04250CFBE4D6461DED37F65BD616A ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
22:14:41.0970 0x0890  EtronHub3 - ok
22:14:41.0990 0x0890  [ 95B46DACC254A3CB98C81C3D794C5A62, 348CAD97EEBB2455F9A9732565F341DDBA04D82377AF89AE83FA8844F6A49155 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
22:14:42.0000 0x0890  EtronXHCI - ok
22:14:42.0030 0x0890  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
22:14:42.0070 0x0890  EventSystem - ok
22:14:42.0090 0x0890  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:14:42.0130 0x0890  exfat - ok
22:14:42.0150 0x0890  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:14:42.0180 0x0890  fastfat - ok
22:14:42.0210 0x0890  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
22:14:42.0240 0x0890  Fax - ok
22:14:42.0260 0x0890  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
22:14:42.0290 0x0890  fdc - ok
22:14:42.0300 0x0890  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
22:14:42.0360 0x0890  fdPHost - ok
22:14:42.0370 0x0890  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:14:42.0400 0x0890  FDResPub - ok
22:14:42.0420 0x0890  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:14:42.0430 0x0890  FileInfo - ok
22:14:42.0440 0x0890  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:14:42.0460 0x0890  Filetrace - ok
22:14:42.0490 0x0890  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:14:42.0490 0x0890  flpydisk - ok
22:14:42.0520 0x0890  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:14:42.0530 0x0890  FltMgr - ok
22:14:42.0630 0x0890  [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache       C:\Windows\system32\FntCache.dll
22:14:42.0680 0x0890  FontCache - ok
22:14:42.0730 0x0890  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:14:42.0760 0x0890  FontCache3.0.0.0 - ok
22:14:42.0780 0x0890  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:14:42.0810 0x0890  FsDepends - ok
22:14:42.0850 0x0890  [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:14:42.0860 0x0890  fssfltr - ok
22:14:42.0950 0x0890  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:14:43.0000 0x0890  fsssvc - ok
22:14:43.0060 0x0890  [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
22:14:43.0070 0x0890  FsUsbExDisk - detected UnsignedFile.Multi.Generic ( 1 )
22:14:45.0765 0x0890  Detect skipped due to KSN trusted
22:14:45.0765 0x0890  FsUsbExDisk - ok
22:14:45.0835 0x0890  [ 0796C1E47ADB9825269E64B9DAB4E741, A9E476278428824FAE8B63B2B2CAC683EABD28E5B514925F6379593CB6CAB968 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
22:14:45.0875 0x0890  FsUsbExService - detected UnsignedFile.Multi.Generic ( 1 )
22:14:48.0633 0x0890  Detect skipped due to KSN trusted
22:14:48.0633 0x0890  FsUsbExService - ok
22:14:48.0683 0x0890  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:14:48.0713 0x0890  Fs_Rec - ok
22:14:48.0773 0x0890  [ 79B4CDE2B69ED8BA4011859780A66A4D, D2572B737232F8FDD46A811FF69D8DAE4AAD4D2FA47507D78C0C54BF01C4CC4A ] Futuremark SystemInfo Service C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
22:14:48.0803 0x0890  Futuremark SystemInfo Service - ok
22:14:48.0893 0x0890  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:14:48.0943 0x0890  fvevol - ok
22:14:48.0973 0x0890  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:14:48.0993 0x0890  gagp30kx - ok
22:14:49.0053 0x0890  [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\Windows\gdrv.sys
22:14:49.0073 0x0890  gdrv - ok
22:14:49.0103 0x0890  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:14:49.0133 0x0890  GEARAspiWDM - ok
22:14:49.0173 0x0890  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:14:49.0225 0x0890  gpsvc - ok
22:14:49.0298 0x0890  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:14:49.0328 0x0890  gupdate - ok
22:14:49.0348 0x0890  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:14:49.0378 0x0890  gupdatem - ok
22:14:49.0398 0x0890  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:14:49.0408 0x0890  gusvc - ok
22:14:49.0438 0x0890  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:14:49.0458 0x0890  hcw85cir - ok
22:14:49.0518 0x0890  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:14:49.0548 0x0890  HdAudAddService - ok
22:14:49.0568 0x0890  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:14:49.0578 0x0890  HDAudBus - ok
22:14:49.0598 0x0890  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:14:49.0608 0x0890  HidBatt - ok
22:14:49.0618 0x0890  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:14:49.0638 0x0890  HidBth - ok
22:14:49.0648 0x0890  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:14:49.0658 0x0890  HidIr - ok
22:14:49.0668 0x0890  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
22:14:49.0708 0x0890  hidserv - ok
22:14:49.0728 0x0890  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:14:49.0748 0x0890  HidUsb - ok
22:14:49.0758 0x0890  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:14:49.0798 0x0890  hkmsvc - ok
22:14:49.0808 0x0890  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:14:49.0818 0x0890  HomeGroupListener - ok
22:14:49.0848 0x0890  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:14:49.0868 0x0890  HomeGroupProvider - ok
22:14:49.0878 0x0890  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:14:49.0888 0x0890  HpSAMD - ok
22:14:49.0938 0x0890  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:14:49.0948 0x0890  HTTP - ok
22:14:49.0958 0x0890  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:14:49.0968 0x0890  hwpolicy - ok
22:14:49.0988 0x0890  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:14:49.0998 0x0890  i8042prt - ok
22:14:50.0028 0x0890  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:14:50.0038 0x0890  iaStorV - ok
22:14:50.0128 0x0890  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:14:50.0198 0x0890  idsvc - ok
22:14:50.0243 0x0890  IEEtwCollectorService - ok
22:14:50.0283 0x0890  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:14:50.0303 0x0890  iirsp - ok
22:14:50.0433 0x0890  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:14:50.0463 0x0890  IKEEXT - ok
22:14:50.0673 0x0890  [ 4B8D05BD842D634DC138AFDB1325172E, C38490A259350A4C0D585D569447E56F2672BC5ED65E7F4709E99DE3B851EC01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:14:50.0783 0x0890  IntcAzAudAddService - ok
22:14:50.0803 0x0890  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:14:50.0813 0x0890  intelide - ok
22:14:50.0823 0x0890  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\drivers\intelppm.sys
22:14:50.0843 0x0890  intelppm - ok
22:14:50.0853 0x0890  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:14:50.0873 0x0890  IPBusEnum - ok
22:14:50.0873 0x0890  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:14:50.0903 0x0890  IpFilterDriver - ok
22:14:50.0963 0x0890  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:14:51.0003 0x0890  iphlpsvc - ok
22:14:51.0013 0x0890  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:14:51.0023 0x0890  IPMIDRV - ok
22:14:51.0043 0x0890  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:14:51.0063 0x0890  IPNAT - ok
22:14:51.0113 0x0890  [ A57BECE88A5B8D6861BBE48B08474832, 04723C93AB1CF66C7B1FE274F3168B1B8C655453D4596C490A06AC4090BB0A32 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:14:51.0133 0x0890  iPod Service - ok
22:14:51.0153 0x0890  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:14:51.0173 0x0890  IRENUM - ok
22:14:51.0183 0x0890  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:14:51.0193 0x0890  isapnp - ok
22:14:51.0233 0x0890  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:14:51.0243 0x0890  iScsiPrt - ok
22:14:51.0263 0x0890  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:14:51.0273 0x0890  kbdclass - ok
22:14:51.0293 0x0890  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:14:51.0323 0x0890  kbdhid - ok
22:14:51.0353 0x0890  [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] KeyIso          C:\Windows\system32\lsass.exe
22:14:51.0353 0x0890  KeyIso - ok
22:14:51.0403 0x0890  [ 88246FD556E98BF416AC00C418B83D1D, 917EC561EB1C4D8D736DFDCD8456389B3DB0E8CB5AE900FB507F7F1550048BAD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:14:51.0433 0x0890  KSecDD - ok
22:14:51.0463 0x0890  [ C41140DBF0BEA35E480A9CF9823B2B08, 142C4EB8AF27C9B649F24BEECFA1FD3E2B160BC8E8172A04526B73BB157CAD3A ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:14:51.0473 0x0890  KSecPkg - ok
22:14:51.0523 0x0890  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:14:51.0573 0x0890  KtmRm - ok
22:14:51.0593 0x0890  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:14:51.0623 0x0890  LanmanServer - ok
22:14:51.0643 0x0890  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:14:51.0663 0x0890  LanmanWorkstation - ok
22:14:51.0683 0x0890  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:14:51.0713 0x0890  lltdio - ok
22:14:51.0723 0x0890  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:14:51.0743 0x0890  lltdsvc - ok
22:14:51.0753 0x0890  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:14:51.0783 0x0890  lmhosts - ok
22:14:51.0803 0x0890  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:14:51.0803 0x0890  LSI_FC - ok
22:14:51.0823 0x0890  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:14:51.0833 0x0890  LSI_SAS - ok
22:14:51.0853 0x0890  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:14:51.0863 0x0890  LSI_SAS2 - ok
22:14:51.0863 0x0890  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:14:51.0873 0x0890  LSI_SCSI - ok
22:14:51.0883 0x0890  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:14:51.0913 0x0890  luafv - ok
22:14:51.0983 0x0890  [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:14:52.0003 0x0890  MBAMProtector - ok
22:14:52.0123 0x0890  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
22:14:52.0173 0x0890  MBAMService - ok
22:14:52.0243 0x0890  [ 490F0F3ED8A970E2BAA38F719242B8F7, 03F902365372639424AB654AEBF6EB2B6B73363275435ADC2D086EAA7112AC3D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:14:52.0268 0x0890  MBAMWebAccessControl - ok
22:14:52.0298 0x0890  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:14:52.0348 0x0890  Mcx2Svc - ok
22:14:52.0368 0x0890  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:14:52.0378 0x0890  megasas - ok
22:14:52.0408 0x0890  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:14:52.0418 0x0890  MegaSR - ok
22:14:52.0438 0x0890  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
22:14:52.0478 0x0890  MMCSS - ok
22:14:52.0478 0x0890  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
22:14:52.0508 0x0890  Modem - ok
22:14:52.0528 0x0890  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:14:52.0528 0x0890  monitor - ok
22:14:52.0548 0x0890  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:14:52.0548 0x0890  mouclass - ok
22:14:52.0568 0x0890  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:14:52.0578 0x0890  mouhid - ok
22:14:52.0628 0x0890  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:14:52.0658 0x0890  mountmgr - ok
22:14:52.0678 0x0890  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:14:52.0708 0x0890  mpio - ok
22:14:52.0708 0x0890  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:14:52.0738 0x0890  mpsdrv - ok
22:14:52.0778 0x0890  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:14:52.0818 0x0890  MpsSvc - ok
22:14:52.0848 0x0890  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:14:52.0878 0x0890  MRxDAV - ok
22:14:52.0908 0x0890  [ BAF4E2BE25E8EDFDAA98AA17D92E3C35, 1C7C7A7217962BE8338F8F989A2DBA2C0FD8A1CCC4E773EA5D02F291C2AF0BCA ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:14:52.0948 0x0890  mrxsmb - ok
22:14:52.0968 0x0890  [ 300E85A19AFD4DF992AB6297C6E64CA1, B794DC07336DA64ECB8F6F695978C5B67FBFC7D1B60F3AD94D970FC9DE05A095 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:14:52.0998 0x0890  mrxsmb10 - ok
22:14:53.0018 0x0890  [ 70EF9F86474BA28A6898228E1C9ABDCB, 5BCCE0A1D33F7A0780350F3AA870468DB7B51F4FBA267AF663BC946B2259E0F8 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:14:53.0028 0x0890  mrxsmb20 - ok
22:14:53.0058 0x0890  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:14:53.0068 0x0890  msahci - ok
22:14:53.0088 0x0890  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:14:53.0098 0x0890  msdsm - ok
22:14:53.0118 0x0890  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
22:14:53.0138 0x0890  MSDTC - ok
22:14:53.0148 0x0890  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:14:53.0188 0x0890  Msfs - ok
22:14:53.0188 0x0890  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:14:53.0218 0x0890  mshidkmdf - ok
22:14:53.0228 0x0890  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:14:53.0228 0x0890  msisadrv - ok
22:14:53.0248 0x0890  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:14:53.0258 0x0890  MSiSCSI - ok
22:14:53.0268 0x0890  msiserver - ok
22:14:53.0283 0x0890  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:14:53.0293 0x0890  MSKSSRV - ok
22:14:53.0313 0x0890  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:14:53.0333 0x0890  MSPCLOCK - ok
22:14:53.0353 0x0890  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:14:53.0363 0x0890  MSPQM - ok
22:14:53.0383 0x0890  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:14:53.0393 0x0890  MsRPC - ok
22:14:53.0403 0x0890  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:14:53.0413 0x0890  mssmbios - ok
22:14:53.0423 0x0890  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:14:53.0443 0x0890  MSTEE - ok
22:14:53.0453 0x0890  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:14:53.0473 0x0890  MTConfig - ok
22:14:53.0473 0x0890  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:14:53.0483 0x0890  Mup - ok
22:14:53.0503 0x0890  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
22:14:53.0533 0x0890  napagent - ok
22:14:53.0553 0x0890  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:14:53.0573 0x0890  NativeWifiP - ok
22:14:53.0663 0x0890  [ E4534BCCDD1EA7A7A256BB9D6688A5FC, 68AFEDC17BF449DF7FC9CC9D7F020C1D82ABE91C40C7E6419DF87FAFDA700A0E ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
22:14:53.0703 0x0890  NAUpdate - ok
22:14:53.0753 0x0890  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:14:53.0783 0x0890  NDIS - ok
22:14:53.0813 0x0890  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:14:53.0853 0x0890  NdisCap - ok
22:14:53.0883 0x0890  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:14:53.0913 0x0890  NdisTapi - ok
22:14:53.0923 0x0890  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:14:53.0953 0x0890  Ndisuio - ok
22:14:53.0973 0x0890  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:14:53.0993 0x0890  NdisWan - ok
22:14:54.0003 0x0890  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:14:54.0033 0x0890  NDProxy - ok
22:14:54.0113 0x0890  [ 510C138564486FF926A3F773205C63D1, 50FBB8555C284ED22F71D99750899321B63E3B4C255174FE9B4F31084F9A34B1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:14:54.0123 0x0890  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:14:56.0843 0x0890  Detect skipped due to KSN trusted
22:14:56.0843 0x0890  Net Driver HPZ12 - ok
22:14:56.0863 0x0890  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:14:56.0913 0x0890  NetBIOS - ok
22:14:56.0943 0x0890  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:14:56.0973 0x0890  NetBT - ok
22:14:57.0003 0x0890  [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] Netlogon        C:\Windows\system32\lsass.exe
22:14:57.0023 0x0890  Netlogon - ok
22:14:57.0103 0x0890  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
22:14:57.0143 0x0890  Netman - ok
22:14:57.0203 0x0890  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:14:57.0243 0x0890  NetMsmqActivator - ok
22:14:57.0283 0x0890  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:14:57.0303 0x0890  NetPipeActivator - ok
22:14:57.0335 0x0890  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
22:14:57.0373 0x0890  netprofm - ok
22:14:57.0413 0x0890  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:14:57.0423 0x0890  NetTcpActivator - ok
22:14:57.0433 0x0890  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:14:57.0453 0x0890  NetTcpPortSharing - ok
22:14:57.0483 0x0890  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:14:57.0513 0x0890  nfrd960 - ok
22:14:57.0553 0x0890  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:14:57.0593 0x0890  NlaSvc - ok
22:14:57.0603 0x0890  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:14:57.0633 0x0890  Npfs - ok
22:14:57.0653 0x0890  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
22:14:57.0683 0x0890  nsi - ok
22:14:57.0683 0x0890  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:14:57.0703 0x0890  nsiproxy - ok
22:14:57.0763 0x0890  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:14:57.0803 0x0890  Ntfs - ok
22:14:57.0813 0x0890  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
22:14:57.0833 0x0890  Null - ok
22:14:57.0863 0x0890  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:14:57.0863 0x0890  nvraid - ok
22:14:57.0883 0x0890  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:14:57.0893 0x0890  nvstor - ok
22:14:57.0903 0x0890  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:14:57.0913 0x0890  nv_agp - ok
22:14:57.0913 0x0890  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:14:57.0933 0x0890  ohci1394 - ok
22:14:57.0943 0x0890  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:14:57.0953 0x0890  p2pimsvc - ok
22:14:57.0983 0x0890  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:14:57.0993 0x0890  p2psvc - ok
22:14:58.0013 0x0890  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
22:14:58.0013 0x0890  Parport - ok
22:14:58.0033 0x0890  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:14:58.0043 0x0890  partmgr - ok
22:14:58.0053 0x0890  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:14:58.0063 0x0890  Parvdm - ok
22:14:58.0093 0x0890  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:14:58.0103 0x0890  PcaSvc - ok
22:14:58.0123 0x0890  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
22:14:58.0133 0x0890  pci - ok
22:14:58.0143 0x0890  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:14:58.0153 0x0890  pciide - ok
22:14:58.0163 0x0890  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:14:58.0173 0x0890  pcmcia - ok
22:14:58.0183 0x0890  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:14:58.0193 0x0890  pcw - ok
22:14:58.0223 0x0890  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:14:58.0243 0x0890  PEAUTH - ok
22:14:58.0293 0x0890  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
22:14:58.0358 0x0890  pla - ok
22:14:58.0433 0x0890  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:14:58.0483 0x0890  PlugPlay - ok
22:14:58.0543 0x0890  [ 37E5E8FFBAD35605DAEEC3224EA0E465, E3A9BE275D3C8A3E143DF3A795964E9860A1F6C18BE36F8FE552E954435AC927 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:14:58.0553 0x0890  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:15:01.0268 0x0890  Detect skipped due to KSN trusted
22:15:01.0268 0x0890  Pml Driver HPZ12 - ok
22:15:01.0288 0x0890  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:15:01.0328 0x0890  PNRPAutoReg - ok
22:15:01.0358 0x0890  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:15:01.0378 0x0890  PNRPsvc - ok
22:15:01.0408 0x0890  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:15:01.0438 0x0890  PolicyAgent - ok
22:15:01.0458 0x0890  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
22:15:01.0478 0x0890  Power - ok
22:15:01.0498 0x0890  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:15:01.0518 0x0890  PptpMiniport - ok
22:15:01.0538 0x0890  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
22:15:01.0548 0x0890  Processor - ok
22:15:01.0588 0x0890  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:15:01.0598 0x0890  ProfSvc - ok
22:15:01.0618 0x0890  [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] ProtectedStorage C:\Windows\system32\lsass.exe
22:15:01.0628 0x0890  ProtectedStorage - ok
22:15:01.0658 0x0890  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:15:01.0668 0x0890  Psched - ok
22:15:01.0708 0x0890  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:15:01.0758 0x0890  ql2300 - ok
22:15:01.0758 0x0890  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:15:01.0768 0x0890  ql40xx - ok
22:15:01.0788 0x0890  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
22:15:01.0808 0x0890  QWAVE - ok
22:15:01.0808 0x0890  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:15:01.0828 0x0890  QWAVEdrv - ok
22:15:01.0838 0x0890  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:15:01.0868 0x0890  RasAcd - ok
22:15:01.0888 0x0890  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:15:01.0918 0x0890  RasAgileVpn - ok
22:15:01.0928 0x0890  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
22:15:01.0948 0x0890  RasAuto - ok
22:15:01.0968 0x0890  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:15:02.0028 0x0890  Rasl2tp - ok
22:15:02.0068 0x0890  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
22:15:02.0118 0x0890  RasMan - ok
22:15:02.0138 0x0890  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:15:02.0158 0x0890  RasPppoe - ok
22:15:02.0178 0x0890  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:15:02.0218 0x0890  RasSstp - ok
22:15:02.0238 0x0890  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:15:02.0268 0x0890  rdbss - ok
22:15:02.0288 0x0890  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:15:02.0298 0x0890  rdpbus - ok
22:15:02.0308 0x0890  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:15:02.0328 0x0890  RDPCDD - ok
22:15:02.0348 0x0890  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:15:02.0368 0x0890  RDPENCDD - ok
22:15:02.0378 0x0890  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:15:02.0388 0x0890  RDPREFMP - ok
22:15:02.0428 0x0890  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:15:02.0478 0x0890  RDPWD - ok
22:15:02.0518 0x0890  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:15:02.0558 0x0890  rdyboost - ok
22:15:02.0578 0x0890  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:15:02.0618 0x0890  RemoteAccess - ok
22:15:02.0638 0x0890  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:15:02.0668 0x0890  RemoteRegistry - ok
22:15:02.0678 0x0890  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:15:02.0708 0x0890  RpcEptMapper - ok
22:15:02.0708 0x0890  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
22:15:02.0728 0x0890  RpcLocator - ok
22:15:02.0738 0x0890  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
22:15:02.0778 0x0890  RpcSs - ok
22:15:02.0818 0x0890  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:15:02.0878 0x0890  rspndr - ok
22:15:02.0908 0x0890  [ 2C358271F0A50167BA3DFB6A2C35607A, 30A8259F56C7D64130A739A20209B8B825C94255BC547BC64123518083B6C1CC ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
22:15:02.0928 0x0890  RTHDMIAzAudService - ok
22:15:02.0968 0x0890  [ 64CA613324D8BD0B278420ED4959AFD9, 559BC700C1F3526F05DF2529649D8F2BB37869608DF693A3C774884AB5AC5925 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:15:02.0978 0x0890  RTL8167 - ok
22:15:02.0998 0x0890  [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] SamSs           C:\Windows\system32\lsass.exe
22:15:03.0008 0x0890  SamSs - ok
22:15:03.0048 0x0890  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:15:03.0058 0x0890  sbp2port - ok
22:15:03.0068 0x0890  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:15:03.0098 0x0890  SCardSvr - ok
22:15:03.0108 0x0890  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:15:03.0128 0x0890  scfilter - ok
22:15:03.0178 0x0890  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
22:15:03.0208 0x0890  Schedule - ok
22:15:03.0228 0x0890  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:15:03.0238 0x0890  SCPolicySvc - ok
22:15:03.0248 0x0890  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:15:03.0258 0x0890  SDRSVC - ok
22:15:03.0278 0x0890  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:15:03.0278 0x0890  secdrv - ok
22:15:03.0298 0x0890  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
22:15:03.0328 0x0890  seclogon - ok
22:15:03.0338 0x0890  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
22:15:03.0368 0x0890  SENS - ok
22:15:03.0378 0x0890  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:15:03.0398 0x0890  SensrSvc - ok
22:15:03.0423 0x0890  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:15:03.0438 0x0890  Serenum - ok
22:15:03.0448 0x0890  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:15:03.0468 0x0890  Serial - ok
22:15:03.0478 0x0890  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:15:03.0478 0x0890  sermouse - ok
22:15:03.0498 0x0890  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:15:03.0528 0x0890  SessionEnv - ok
22:15:03.0538 0x0890  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:15:03.0548 0x0890  sffdisk - ok
22:15:03.0558 0x0890  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:15:03.0568 0x0890  sffp_mmc - ok
22:15:03.0568 0x0890  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:15:03.0578 0x0890  sffp_sd - ok
22:15:03.0578 0x0890  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:15:03.0588 0x0890  sfloppy - ok
22:15:03.0638 0x0890  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:15:03.0678 0x0890  SharedAccess - ok
22:15:03.0698 0x0890  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:15:03.0718 0x0890  ShellHWDetection - ok
22:15:03.0738 0x0890  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:15:03.0738 0x0890  sisagp - ok
22:15:03.0748 0x0890  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:15:03.0758 0x0890  SiSRaid2 - ok
22:15:03.0778 0x0890  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:15:03.0778 0x0890  SiSRaid4 - ok
22:15:03.0788 0x0890  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:15:03.0808 0x0890  Smb - ok
22:15:03.0828 0x0890  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:15:03.0838 0x0890  SNMPTRAP - ok
22:15:03.0838 0x0890  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:15:03.0848 0x0890  spldr - ok
22:15:03.0888 0x0890  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
22:15:03.0898 0x0890  Spooler - ok
22:15:03.0978 0x0890  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
22:15:04.0118 0x0890  sppsvc - ok
22:15:04.0128 0x0890  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:15:04.0138 0x0890  sppuinotify - ok
22:15:04.0168 0x0890  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:15:04.0188 0x0890  srv - ok
22:15:04.0208 0x0890  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:15:04.0218 0x0890  srv2 - ok
22:15:04.0238 0x0890  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:15:04.0248 0x0890  srvnet - ok
22:15:04.0288 0x0890  [ BB6EDB0257860083193CC1581AC7D485, DE2A6AA57C48D4FACF155C2FD876D5F3238A9107F8313FB3D0BF7CE34B0ED559 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
22:15:04.0318 0x0890  ssadbus - ok
22:15:04.0348 0x0890  [ 5BCB68F7B62159C07789D3F405750623, 5363AC26FDD7114BB23F09F79541A691FF6E140C4B802F5AE284BCE5F623D5E0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:15:04.0368 0x0890  ssadmdfl - ok
22:15:04.0388 0x0890  [ 1588A89F9CD9E68DE9FCC9F60FDB5C08, E2E547A0AC10DAA55029500052D89A7FB124FFBE7742F16AD41B857890AED50F ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
22:15:04.0398 0x0890  ssadmdm - ok
22:15:04.0418 0x0890  [ 9EFD9F42795C9E90206C1E9A9B25E8D3, CD5E64A95E2022A8B9BBD4710854BDD1AC1772441275F40EFD31508376B2B99B ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
22:15:04.0428 0x0890  ssadserd - ok
22:15:04.0448 0x0890  [ E6CE6348A4F6E06925548F62527F0F99, AD39D46311F79EDFC4F7DA2922EB95CE0F27C3A1B1642371C4E7E48F6515CB7B ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
22:15:04.0458 0x0890  sscdbus - ok
22:15:04.0498 0x0890  [ 68820F9A67F0D170A6842094EBDCD924, C1A8B53BF6804D17B30FA5CDEC0ADD0B0252D773F1AECCB687B53BB8BF7FB240 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:15:04.0518 0x0890  sscdmdfl - ok
22:15:04.0548 0x0890  [ 0A3B7562002C50F208FCCDEB7380B57B, D2E34E622D37B6820F185B7072F7895410F92C3C064E1419AD7FDC7E594326BB ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
22:15:04.0558 0x0890  sscdmdm - ok
22:15:04.0588 0x0890  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:15:04.0618 0x0890  SSDPSRV - ok
22:15:04.0648 0x0890  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:15:04.0648 0x0890  ssmdrv - ok
22:15:04.0678 0x0890  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:15:04.0708 0x0890  SstpSvc - ok
22:15:04.0828 0x0890  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
22:15:04.0858 0x0890  ss_conn_service - ok
22:15:04.0878 0x0890  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:15:04.0878 0x0890  stexstor - ok
22:15:04.0908 0x0890  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:15:04.0928 0x0890  StiSvc - ok
22:15:04.0948 0x0890  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:15:04.0948 0x0890  swenum - ok
22:15:04.0978 0x0890  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
22:15:05.0008 0x0890  swprv - ok
22:15:05.0108 0x0890  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
22:15:05.0168 0x0890  SysMain - ok
22:15:05.0188 0x0890  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
22:15:05.0198 0x0890  TabletInputService - ok
22:15:05.0228 0x0890  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:15:05.0258 0x0890  TapiSrv - ok
22:15:05.0278 0x0890  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
22:15:05.0298 0x0890  TBS - ok
22:15:05.0408 0x0890  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:15:05.0488 0x0890  Tcpip - ok
22:15:05.0528 0x0890  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:15:05.0558 0x0890  TCPIP6 - ok
22:15:05.0588 0x0890  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:15:05.0598 0x0890  tcpipreg - ok
22:15:05.0618 0x0890  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:15:05.0618 0x0890  TDPIPE - ok
22:15:05.0648 0x0890  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:15:05.0678 0x0890  TDTCP - ok
22:15:05.0718 0x0890  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:15:05.0738 0x0890  tdx - ok
22:15:05.0748 0x0890  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:15:05.0758 0x0890  TermDD - ok
22:15:05.0808 0x0890  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
22:15:05.0838 0x0890  TermService - ok
22:15:05.0858 0x0890  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
22:15:05.0898 0x0890  Themes - ok
22:15:05.0918 0x0890  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:15:05.0938 0x0890  THREADORDER - ok
22:15:05.0958 0x0890  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
22:15:05.0998 0x0890  TrkWks - ok
22:15:06.0048 0x0890  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:15:06.0098 0x0890  TrustedInstaller - ok
22:15:06.0128 0x0890  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:15:06.0138 0x0890  tssecsrv - ok
22:15:06.0148 0x0890  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:15:06.0168 0x0890  TsUsbFlt - ok
22:15:06.0178 0x0890  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:15:06.0188 0x0890  TsUsbGD - ok
22:15:06.0208 0x0890  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:15:06.0228 0x0890  tunnel - ok
22:15:06.0248 0x0890  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:15:06.0258 0x0890  uagp35 - ok
22:15:06.0278 0x0890  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:15:06.0318 0x0890  udfs - ok
22:15:06.0338 0x0890  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:15:06.0358 0x0890  UI0Detect - ok
22:15:06.0378 0x0890  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:15:06.0388 0x0890  uliagpkx - ok
22:15:06.0408 0x0890  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:15:06.0418 0x0890  umbus - ok
22:15:06.0438 0x0890  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:15:06.0448 0x0890  UmPass - ok
22:15:06.0478 0x0890  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
22:15:06.0508 0x0890  upnphost - ok
22:15:06.0598 0x0890  [ A176718F0DF45F60F545CF3E14F4D108, 5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
22:15:06.0608 0x0890  USBAAPL - ok
22:15:06.0628 0x0890  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:15:06.0638 0x0890  usbccgp - ok
22:15:06.0678 0x0890  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:15:06.0688 0x0890  usbcir - ok
22:15:06.0718 0x0890  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:15:06.0738 0x0890  usbehci - ok
22:15:06.0798 0x0890  [ E5B14557793164DB879EE56F5B59C3E2, 963CB7D6A79D75F39C024BFBD594889B85D2171FBD16A89EE4B722FA42D6BA42 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:15:06.0818 0x0890  usbfilter - ok
22:15:06.0888 0x0890  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:15:06.0908 0x0890  usbhub - ok
22:15:06.0918 0x0890  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:15:06.0928 0x0890  usbohci - ok
22:15:06.0958 0x0890  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:15:06.0978 0x0890  usbprint - ok
22:15:06.0998 0x0890  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
22:15:07.0008 0x0890  usbscan - ok
22:15:07.0028 0x0890  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:15:07.0038 0x0890  USBSTOR - ok
22:15:07.0068 0x0890  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:15:07.0098 0x0890  usbuhci - ok
22:15:07.0118 0x0890  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
22:15:07.0138 0x0890  UxSms - ok
22:15:07.0168 0x0890  [ 88142648ED929E6D2178CC3B8C13C00F, 7E6B6B2CF61C56FBF8F2A96BDA2E9506467A9A883BFD3BEA78A4F500851E76DB ] VaultSvc        C:\Windows\system32\lsass.exe
22:15:07.0178 0x0890  VaultSvc - ok
22:15:07.0208 0x0890  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:15:07.0218 0x0890  vdrvroot - ok
22:15:07.0248 0x0890  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
22:15:07.0288 0x0890  vds - ok
22:15:07.0308 0x0890  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:15:07.0328 0x0890  vga - ok
22:15:07.0348 0x0890  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:15:07.0378 0x0890  VgaSave - ok
22:15:07.0388 0x0890  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:15:07.0408 0x0890  vhdmp - ok
22:15:07.0428 0x0890  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:15:07.0438 0x0890  viaagp - ok
22:15:07.0448 0x0890  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:15:07.0458 0x0890  ViaC7 - ok
22:15:07.0488 0x0890  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:15:07.0498 0x0890  viaide - ok
22:15:07.0518 0x0890  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:15:07.0528 0x0890  volmgr - ok
22:15:07.0548 0x0890  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:15:07.0558 0x0890  volmgrx - ok
22:15:07.0568 0x0890  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:15:07.0578 0x0890  volsnap - ok
22:15:07.0598 0x0890  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:15:07.0608 0x0890  vsmraid - ok
22:15:07.0638 0x0890  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
22:15:07.0688 0x0890  VSS - ok
22:15:07.0698 0x0890  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:15:07.0708 0x0890  vwifibus - ok
22:15:07.0728 0x0890  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
22:15:07.0758 0x0890  W32Time - ok
22:15:07.0778 0x0890  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:15:07.0778 0x0890  WacomPen - ok
22:15:07.0798 0x0890  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:15:07.0828 0x0890  WANARP - ok
22:15:07.0828 0x0890  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:15:07.0838 0x0890  Wanarpv6 - ok
22:15:07.0878 0x0890  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
22:15:07.0928 0x0890  wbengine - ok
22:15:07.0948 0x0890  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:15:07.0958 0x0890  WbioSrvc - ok
22:15:07.0978 0x0890  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:15:07.0998 0x0890  wcncsvc - ok
22:15:08.0028 0x0890  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:15:08.0038 0x0890  WcsPlugInService - ok
22:15:08.0058 0x0890  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:15:08.0088 0x0890  Wd - ok
22:15:08.0158 0x0890  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:15:08.0178 0x0890  Wdf01000 - ok
22:15:08.0218 0x0890  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:15:08.0248 0x0890  WdiServiceHost - ok
22:15:08.0258 0x0890  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:15:08.0278 0x0890  WdiSystemHost - ok
22:15:08.0318 0x0890  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
22:15:08.0338 0x0890  WebClient - ok
22:15:08.0358 0x0890  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:15:08.0398 0x0890  Wecsvc - ok
22:15:08.0418 0x0890  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:15:08.0458 0x0890  wercplsupport - ok
22:15:08.0490 0x0890  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
22:15:08.0533 0x0890  WerSvc - ok
22:15:08.0573 0x0890  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:15:08.0593 0x0890  WfpLwf - ok
22:15:08.0603 0x0890  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:15:08.0613 0x0890  WIMMount - ok
22:15:08.0673 0x0890  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:15:08.0703 0x0890  WinDefend - ok
22:15:08.0713 0x0890  WinHttpAutoProxySvc - ok
22:15:08.0773 0x0890  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:15:08.0803 0x0890  Winmgmt - ok
22:15:08.0913 0x0890  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:15:08.0953 0x0890  WinRM - ok
22:15:09.0013 0x0890  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
22:15:09.0053 0x0890  WinUsb - ok
22:15:09.0123 0x0890  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:15:09.0163 0x0890  Wlansvc - ok
22:15:09.0223 0x0890  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:15:09.0253 0x0890  wlcrasvc - ok
22:15:09.0383 0x0890  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:15:09.0423 0x0890  wlidsvc - ok
22:15:09.0443 0x0890  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:15:09.0453 0x0890  WmiAcpi - ok
22:15:09.0483 0x0890  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:15:09.0503 0x0890  wmiApSrv - ok
22:15:09.0598 0x0890  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:15:09.0658 0x0890  WMPNetworkSvc - ok
22:15:09.0668 0x0890  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:15:09.0678 0x0890  WPCSvc - ok
22:15:09.0688 0x0890  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:15:09.0708 0x0890  WPDBusEnum - ok
22:15:09.0728 0x0890  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:15:09.0748 0x0890  ws2ifsl - ok
22:15:09.0778 0x0890  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:15:09.0788 0x0890  wscsvc - ok
22:15:09.0798 0x0890  WSearch - ok
22:15:09.0918 0x0890  [ 3EFC48CE17BE25D2F8C04C5A0FAE1F53, 6439396AE1C59966E3C0DF519956F9D25568155174004F9562F764CEF8A49802 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:15:10.0008 0x0890  wuauserv - ok
22:15:10.0038 0x0890  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:15:10.0038 0x0890  WudfPf - ok
22:15:10.0058 0x0890  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:15:10.0068 0x0890  WUDFRd - ok
22:15:10.0108 0x0890  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:15:10.0138 0x0890  wudfsvc - ok
22:15:10.0168 0x0890  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:15:10.0188 0x0890  WwanSvc - ok
22:15:10.0258 0x0890  [ 74EC37B9EAF9FCA015B933A526825C7A, E75D73422B4383210F912B424377D5F2DBBF0E9418A2F450636B689572B1B9F6 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
22:15:10.0288 0x0890  {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
22:15:10.0298 0x0890  ================ Scan global ===============================
22:15:10.0338 0x0890  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
22:15:10.0388 0x0890  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
22:15:10.0408 0x0890  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
22:15:10.0428 0x0890  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
22:15:10.0468 0x0890  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
22:15:10.0468 0x0890  [ Global ] - ok
22:15:10.0478 0x0890  ================ Scan MBR ==================================
22:15:10.0478 0x0890  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:15:10.0708 0x0890  \Device\Harddisk0\DR0 - ok
22:15:10.0708 0x0890  ================ Scan VBR ==================================
22:15:10.0718 0x0890  [ 68A4BADB11D0BF01E8FCA5B983771303 ] \Device\Harddisk0\DR0\Partition1
22:15:10.0718 0x0890  \Device\Harddisk0\DR0\Partition1 - ok
22:15:10.0748 0x0890  [ F1D038132BD113E22D558DF69F14FFFC ] \Device\Harddisk0\DR0\Partition2
22:15:10.0748 0x0890  \Device\Harddisk0\DR0\Partition2 - ok
22:15:10.0748 0x0890  ================ Scan generic autorun ======================
22:15:11.0098 0x0890  [ 6A53E62143D7741196A81426B74FC7B6, 2BBE7302DFDE0480EF8F448C9C19CA4FF632BE24A2D6B8305408ABF63EB92394 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
22:15:11.0288 0x0890  RtHDVCpl - ok
22:15:11.0338 0x0890  [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:15:11.0368 0x0890  APSDaemon - ok
22:15:11.0478 0x0890  [ 7C73B5C50CAEDB1771A049142026906B, A4992339D71A9297963C70616C4124BD701E46AEE439E09C392C2B2EBAE624E6 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:15:11.0508 0x0890  StartCCC - ok
22:15:11.0558 0x0890  [ 3A767D4CF95CAC1299554B89C4DE5920, E18D2BD562981A4BA54A677C8838ABE9056D1704EC2CC1A8B465390CAC9D1875 ] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
22:15:11.0588 0x0890  KiesTrayAgent - ok
22:15:11.0718 0x0890  [ E2057E8C5DED049B2E495A96E51577DD, 7439B2EADE046DE6D13917416DEDBC4BA8CDF1B31D1E322CCCB46638EDFEB5CB ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
22:15:11.0768 0x0890  MailCheck IE Broker - ok
22:15:11.0838 0x0890  [ C2CE42005E3381A95460876020518440, 562EB30DA9A1DB58DB221423177C0680E69A4C38EEE2D5FD936633B2EB8A616E ] C:\Program Files\QuickTime\QTTask.exe
22:15:11.0858 0x0890  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:15:14.0578 0x0890  Detect skipped due to KSN trusted
22:15:14.0578 0x0890  QuickTime Task - ok
22:15:14.0635 0x0890  [ 244C37564EC42EF4FB12F763C4861434, 5C216909E7C66F4E4AF2BC51AC40C46A9C95DBD2BA347DC0781E25D58044B513 ] C:\Program Files\iTunes\iTunesHelper.exe
22:15:14.0645 0x0890  iTunesHelper - ok
22:15:14.0685 0x0890  [ 4F9DD96AECDC12373D4203253D665C6D, 871FF2367ACD5F9A378FED53574BF28A8129224C4B7C4AF074809ED7CF870904 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
22:15:14.0705 0x0890  SunJavaUpdateSched - ok
22:15:14.0805 0x0890  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:15:14.0835 0x0890  Sidebar - ok
22:15:14.0915 0x0890  [ CDFED4B616BB32C904713EF3E8CB83CE, 95AC301792478955CDC0475408FB2BDB67673A144894FEB8C5C73E6593086D75 ] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
22:15:14.0955 0x0890  KiesPDLR - ok
22:15:15.0025 0x0890  [ 7EF9633A2409048FB40DBC2B83A42C0F, ADB04ED61B7626AD3696CCF8356AA26C251FCA35A1C7CB8A04F83401F04936D0 ] C:\Program Files\Samsung\Kies\Kies.exe
22:15:15.0065 0x0890  KiesPreload - ok
22:15:15.0115 0x0890  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:15:15.0125 0x0890  swg - ok
22:15:15.0185 0x0890  [ CDFED4B616BB32C904713EF3E8CB83CE, 95AC301792478955CDC0475408FB2BDB67673A144894FEB8C5C73E6593086D75 ] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
22:15:15.0215 0x0890  KiesPDLR - ok
22:15:15.0265 0x0890  [ 7EF9633A2409048FB40DBC2B83A42C0F, ADB04ED61B7626AD3696CCF8356AA26C251FCA35A1C7CB8A04F83401F04936D0 ] C:\Program Files\Samsung\Kies\Kies.exe
22:15:15.0295 0x0890  KiesPreload - ok
22:15:15.0295 0x0890  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:15:15.0305 0x0890  swg - ok
22:15:15.0345 0x0890  [ 7EF9633A2409048FB40DBC2B83A42C0F, ADB04ED61B7626AD3696CCF8356AA26C251FCA35A1C7CB8A04F83401F04936D0 ] C:\Program Files\Samsung\Kies\Kies.exe
22:15:15.0375 0x0890  KiesPreload - ok
22:15:15.0385 0x0890  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:15:15.0385 0x0890  swg - ok
22:15:15.0465 0x0890  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:15:15.0495 0x0890  Sidebar - ok
22:15:15.0495 0x0890  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:15:15.0505 0x0890  swg - ok
22:15:15.0545 0x0890  FlashPlayerUpdate - ok
22:15:15.0545 0x0890  Waiting for KSN requests completion. In queue: 319
22:15:16.0545 0x0890  Waiting for KSN requests completion. In queue: 319
22:15:17.0545 0x0890  Waiting for KSN requests completion. In queue: 13
22:15:18.0568 0x0890  Win FW state via NFP2: enabled ( trusted )
22:15:21.0298 0x0890  ============================================================
22:15:21.0298 0x0890  Scan finished
22:15:21.0298 0x0890  ============================================================
22:15:21.0318 0x12bc  Detected object count: 0
22:15:21.0318 0x12bc  Actual detected object count: 0
         

Alt 01.10.2015, 18:27   #8
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2015, 22:46   #9
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Code:
ATTFilter
ComboFix 15-10-01.01 - Martin 02.10.2015  23:33:56.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3325.2116 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-09-02 bis 2015-10-02  ))))))))))))))))))))))))))))))
.
.
2015-10-02 21:42 . 2015-10-02 21:42	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-10-02 21:42 . 2015-10-02 21:42	--------	d-----w-	c:\users\Papa\AppData\Local\temp
2015-10-02 21:42 . 2015-10-02 21:42	--------	d-----w-	c:\users\Natphimol\AppData\Local\temp
2015-10-02 21:42 . 2015-10-02 21:42	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2015-09-29 19:25 . 2015-09-30 20:10	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-09-08 20:06 . 2015-06-25 09:48	105408	----a-w-	c:\windows\system32\consent.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-02 21:23 . 2012-04-04 12:01	17488	----a-w-	c:\windows\gdrv.sys
2015-09-30 19:16 . 2014-07-26 11:30	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-30 19:15 . 2014-07-26 11:30	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-09-23 11:37 . 2012-04-04 18:25	780488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-09-23 11:37 . 2012-04-04 18:25	142536	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-25 19:06 . 2014-11-22 16:56	96352	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-07-30 17:57 . 2015-08-12 15:16	909824	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-12 15:16	1251328	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-12 15:16	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 16:50	103120	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-28 20:04 . 2015-08-12 15:16	15808	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00 . 2015-08-12 15:16	635904	----a-w-	c:\windows\system32\invagent.dll
2015-07-28 20:00 . 2015-08-12 15:16	598528	----a-w-	c:\windows\system32\generaltel.dll
2015-07-28 20:00 . 2015-08-12 15:16	346112	----a-w-	c:\windows\system32\devinv.dll
2015-07-28 20:00 . 2015-08-12 15:16	952832	----a-w-	c:\windows\system32\appraiser.dll
2015-07-28 20:00 . 2015-08-12 15:16	60416	----a-w-	c:\windows\system32\acmigration.dll
2015-07-28 20:00 . 2015-08-12 15:16	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-07-28 19:54 . 2015-08-12 15:16	934400	----a-w-	c:\windows\system32\aeinv.dll
2015-07-15 18:37 . 2015-08-12 15:16	2560	----a-w-	c:\windows\system32\drivers\de-DE\mountmgr.sys.mui
2015-07-15 17:59 . 2015-08-12 15:16	78784	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:55 . 2015-08-12 15:16	1159168	----a-w-	c:\windows\system32\sysmain.dll
2015-07-15 17:54 . 2015-08-12 15:16	10752	----a-w-	c:\windows\system32\msmmsp.dll
2015-07-15 02:55 . 2015-08-12 15:15	44032	----a-w-	c:\windows\system32\basesrv.dll
2015-07-10 17:34 . 2015-08-12 15:16	36864	----a-w-	c:\windows\system32\tsgqec.dll
2015-07-10 17:34 . 2015-08-12 15:16	3221504	----a-w-	c:\windows\system32\mstscax.dll
2015-07-10 17:33 . 2015-08-12 15:16	131584	----a-w-	c:\windows\system32\aaclient.dll
2015-07-09 17:42 . 2015-08-12 15:16	179712	----a-w-	c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-12 15:16	179712	----a-w-	c:\windows\notepad.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2015-04-28 1015104]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2015-04-28 1566016]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-09 10807912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2015-04-28 311616]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-11-17 2135104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-06-16 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-06-29 157992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58	75048	------w-	c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52	1234216	----a-w-	c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08	87336	------w-	c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-06-18 1133880]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2013-04-03 32064]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-04-03 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-04-03 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-04-03 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-04-03 130248]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/04/04 15:00];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 219136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 291840]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-04-18 233472]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-02-14 79872]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 44928]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 64256]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-04-18 37344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-01-13 328808]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-30 19:52	997704	----a-w-	c:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:37]
.
2015-09-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core.job
- c:\users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24 13:16]
.
2015-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA.job
- c:\users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24 13:16]
.
2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 17:40]
.
2015-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 17:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-10-02  23:44:52
ComboFix-quarantined-files.txt  2015-10-02 21:44
.
Vor Suchlauf: 16 Verzeichnis(se), 362.867.392.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 363.670.945.792 Bytes frei
.
- - End Of File - - 479A20BADE8AAAD763318A0E1505D7FE
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 03.10.2015, 17:08   #10
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.10.2015, 17:40   #11
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 09.10.2015
Suchlaufzeit: 16:55
Protokolldatei: MBAM.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.10.09.04
Rootkit-Datenbank: v2015.10.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Martin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 534925
Abgelaufene Zeit: 28 Min., 8 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
[CODE] Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 09.10.2015
Suchlaufzeit: 16:55
Protokolldatei: MBAM.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.10.09.04
Rootkit-Datenbank: v2015.10.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Martin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 534925
Abgelaufene Zeit: 28 Min., 8 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.013 - Bericht erstellt am 09/10/2015 um 18:28:46
# Aktualisiert am 09/10/2015 von Xplode
# Datenbank : 2015-10-09.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Martin - MARTIN-PC
# Gestartet von : C:\Users\Martin\Desktop\adwcleaner_5.013.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files\slimservice
[-] Ordner Gelöscht : C:\Program Files\myfree codec
[-] Ordner Gelöscht : C:\ProgramData\44F22EC081C39BE7000044F1E9D3A0F0
[-] Ordner Gelöscht : C:\ProgramData\44F317C082AC9BE7000044F2D2D3A1D9
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Ordner Gelöscht : C:\Users\Martin\AppData\Local\slimware utilities inc

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Internetbrowser ] *****

[-] [C:\Users\Natphimol\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : de.ask.com

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2721 Bytes] ##########
         
--- --- ---

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x86
Ran by Martin on 09.10.2015 at 18:34:12,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{001696FF-2BEA-4BAA-A672-71ADC9D6D753}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{010ADA08-318A-4128-B680-AD32F5294BDE}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{01EDE6F5-84DA-4624-9D08-886D9F74C498}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{02802306-27DA-4BA1-9B85-ECBF606D533B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{036B09F3-4281-4E94-BD3D-ED7973DA5DD7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{05371E32-377D-447D-B590-3416CE992CCA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{07CD670A-2B40-4192-8990-BCB16A4FFBAD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{0890B55C-E081-4AA8-91B2-7C120B3A8D14}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{092FB1DE-CDA1-4ADB-BD12-2C695D6EADC8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{0A1BFBF9-BBFB-4B55-9A43-E181C5580916}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{0C726094-DDFA-4344-B654-2043A23AA55A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{0CE188F9-A4DF-47F9-8C18-C964A377C0B7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{0EBB32C0-1976-4540-A7C2-4E4D30003898}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{0FE2F0B0-C0B1-4758-848A-16B93C23406E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{11241078-D929-4746-BED7-2FA97F3DB799}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{13411AC2-143E-4DD0-8B91-EDBFB364BA09}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{13B188BA-4F5F-4FFD-B767-5F2E3F0628BD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{142E09DD-663B-4596-971C-BDCE3AE31735}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1473CE9C-294B-4EE7-9434-C42F9B81393A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1560D3EE-487F-40F6-9CDF-F87EAF729D16}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{17948AFD-596A-4AA8-9C41-7CD05D21E05C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{187E9E86-E7CC-4717-B50E-9643D922F16E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{18957059-F68A-4ED4-AB3C-2306808DA0B8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{18A53F62-4B56-4C81-8258-ED9425FAC8F0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{191ADB33-BE1F-468F-9692-4EB609D891C6}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1980DD75-CF2B-4D1F-BE54-A95744017554}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1A25A756-B493-4611-BFAB-0AF1D8B77AAA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1A2697C4-DF89-4A50-8C35-00609EE5241E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1A8B5BE3-F45B-4655-AF8D-E62422119B6D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1C02683C-3BC4-4FFC-BA69-7D05CDE6ABC1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1C776BD1-AECA-468A-9C37-FF49D1CE6AA4}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1C948814-8EB3-436A-BFC1-31D0147976D2}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1E079B9A-0E26-4BAC-B1F9-65A7F3D60B05}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{1EFCD32F-B475-49C1-8DD6-09EC898B48D5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{210DFAA4-466D-4DD4-BC70-36396DA2D55A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{225896ED-328A-407C-96C7-D6E1DEC5F397}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{22F21C48-AFCC-41D0-8846-286130912270}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{23EFA19F-B0B2-4B05-89D3-5F22D12C21DA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{24B5B72F-FCFF-4B83-8B7B-070EF80328BF}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2539F303-7FFE-4129-917E-7852FE65251A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{27FC03B0-BDC8-4781-9059-57DD9C77531F}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{28383E31-D0DB-425F-A54A-BB346E9C781A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2870BC34-43A2-4E00-933F-405D06CC8223}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2920404C-9F25-4070-A065-49FECCB67DF1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2B825306-7763-4113-A49B-FE277B13D9F0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2D3D7DB3-032B-45EE-9779-2FCFEF161344}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2D4F03CA-29A3-4D88-86A3-633EABB4FE53}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2D7F85E6-CA03-48EE-A516-DBCE46F53022}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{2EFF64EC-FF9C-41E6-8020-07C0A466BE95}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{33897333-FAE9-4CA0-9915-7D4E276469BE}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{34240C3A-A7D9-49BF-AE82-26C620D353FE}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{348615A3-E182-40E2-B84D-825731E1B366}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{355F733B-2B33-4F5B-A864-2FB415762711}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{36A91749-69F3-4668-863F-FC4A3DC0B44F}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{376C580D-2D53-4F43-AB6C-21CC674BE809}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{380256B3-E170-4008-9720-EA7BC9DC48BA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3C76586B-8B4F-419C-A78E-EFCDAFFCD422}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3CD8C62F-1CE8-460F-A3AE-23E9400526F0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3D2C270D-B9BB-4A95-8E23-77F74F0CDC13}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3DB7A0DD-A779-4C81-93A2-66E3E6D990DB}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3E8522BD-C0DE-45F5-947B-E7297FC60A40}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3EE8885D-0601-4949-B000-9B720667348D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3F6E9A2C-EC0C-4364-8349-A349A40CC0B0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{3F73846B-9042-4CF7-AA74-9BD65B8357DC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{41746B0A-B41E-4ABE-8463-23559981AE02}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{42E24542-A848-4713-8687-9587688A0FB0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4371E59B-65E2-4FC6-9BF4-4C601E59D5DF}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{44BAA058-A725-4034-AB2B-7EBD7B5EA559}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{44C4A0EC-BE96-4BE5-8C60-CAF33522C020}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{453892E6-31D8-42CD-874D-5CCB96FE9F0A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4793C6EE-B936-42D5-A495-93D4491561C5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{497EACFE-A3F6-4436-867C-AD82C740E2E5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{49F82BAA-9B21-4D06-8C4E-1F1AE51BB115}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4A53A99C-66AF-4FF2-941C-14439B921525}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4B0E02B4-8D97-40F1-931A-7018F42911C0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4BB7D41D-CDB1-40D7-BB8A-1F7AEC6B91A9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4C43315D-FE4C-44E3-B2EC-DF1343BD9215}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4D0C2D69-4569-49D9-AE2F-5AB2880C6944}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4DF00FE0-FAD0-4F5E-9B72-988C03652262}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4E3904D4-E2B2-4997-96B3-88D4BFB5A2CC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4F29AE5F-0B27-4C19-A052-DEFC47212283}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4F3CD30D-0184-4B0A-8515-855B34DB2A1C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4F7F60D5-7C29-48E7-8912-32CE199181CC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{4FB9CDDB-3B30-47FF-8493-081A2325BD87}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{50E64335-F3B6-40B4-BA2B-4E36CE300D74}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{52A7DE15-61E6-48EB-8437-5DEA31F256F2}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{53DCEBD8-D090-4C97-B261-AB2795BE247D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{541D6258-F670-4BFD-90C3-DE8684CB0782}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5530C464-8072-4EBF-AE5B-8927A1D147BA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{55500206-CCBA-460F-BB2B-09BDB84EEDC9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{560247EE-35A0-4DEF-BC03-07EC672DDE38}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{568CE786-09B4-46E8-8F03-49919568F94B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{57E273B8-3D7A-4C58-A845-1742F679015B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5A988906-D327-4BDD-BEF9-344AA8F5C118}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5AC52B19-8EF0-4BD0-8DDE-D1988BA854DC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5BAC2A35-77CB-46B1-BAD9-0D70F1A8604C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5BB951D5-CAE4-4C40-9BE5-BE3A1FBCDA6E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5DCB795D-4A42-4B61-A632-448B27FCFA64}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{5FF0EE74-9718-4673-B93F-6ADD265939ED}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{604B8688-8C9B-4327-BAD0-EB98007EA205}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{6064BE4B-46E8-45A9-B821-1658459C535A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{623DB0CB-1253-44DB-AF98-A58D235D0271}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{6279EE02-4827-4D54-AFE7-C3E196C3A7A5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{632E1DD1-89E0-490E-BE65-4135BB77D3ED}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{63B1EABA-51D6-4D8B-A9FA-5F216AF53922}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{64A90169-6A89-4032-AA20-A5E60F24FB73}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{64C291CB-BC83-434E-9485-C9469C393254}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{657903E0-9CB8-413E-A717-67AB42495BE8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{65D6EE7F-517A-4F97-950E-2727E2D1CB1E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{661CA650-CB06-4569-B893-3839C3AAD609}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{67B30205-FD12-48E6-AE32-C068B7739676}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{67D8795B-AC31-4610-B0DD-06B04EB98956}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{67D9DF06-2D0D-43C1-8BA6-3D9C68592F51}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{68CEE33D-34EF-477C-A8F5-F7D5F29E94C0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{691F39B6-4804-4BC6-A04A-12C590E026AF}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{6D95AF03-B7D0-44E4-8436-7459C541FD12}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{6DA7BD03-0E3A-4B23-9CC6-1BBB09296A11}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{6FA7BBD9-8714-49E0-9443-90296CD37A84}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{70376FCE-DC05-421F-A5E8-5336B6D72FD8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{70A68A49-5E15-439A-BAA5-682EB3335302}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{71C64235-9B3E-456A-A5C0-C4C8B0063BDB}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{746F5F1C-DBEA-4AB2-A1B2-60363333C44B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7508266A-7772-48BE-AFEB-6C5668BF22A4}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{750942CD-FF09-4C10-89EE-3E1584132AD9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7528328C-55FE-4AD5-B860-CF30ED5B0DD7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{75F7EA82-865B-4E9F-8183-C6E593DC803D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7619EA2E-26FF-44B5-8DEF-F2F4128A56DF}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7662A32F-C07A-42FF-BFFA-209418D2540C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{76FAF67E-660B-4EF7-B6B9-0DAA0EFF1455}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{775165E2-A702-4B39-8367-DDC22205BFA2}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{77CC85FF-1890-445A-B655-64071F82D782}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{78126B4E-B4F2-4FF4-9359-88BE17F34941}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7860C6BA-7A5C-4163-B2ED-76D27A8AC8AD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{786EADFF-7FBB-4260-B414-B7F7920687A5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7891373F-F077-4BBC-8588-DD09A0C678AC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{79439AFE-42F6-48FC-A869-B6F12B0782E9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7A8F275F-08FE-419B-92AE-8BA0B5FBF6FC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7A97A3BE-ACCF-4D2E-8B6F-D8DE67367A82}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7B563544-FDB4-4384-8AB0-6FB775BE6045}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7C29FAB1-C37B-4BA5-8139-4925497B6ED7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7C7A3393-3BA6-4441-A7DB-03A91E155BD5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7CAB16A3-61A0-42E6-A0C0-B799E5AEC172}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7CEE14EB-A531-4B2F-801B-AEF50E3516C7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7D0CFC0D-825C-4DD0-82D7-94621372028F}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{7F85CB35-2E3B-46A1-9477-6B5FBBAFE9D1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{80E40C0F-5742-494A-BAA1-DCE3A76744E4}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8215D36B-BEB9-4D94-B165-4E7961C0F4B5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{82BD0A3F-D2B7-4A3B-976C-8305925BD839}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{845E036C-9717-4793-8BC3-EC1F7655C64B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8511E110-38E1-4723-B7AB-B42963BC23A8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{88137E53-9B37-4264-B4BB-74EFD64E0A46}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{88D8202B-DB40-42B6-896A-08B1EE8395C1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8B9785F8-2B37-4869-836E-CB9048544623}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8BA8BAA1-7716-4B99-9705-0DC667683A57}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8D34DFEC-071C-4481-A9E5-5B64DE2D46DD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8E582D2D-F888-4A11-B8AC-0C73B31E3B2D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{8E83B554-A6B4-4D69-943F-D71A1EAD6261}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{90E18D2C-63D9-4F06-A4EF-6308C6ACCB7C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9158A561-E400-460F-A951-70C174D56FAF}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9212412B-1C78-4263-99E2-5F2191532F56}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{92152C9C-2C55-4C59-9400-7E16241904F3}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{92660549-F435-44CA-B8C7-0163F7699700}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{92B94AA5-1AC7-4F07-A7CE-E85C4E7A3CAE}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{943F8F27-C675-4107-A24B-0CB70EDFEEEA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{944752EE-9BC5-4E2E-90EE-6B0D8B6F5A7A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9541D4C8-C466-431C-9093-5A8E5327E21E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9577156D-B7A1-43D6-BE9C-0A1D52D13832}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{96A89D84-35D8-48CC-959A-D93597540A97}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{96D1D2D0-11CD-4E5D-B04B-18CC30AB6728}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{97052D52-DAE7-40D4-BFA8-3473637A44F8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{980A1E2A-E8B5-4D2D-A8C8-C75E9FE3E60D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9886BBD2-807E-4C8B-8080-6720F3F8E32B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{988DC4D0-2C7A-416E-ADFA-CB8BB1C78B57}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{98B0E5F5-CAC3-4F26-BF75-0F8948D326E2}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9A3B1B5B-B8F1-4EE6-B513-97CE6999D40D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9A81A8C6-1379-4131-AC75-EFED105D20DA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9B07864B-D70C-40F9-ADB3-B105F70A9AFB}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9C3E6405-E1C0-4B41-A3A1-4754B0BD83A3}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9E083E37-B95F-45BC-BA66-06766ADD1790}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9F712C97-0A36-4536-AB61-A930BE03FD34}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9F80CAE3-EEC5-438A-BC4B-9BCE4CD9F9CC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9F9E59A4-3C5F-4A83-A8FD-548CC958D0F4}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{9FAFC7F7-EE0B-4D12-AC63-2C5DE1935814}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A01671A0-9F8C-418C-87D3-5B91FCC625E2}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A0849111-AC12-4C82-8329-476EAFBE9C29}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A0FED878-81D5-4033-A55E-85271FB94E35}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A152015D-F6B4-439F-8A48-FCD90466968D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A2D9BAB1-BF1E-415D-820B-937B836287F0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A3B3AFE2-FDD6-4146-9251-2754BD24FCCE}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A58ED905-A9B5-4AD2-8D48-801DE1D6A0B9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A5982167-3DFE-43E6-B0DB-324175620E33}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A5F32725-A173-4AA0-A966-716DCBC5A69F}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A6B3A59C-A96B-4765-8A57-750B1511E531}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A6C2D13B-C878-4671-A4BC-E71C622FFB02}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A73999F4-8ABF-45B8-B37D-4A4F5D7FF158}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A7834B52-1FA7-4621-9C2B-A68E8728DC40}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A811A925-8A41-41BC-85FD-E9783564ACC9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{A8B39416-7420-488E-B2E5-46FF21E1FB3D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AA4EB846-BFBE-4901-ABC4-9B2FB2F5C012}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AAD822DD-B93B-4A8C-B984-6DF0675684F5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AC021124-6EA8-407D-A1EF-752435400184}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{ACE2F091-EB00-407D-B8C3-35A8AA4D3015}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AE385F3E-1A9E-41FF-8A27-2B67992BEAC8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AE442003-974C-4A29-B1B3-90E88DAE869C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AEA150A4-0A9B-466E-8C9C-39A8B9874E76}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AF7312A8-3187-44AF-95AD-8CD8B608BF78}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{AF808BC6-6CC6-4150-B29F-FB34F1103AA1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B0536BB7-09A5-44EA-B2A9-2DB517FC4DF0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B07A6EB4-8DB9-4960-B6BA-1B1DD4BF9293}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B09C988C-31F3-4019-9CFB-9FF2887923F9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B1340713-DDAE-43CA-A172-7095C454B8B6}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B6CB9163-6471-4437-A710-8FAD657C84CB}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B7DDE60D-7B18-4382-B664-73293011E372}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B85808A2-133C-4F01-8349-19162FC06D59}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B87077DF-13D7-4C54-B383-0D294DBA4633}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B90744E1-7057-4F76-8692-2343104E9E32}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B91B3E59-523C-4EF9-9FEE-0A05EE7F6BB6}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B9407552-E651-495F-9EA5-0E3302DC4C2C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{B992598C-A756-470A-8E7D-AFF8D3C35E09}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{BA00CFDB-CA89-49CC-8CA7-7870F992A282}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{BAAC4C59-3125-4B84-AA61-FF44AC4B6987}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{BB208F40-E93E-45B3-814D-CD14424D91E3}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{BE2CC8EE-F4AC-40C5-AEF9-3A68E7B10F07}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C0C2E8B8-02E5-4D8E-93C3-5AC594643B60}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C19493AD-AE59-49F3-9D71-7C370EB1996C}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C21C9CCA-7316-42B4-B33B-1E5782E459A4}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C272B53A-EB75-4D7A-85B7-B974AA9C8DC0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C337157C-B5E0-4ED9-A156-35B4EE5CE9CD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C7277FE6-0201-478A-9FA3-BF867C5D4498}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C792739D-87A6-4696-B54C-4AEFF2E12631}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C9086BF1-E837-4EB5-AA83-CEE3C1025016}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{C91F9742-E299-4E1F-BD42-594F836A1AED}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CA8F5C08-C145-4327-9774-5A12321B8AD8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CDB314F8-B4D1-430A-861A-E4CD6FB077F8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CE9BE473-306D-4DF2-86F4-645586386B48}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CEDA1868-72AA-4B72-BD6C-0EAA0A983876}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CEDF6B7E-EC6D-472A-8D60-82F9B38E42A7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CF358BE0-7F55-445B-B56B-D3FA638BE44B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{CFB2E1F0-67B2-4C13-886A-8F9E0DD0070B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D1B58476-CB46-4EA9-B5DF-D123EF04AB3B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D2FAE400-E707-4FE8-8DDD-CAE79CB92CBD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D481B89A-1A84-4158-8D5C-5DD78C4F51C1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D4874EEF-915E-4F8E-8544-4EB47592D634}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D4A9C7DB-9B4F-48E0-A8FD-D10FC4AE8C43}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D505FFE6-0E14-4A62-A9EF-B94EDF374C92}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D54BDD83-80BD-4138-98A5-148302AB61DD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D5D43160-2191-43C7-852E-ECCF05406878}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D78109B5-239F-4543-A071-640AB52CB925}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{D83F7674-AD7A-4D38-965B-56328E29FB9B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{DB54208A-43B6-41F4-8F28-5109F019886B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{DB6A5FED-74E3-4F89-896D-09E2570E216A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{DB7FE840-40EA-4B6F-BEB6-8DF3F4228077}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{DC9AD0C7-5F9D-411C-8EAC-43D2BADED1D7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{DCFACFD3-14D9-4344-9AAC-8B6AF35CB6E1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{E09F45A3-751C-4ED0-9426-6B324D2672BC}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{E657A28A-98E0-4AAC-95A9-411A5B97C1EA}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{E7018ED8-C83C-462D-80AF-AE896F47EA8B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{E75A0A87-0D02-4424-BFEC-219A05F5FE82}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{E944CFA6-6836-4378-8C00-C6875FA0C49B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{E990533E-B29B-4F71-AD82-5641CCCFDEB5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{EA00DACC-5B80-4118-91FB-D8CEF676B25B}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{EA985698-8CC2-46D6-977E-349B8AE11444}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{EC053512-29BB-4F12-8785-CD3421D3AE0E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{EE402600-B473-4FA6-BB5D-98AAB6AD81E4}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{EE6A2128-791D-441A-8D95-015CB4AADE10}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{EEB47032-85C6-46C4-BA26-E4DCA99E85B0}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F01A94AF-A6E7-4325-BDB6-307A25F24F0E}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F0C7DA89-7032-4799-AD87-30A47F8B2406}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F1552F99-AAAF-4E66-960E-3D1CA757CCFF}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F30AE291-83D1-429A-8F9A-D7B782E839C5}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F3257B6B-46F9-48A1-874A-0FC8CA796D99}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F3BED15E-0770-414B-9F97-BA21F37DE85A}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F48B4343-D5B0-44FF-8B07-F46DC3FE9EE9}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F49685EF-C64D-4E5A-98EB-ED28233CB240}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F521CC0D-B56F-472F-9EB8-0D3EA2B7FAEE}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F5EE9682-67F2-41C9-AE2E-AFF15E2BC7FD}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F8BA3F4D-92C5-4B9C-9EE2-0640E8AC4BC8}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{F979F42F-C169-4AB0-B989-C6C5B7314500}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FA01B3E3-044F-4EBA-B382-3F635C064932}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FAAF1FBE-962F-4D6C-955B-FDCFAB437833}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FBC2189D-981F-4F17-AF97-12AFF53310F1}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FC20C30F-1661-4718-BC2D-8E3B17A8E84D}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FE947857-B1D1-4344-8DC7-296664A9BB54}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FF387427-89A1-4AC8-AE1B-D89653D454B6}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FFADC360-5845-4510-859D-A3E4E2BB4AF7}
Successfully deleted: [Empty Folder] C:\Users\Martin\Appdata\Local\{FFBE169B-BBF8-4897-B63C-7F27C4E81272}



~~~ Chrome


[C:\Users\Martin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Martin\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Martin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Martin\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.10.2015 at 18:35:56,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:08-10-2015
durchgeführt von Martin (2015-10-09 18:39:50)
Gestartet von C:\Users\Martin\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2012-04-04 11:50:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2133417941-1419742229-307992088-500 - Administrator - Disabled)
Gast (S-1-5-21-2133417941-1419742229-307992088-501 - Limited - Enabled) => C:\Users\Gast
Gast 2 (S-1-5-21-2133417941-1419742229-307992088-1004 - Administrator - Enabled) => C:\Users\Gast 2
HomeGroupUser$ (S-1-5-21-2133417941-1419742229-307992088-1002 - Limited - Enabled)
Martin (S-1-5-21-2133417941-1419742229-307992088-1000 - Administrator - Enabled) => C:\Users\Martin
Natphimol (S-1-5-21-2133417941-1419742229-307992088-1005 - Limited - Enabled) => C:\Users\Natphimol
Papa (S-1-5-21-2133417941-1419742229-307992088-1003 - Limited - Enabled) => C:\Users\Papa

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
3D Kartenspiele - Skat Edition 1.0 (HKLM\...\{D0FA47E3-86B3-4F20-BFAA-ABC2027E56BD}_is1) (Version: 1.0 - rokapublish GmbH)
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Die Siedler 7 (HKLM\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
EasySaver B9.1214.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
e-Sword (HKLM\...\{319A3399-200D-4A89-BDC2-C55808D09298}) (Version: 10.03.0000 - Rick Meyers)
Etron USB3.0 Host Controller (Version: 0.104 - Etron Technology) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden
HP Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{A3875CED-8B9B-47F5-9AB9-0C36DD2D8D18}) (Version: 12.2.0.145 - Apple Inc.)
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{68489672-5569-0100-5868-390287226704}\InprocServer32 -> C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2133417941-1419742229-307992088-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll => Keine Datei

==================== Wiederherstellungspunkte =========================

18-09-2015 23:37:55 Windows Update
22-09-2015 12:02:36 Windows Update
25-09-2015 18:21:06 Windows Update
29-09-2015 22:11:22 Malwarebytes Anti-Rootkit Restore Point
30-09-2015 21:19:00 Windows Update
02-10-2015 23:28:17 ComboFix created restore point
06-10-2015 11:25:05 Windows Update
08-10-2015 14:52:37 Windows Update
09-10-2015 18:34:17 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2013-06-14 19:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {19CFA31F-B1E0-4655-AE25-1C2C66619A01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2F78FEB5-86C1-4097-A18A-73A5D8AF0499} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2133417941-1419742229-307992088-1004
Task: {39894BB2-6F0F-403C-AF1A-DBDD8E23471F} - System32\Tasks\{AD60EFBB-F19D-4554-8BCE-D9311BCE7247} => pcalua.exe -a "G:\Programme\Outlook Express\setup50.exe" -d "G:\Programme\Outlook Express"
Task: {5FBEC40B-A11A-40B0-A4A3-73B52D960952} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {6B0CE0D7-0FBC-4873-897C-A13F783A0F47} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24] (Facebook Inc.)
Task: {9E48622B-A382-48EE-955A-1DF135654DE1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-24] (Facebook Inc.)
Task: {A7DFF141-22FE-405B-B239-6161BC48C282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {C03040D1-8172-42E2-9BDF-6C3F551962C8} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D5501EE5-ACB8-4446-AF3D-428291AC34E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D72307FF-3833-4A3D-8FE6-76C8656DEFEE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2133417941-1419742229-307992088-1000
Task: {DA1B61CE-C215-4F0F-BE64-607AC9B596ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E88F4ED9-FD45-4A67-AE82-E10029385684} - System32\Tasks\Papa NBAgent 5 4 => C:\program files\nero\nero 10\nero backitup\NBAgent.exe [2010-03-26] (Nero AG)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core.job => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA.job => C:\Users\Natphimol\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-17 16:19 - 2012-05-05 15:13 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Martin\Desktop\fiasko.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Martin\Desktop\fiasko.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{4C11BA53-401D-42FA-B6EA-86497EA49D06}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/09/2015 06:31:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2015 04:30:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/09/2015 04:30:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/09/2015 04:30:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/09/2015 04:28:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2015 10:53:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (10/09/2015 10:53:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/09/2015 10:53:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (10/09/2015 10:50:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2015 08:36:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


Systemfehler:
=============
Error: (10/09/2015 06:34:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/09/2015 06:34:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SAMSUNG Mobile Connectivity Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FsUsbExService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ES lite Service for program management." wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/09/2015 06:34:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 3325.23 MB
Verfügbarer physikalischer RAM: 2298.3 MB
Summe virtueller Speicher: 6648.77 MB
Verfügbarer virtueller Speicher: 5600.99 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:339.46 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0009A0C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
durchgeführt von Martin (Administrator) auf MARTIN-PC (09-10-2015 18:39:21)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin & Papa & Gast 2 & Natphimol & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll Keine Datei
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-05-05]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Natphimol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-05-14]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-08-30]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{773459D0-783F-4BF8-91C0-9C473D5298BB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {1D524249-0171-476E-B159-E30154D509AD} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {AE1EB930-1F9C-4649-8F59-BA2F9A03D6B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {DAA24761-96F3-47F0-83F5-02E3EB434119} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {EE94B913-A440-4251-BFE6-0F1ABA012C11} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> ist aktiviert.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2133417941-1419742229-307992088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2133417941-1419742229-307992088-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-30] ()

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-30]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-30]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [Datei ist nicht signiert]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [44928 2011-07-29] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64256 2011-07-29] (Etron Technology Inc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [Datei ist nicht signiert]
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-10-09] (Windows (R) 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Martin\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-09 18:39 - 2015-10-09 18:39 - 00014316 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-09 18:38 - 2015-10-09 18:38 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2015-10-09 18:35 - 2015-10-09 18:35 - 00031776 _____ C:\Users\Martin\Desktop\JRT.txt
2015-10-09 18:33 - 2015-10-09 18:33 - 01798976 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe
2015-10-09 18:27 - 2015-10-09 18:28 - 00000000 ____D C:\AdwCleaner
2015-10-09 18:24 - 2015-10-09 18:24 - 01682432 _____ C:\Users\Martin\Desktop\adwcleaner_5.013.exe
2015-10-09 17:33 - 2015-10-09 17:33 - 00001207 _____ C:\Users\Martin\Desktop\MBAM.txt
2015-10-06 20:36 - 2015-10-09 16:55 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-06 20:36 - 2015-10-06 20:36 - 00001060 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-06 20:36 - 2015-10-06 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-06 20:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-06 20:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-06 20:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-06 20:35 - 2015-10-06 20:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-10-05 14:23 - 2015-10-05 14:23 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{BB005698-B9D2-4DD1-81E3-43E382A5CB63}
2015-10-03 19:31 - 2015-10-03 19:32 - 00000000 ____D C:\Users\Papa\AppData\Local\{82281B9A-C11B-4C87-A295-F74165AD13AD}
2015-10-03 17:12 - 2015-10-03 17:12 - 06805040 _____ C:\Users\Natphimol\Downloads\video-1443870135.mp4.mp4
2015-10-02 23:44 - 2015-10-02 23:44 - 00014046 _____ C:\ComboFix.txt
2015-10-02 23:28 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-02 23:28 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-02 23:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-02 23:27 - 2015-10-02 23:44 - 00000000 ____D C:\Qoobox
2015-10-02 23:25 - 2015-10-02 23:25 - 05636125 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe
2015-09-29 21:25 - 2015-09-30 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-29 21:23 - 2015-09-30 22:10 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-09-29 21:21 - 2015-09-29 21:14 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Martin\Desktop\tdsskiller.exe
2015-09-29 21:21 - 2015-09-29 21:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Martin\Desktop\mbar-1.09.3.1001.exe
2015-09-29 14:45 - 2015-09-29 14:45 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{A51C6DAD-DE4C-495A-A7AD-5EFDC3E76F60}
2015-09-26 14:07 - 2015-09-26 14:07 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{8BBB6791-64D4-47E4-9F4D-EC3DFDCA1EBD}
2015-09-26 14:05 - 2015-09-26 14:05 - 00166816 _____ C:\Windows\Minidump\092615-32573-01.dmp
2015-09-25 18:29 - 2015-10-09 18:38 - 01698304 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2015-09-25 18:24 - 2015-09-25 18:49 - 00000000 ____D C:\Users\Martin\Desktop\Virus
2015-09-24 19:33 - 2015-09-24 19:33 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{4C95E2AF-49F7-4BD8-A6CC-86C4BF20CC62}
2015-09-23 20:06 - 2015-09-23 20:06 - 00641064 _____ C:\Windows\Minidump\092315-35942-01.dmp
2015-09-21 13:10 - 2015-09-21 13:10 - 00000000 ____D C:\Users\Papa\AppData\Local\{FE6DE9CE-1DCF-4229-B75D-8883AD3A9744}
2015-09-20 10:18 - 2015-09-20 10:19 - 00000752 _____ C:\Users\Martin\Desktop\Problem PC 20.09.2015.txt
2015-09-20 10:16 - 2015-09-20 10:16 - 01133296 _____ C:\Windows\Minidump\092015-24414-01.dmp
2015-09-15 23:18 - 2015-09-15 23:18 - 00001210 _____ C:\Users\Martin\Desktop\150915.txt
2015-09-13 20:47 - 2015-09-13 20:47 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{D0F7DCE4-82D5-447F-B50F-12A9D5ADC16A}
2015-09-12 14:49 - 2015-09-12 14:50 - 00000000 ____D C:\Users\Papa\AppData\Local\{7272F3D3-E445-4B88-AC73-6746CE3EF366}
2015-09-09 19:48 - 2015-09-09 19:48 - 00000000 ____D C:\Users\Papa\AppData\Local\{8A911815-9B2D-4575-87B7-A6597D9C0CE4}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-09 18:39 - 2013-03-26 21:36 - 00000000 ____D C:\FRST
2015-10-09 18:37 - 2012-04-04 20:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 18:34 - 2009-07-14 06:34 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 18:34 - 2009-07-14 06:34 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 18:33 - 2012-04-04 13:40 - 01647703 _____ C:\Windows\WindowsUpdate.log
2015-10-09 18:30 - 2012-04-04 15:50 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 18:30 - 2012-04-04 14:01 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-10-09 18:30 - 2012-04-04 13:53 - 00000144 _____ C:\service.log
2015-10-09 18:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 18:30 - 2009-07-14 06:39 - 00189261 _____ C:\Windows\setupact.log
2015-10-09 18:21 - 2014-04-24 15:16 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA.job
2015-10-09 17:51 - 2012-04-04 15:50 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 16:30 - 2010-11-20 23:01 - 00006292 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-09 10:49 - 2015-06-12 20:47 - 00000000 ___RD C:\Users\Natphimol\iCloudDrive
2015-10-08 20:40 - 2015-04-05 22:33 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 11:49 - 2010-11-20 23:48 - 00827292 _____ C:\Windows\PFRO.log
2015-10-06 21:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-10-03 15:20 - 2014-04-24 15:16 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core.job
2015-10-02 23:42 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-10-02 23:27 - 2013-06-14 19:22 - 00000000 ____D C:\Windows\erdnt
2015-10-02 23:26 - 2013-06-11 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
2015-09-29 22:19 - 2012-04-04 15:49 - 00000000 ____D C:\Users\Martin\AppData\Local\Google
2015-09-29 14:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 18:25 - 2012-04-05 14:39 - 00000000 ____D C:\Users\Papa\AppData\Local\Google
2015-09-27 11:31 - 2013-05-01 16:53 - 00000000 ____D C:\Users\Natphimol\AppData\Local\Google
2015-09-26 14:05 - 2012-04-24 19:47 - 334396311 _____ C:\Windows\MEMORY.DMP
2015-09-26 14:05 - 2012-04-24 19:47 - 00000000 ____D C:\Windows\Minidump
2015-09-23 13:37 - 2012-04-04 20:25 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-23 13:37 - 2012-04-04 20:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 14:41 - 2012-05-19 16:01 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Apple Computer
2015-09-15 22:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 10:46 - 2009-07-14 06:33 - 00286992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 10:44 - 2011-04-12 03:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 10:44 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-07-05 21:28 - 2012-07-05 21:28 - 0005632 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-07 09:46 - 2012-04-07 13:44 - 0000711 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\Martin\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-06 20:55

==================== Ende vom FRST.txt ============================
         

Alt 10.10.2015, 00:10   #12
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.10.2015, 20:14   #13
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Hi Schrauber,

jetzt ist das Problem plötzlich wieder neu aufgetaucht. Soll ich wie oben beschrieben weiter machen ?

Hier ein neues FRST :

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
durchgeführt von Martin (Administrator) auf MARTIN-PC (12-10-2015 21:09:22)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin & Papa & Gast 2 & Natphimol & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10807912 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Martin\AppData\Local\Temp\lekcipepqgottoeww.dll Keine Datei
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-05-05]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Natphimol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-05-14]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-08-30]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{773459D0-783F-4BF8-91C0-9C473D5298BB}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2133417941-1419742229-307992088-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {1D524249-0171-476E-B159-E30154D509AD} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {AE1EB930-1F9C-4649-8F59-BA2F9A03D6B8} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {DAA24761-96F3-47F0-83F5-02E3EB434119} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> {EE94B913-A440-4251-BFE6-0F1ABA012C11} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)
IE Session Restore: HKU\S-1-5-21-2133417941-1419742229-307992088-1000 -> ist aktiviert.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH)

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2133417941-1419742229-307992088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2133417941-1419742229-307992088-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-30] ()

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-30]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-30]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-30]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-04-18] (Teruten) [Datei ist nicht signiert]
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Datei ist nicht signiert]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [44928 2011-07-29] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64256 2011-07-29] (Etron Technology Inc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-04-18] () [Datei ist nicht signiert]
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-10-12] (Windows (R) 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Martin\AppData\Local\Temp\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-12 21:02 - 2015-10-12 21:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{83034054-7BD4-49E9-ABCF-1D7EE9309474}
2015-10-12 21:00 - 2015-10-12 21:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{3C162D44-4AE1-4B37-920B-D9FCB8A745F4}
2015-10-11 19:09 - 2015-10-11 19:09 - 00000000 ____D C:\Users\Papa\AppData\Local\{E256B3F5-6EEE-421B-8F74-89CE158B498C}
2015-10-11 11:12 - 2015-10-11 11:12 - 00000000 ____D C:\Users\Martin\AppData\Local\{CA4CFF50-3144-460B-874F-4FCBAA4C632C}
2015-10-10 17:01 - 2015-10-10 17:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{76BB2C04-D195-405D-9162-F17A7A73FE1F}
2015-10-09 18:39 - 2015-10-12 21:09 - 00012136 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-09 18:39 - 2015-10-09 18:40 - 00026118 _____ C:\Users\Martin\Desktop\Addition.txt
2015-10-09 18:38 - 2015-10-09 18:38 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2015-10-09 18:35 - 2015-10-09 18:35 - 00031776 _____ C:\Users\Martin\Desktop\JRT.txt
2015-10-09 18:33 - 2015-10-09 18:33 - 01798976 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe
2015-10-09 18:27 - 2015-10-09 18:28 - 00000000 ____D C:\AdwCleaner
2015-10-09 18:24 - 2015-10-09 18:24 - 01682432 _____ C:\Users\Martin\Desktop\adwcleaner_5.013.exe
2015-10-09 17:33 - 2015-10-09 17:33 - 00001207 _____ C:\Users\Martin\Desktop\MBAM.txt
2015-10-06 20:36 - 2015-10-09 16:55 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-06 20:36 - 2015-10-06 20:36 - 00001060 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-06 20:36 - 2015-10-06 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-06 20:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-06 20:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-06 20:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-06 20:35 - 2015-10-06 20:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-10-05 14:23 - 2015-10-05 14:23 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{BB005698-B9D2-4DD1-81E3-43E382A5CB63}
2015-10-03 19:31 - 2015-10-03 19:32 - 00000000 ____D C:\Users\Papa\AppData\Local\{82281B9A-C11B-4C87-A295-F74165AD13AD}
2015-10-03 17:12 - 2015-10-03 17:12 - 06805040 _____ C:\Users\Natphimol\Downloads\video-1443870135.mp4.mp4
2015-10-02 23:44 - 2015-10-02 23:44 - 00014046 _____ C:\ComboFix.txt
2015-10-02 23:28 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-02 23:28 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-02 23:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-02 23:28 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-02 23:27 - 2015-10-02 23:44 - 00000000 ____D C:\Qoobox
2015-10-02 23:25 - 2015-10-02 23:25 - 05636125 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe
2015-09-29 21:25 - 2015-09-30 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-29 21:23 - 2015-09-30 22:10 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-09-29 21:21 - 2015-09-29 21:14 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Martin\Desktop\tdsskiller.exe
2015-09-29 21:21 - 2015-09-29 21:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Martin\Desktop\mbar-1.09.3.1001.exe
2015-09-29 14:45 - 2015-09-29 14:45 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{A51C6DAD-DE4C-495A-A7AD-5EFDC3E76F60}
2015-09-26 14:07 - 2015-09-26 14:07 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{8BBB6791-64D4-47E4-9F4D-EC3DFDCA1EBD}
2015-09-26 14:05 - 2015-09-26 14:05 - 00166816 _____ C:\Windows\Minidump\092615-32573-01.dmp
2015-09-25 18:29 - 2015-10-09 18:38 - 01698304 _____ (Farbar) C:\Users\Martin\Desktop\FRST.exe
2015-09-25 18:24 - 2015-09-25 18:49 - 00000000 ____D C:\Users\Martin\Desktop\Virus
2015-09-24 19:33 - 2015-09-24 19:33 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{4C95E2AF-49F7-4BD8-A6CC-86C4BF20CC62}
2015-09-23 20:06 - 2015-09-23 20:06 - 00641064 _____ C:\Windows\Minidump\092315-35942-01.dmp
2015-09-21 13:10 - 2015-09-21 13:10 - 00000000 ____D C:\Users\Papa\AppData\Local\{FE6DE9CE-1DCF-4229-B75D-8883AD3A9744}
2015-09-20 10:18 - 2015-09-20 10:19 - 00000752 _____ C:\Users\Martin\Desktop\Problem PC 20.09.2015.txt
2015-09-20 10:16 - 2015-09-20 10:16 - 01133296 _____ C:\Windows\Minidump\092015-24414-01.dmp
2015-09-15 23:18 - 2015-09-15 23:18 - 00001210 _____ C:\Users\Martin\Desktop\150915.txt
2015-09-13 20:47 - 2015-09-13 20:47 - 00000000 ____D C:\Users\Natphimol\AppData\Local\{D0F7DCE4-82D5-447F-B50F-12A9D5ADC16A}
2015-09-12 14:49 - 2015-09-12 14:50 - 00000000 ____D C:\Users\Papa\AppData\Local\{7272F3D3-E445-4B88-AC73-6746CE3EF366}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-12 21:09 - 2013-03-26 21:36 - 00000000 ____D C:\FRST
2015-10-12 21:07 - 2009-07-14 06:34 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-12 21:07 - 2009-07-14 06:34 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-12 21:04 - 2010-11-20 23:01 - 00006292 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-12 20:59 - 2012-04-04 15:50 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-12 20:59 - 2012-04-04 14:01 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-10-12 20:59 - 2012-04-04 13:53 - 00000144 _____ C:\service.log
2015-10-12 20:59 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-12 20:59 - 2009-07-14 06:39 - 00189765 _____ C:\Windows\setupact.log
2015-10-12 13:59 - 2012-04-04 13:40 - 01758368 _____ C:\Windows\WindowsUpdate.log
2015-10-12 13:51 - 2012-04-04 15:50 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-12 13:37 - 2012-04-04 20:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-12 12:32 - 2015-06-12 20:47 - 00000000 ___RD C:\Users\Natphimol\iCloudDrive
2015-10-09 18:21 - 2014-04-24 15:16 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005UA.job
2015-10-08 20:40 - 2015-04-05 22:33 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 11:49 - 2010-11-20 23:48 - 00827292 _____ C:\Windows\PFRO.log
2015-10-06 21:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-10-03 15:20 - 2014-04-24 15:16 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2133417941-1419742229-307992088-1005Core.job
2015-10-02 23:42 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-10-02 23:27 - 2013-06-14 19:22 - 00000000 ____D C:\Windows\erdnt
2015-10-02 23:26 - 2013-06-11 20:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
2015-09-29 22:19 - 2012-04-04 15:49 - 00000000 ____D C:\Users\Martin\AppData\Local\Google
2015-09-29 14:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 18:25 - 2012-04-05 14:39 - 00000000 ____D C:\Users\Papa\AppData\Local\Google
2015-09-27 11:31 - 2013-05-01 16:53 - 00000000 ____D C:\Users\Natphimol\AppData\Local\Google
2015-09-26 14:05 - 2012-04-24 19:47 - 334396311 _____ C:\Windows\MEMORY.DMP
2015-09-26 14:05 - 2012-04-24 19:47 - 00000000 ____D C:\Windows\Minidump
2015-09-23 13:37 - 2012-04-04 20:25 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-23 13:37 - 2012-04-04 20:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 14:41 - 2012-05-19 16:01 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Apple Computer
2015-09-15 22:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-07-05 21:28 - 2012-07-05 21:28 - 0005632 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-07 09:46 - 2012-04-07 13:44 - 0000711 _____ () C:\ProgramData\hpzinstall.log

Einige Dateien in TEMP:
====================
C:\Users\Martin\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-06 20:55

==================== Ende vom FRST.txt ============================
         

Alt 13.10.2015, 18:14   #14
schrauber
/// the machine
/// TB-Ausbilder
 

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Standard

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Ja bitte noch den ESET Scan machen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.10.2015, 22:30   #15
mymo22
 
mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Icon22

mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c6313841625624f86808746bcdff69d
# end=init
# utc_time=2015-10-13 07:47:39
# local_time=2015-10-13 09:47:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=45315
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=45315
Update Finalize
Updated modules version: 0
Old modules - delete modules
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=45315
Update Finalize
Updated modules version: 0
'Can not update to actual engine, exiting
Update Init
Update Download
Update Finalize
Updated modules version: 26219
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c6313841625624f86808746bcdff69d
# end=updated
# utc_time=2015-10-13 07:52:05
# local_time=2015-10-13 09:52:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7c6313841625624f86808746bcdff69d
# engine=26219
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-13 09:04:22
# local_time=2015-10-13 11:04:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 361450 196401453 0 0
# scanned=248496
# found=0
# cleaned=0
# scan_time=4336
         

Antwort

Themen zu mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"
adresse, adressen, betrieb, danke, danke., datei, email, frage, hilfe, important, important message, kontakte, live, meinem, message, nachname, please, private, sichtbar, visit, windows, windows live, windows live mail



Ähnliche Themen: mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"


  1. Windows 10, Mail an eigene Kontakte mit "FW: new message"
    Plagegeister aller Art und deren Bekämpfung - 21.10.2015 (10)
  2. Mail Accounts Missbraucht - senden "Hey! Important message, please visit..."
    Plagegeister aller Art und deren Bekämpfung - 09.10.2015 (22)
  3. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  11. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  12. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  15. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. standig Meldung bekommen "Alert Message!!!"
    Überwachung, Datenschutz und Spam - 02.05.2006 (16)

Zum Thema mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" - Hallo, beim Betrieb mit meinem PC kommt zwischendurch die Frage ob die Datei : "js/js Mahtong" geöffnet werden soll. Dann bekommen ca. 20-30 private Email Adressen von meinem Windows Live - mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"...
Archiv
Du betrachtest: mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.